initial commit

432 files changed, 66563 insertions, 0 deletions

diff --git a/moaSig/build.gradle b/moaSig/build.gradle
new file mode 100644
index 0000000..951632c
--- /dev/null
+++ b/moaSig/build.gradle
@@ -0,0 +1,22 @@
+subprojects {
+    apply plugin: 'java'
+    apply plugin: 'eclipse'
+
+    repositories {
+       mavenCentral()
+    }
+
+    dependencies {
+        testCompile 'junit:junit:4.8.2'
+    }
+
+    version = '1.0'
+
+    jar {
+        manifest.attributes provider: 'my cool company'
+    }
+}
+
+task wrapper(type: Wrapper) {
+    gradleVersion = '2.8'
+}
\ No newline at end of file
diff --git a/moaSig/common/build.gradle b/moaSig/common/build.gradle
new file mode 100644
index 0000000..998ccbe
--- /dev/null
+++ b/moaSig/common/build.gradle
@@ -0,0 +1,10 @@
+dependencies {
+	compile files('../libs/iaik_jce_full.jar')
+
+	compile 'org.slf4j:slf4j-api:1.7.12'
+	compile 'xerces:xercesImpl:2.11.0'
+	compile 'xalan:xalan:2.7.2'
+	compile 'joda-time:joda-time:2.8.2'
+	compile 'jaxen:jaxen:1.1.6'
+}
+
diff --git a/moaSig/common/src/main/java/META-INF/MANIFEST.MF b/moaSig/common/src/main/java/META-INF/MANIFEST.MF
new file mode 100644
index 0000000..5e94951
--- /dev/null
+++ b/moaSig/common/src/main/java/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0

+Class-Path: 

+

diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
new file mode 100644
index 0000000..51667f0
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.logging;
+
+/**
+ * A unified message type to log messages from inside the MOA subsystem.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class LogMsg {
+  /** The message to log. */
+  private Object message;
+
+  /**
+   * Create a <code>LogMsg</code> object.
+   * 
+   * @param message The actual message to log. May be <code>null</code>. 
+   */
+  public LogMsg(Object message) {
+    this.message = message;
+  }
+
+  /**
+   * Convert this log message to a <code>String</code>.
+   * 
+   * @return The <code>String</code> representation of this log message. 
+   */
+  public String toString() {
+    StringBuffer msg = new StringBuffer();
+    LoggingContext ctx =
+      LoggingContextManager.getInstance().getLoggingContext();
+    String tid = ctx != null ? ctx.getTransactionID() : null;
+    String nodeId = ctx != null ? ctx.getNodeID() : null;
+    
+    msg.append("TID=");
+    msg.append(tid != null ? tid : "<null>");
+    msg.append(" NID=");
+    msg.append(nodeId != null ? nodeId : "<null>");
+    msg.append(" MSG=");
+    msg.append(message != null ? message.toString() : "<null>");
+
+    return msg.toString();
+  }
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java
new file mode 100644
index 0000000..7cb2e7d
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java
@@ -0,0 +1,230 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.logging;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * A utility class acting as a facade to the logging subsystem.
+ * 
+ * Configure the logging defaultHierarchy that the <code>Logger</code> uses by
+ * calling <code>setHierarchy</code> once before calling any of the logging
+ * output functions.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class Logger {
+  
+  /**
+   * Set the default hierarchy to which the <code>Logger</code> should send its
+   * logging output.
+   * @param hierarchy The logging defaultHierarchy.
+   */
+  public static void setHierarchy(String hierarchy) {
+	  // there is no need for that anymore
+  }
+
+
+  /** The Constant instances. */
+  private static final Map<String, org.slf4j.Logger> instances = new HashMap<String, org.slf4j.Logger>();
+
+  /**
+   * Gets the logger.
+   *
+   * @return the logger
+   */
+  private static synchronized org.slf4j.Logger getLogger() {
+	  StackTraceElement[] stacktrace = Thread.currentThread().getStackTrace();
+
+	  int i;
+	  for(i = 2; i < stacktrace.length; i++)
+          if(!stacktrace[i].getClassName().equals(Logger.class.getName()))
+              break;
+
+      String className = stacktrace[i].getClassName();
+
+      org.slf4j.Logger logger = instances.get(className);
+      if (logger != null) {
+          return logger;
+      }
+
+      logger = org.slf4j.LoggerFactory.getLogger(className);
+      instances.put(className, logger);
+
+      return logger;
+  }
+  
+  /**
+   * Prepare the message for printing it as string.
+   * <p>Mainly introduce because the <code>message</code> might be <code>null</code>. 
+   *
+   * @param message the message
+   * @return the string
+   */
+  private static String prepareMessage(Object message) {
+      if(null == message)
+          return "no message given";
+      return message.toString();
+  }
+  
+  /**
+   * Test, if the trace log level is enabled.
+   * 
+   * @return boolean <code>true</code>, if tracing output is enabled
+   * <code>false</code> otherwise.
+   */
+  public static boolean isTraceEnabled() {
+		org.slf4j.Logger logger = getLogger();
+		return logger.isTraceEnabled();
+  }
+  
+  /**
+   * Test, if the trace log level is enabled for a given hierarchy.
+   * 
+   * @param hierarchy requested log hierarchy
+   * @return boolean <code>true</code>, if tracing output is enabled
+   * <code>false</code> otherwise.
+   */
+  public static boolean isTraceEnabled(String hierarchy) {
+		org.slf4j.Logger logger = getLogger();
+		return logger.isTraceEnabled();
+  }
+  
+  /**
+   * Trace a message.
+   * 
+   * @param message The message to trace.
+   */
+  public static void trace(Object message) {
+		org.slf4j.Logger logger = getLogger();
+		logger.trace(prepareMessage(message));
+  }
+  
+  /**
+   * Test, if the debug log level is enabled.
+   * 
+   * @return boolean <code>true</code>, if debug output is enabled
+   * <code>false</code> otherwise.
+   */
+  public static boolean isDebugEnabled() {
+		org.slf4j.Logger logger = getLogger();
+		return logger.isDebugEnabled();
+  }
+  
+  /**
+   * Test, if the debug log level is enabled for a given hierarchy.
+   * 
+   * @param hierarchy requested log hierarchy
+   * @return boolean <code>true</code>, if debug output is enabled
+   * <code>false</code> otherwise.
+   */
+  public static boolean isDebugEnabled(String hierarchy) {
+		org.slf4j.Logger logger = getLogger();
+		return logger.isDebugEnabled();
+  }
+  
+  /**
+   * Log a debug message.
+   * 
+   * @param message The message to log.
+   */
+  public static void debug(Object message) {
+		org.slf4j.Logger logger = getLogger();
+		logger.debug(prepareMessage(message));
+  }
+
+/**
+   * Log an info message.
+   * 
+   * @param message The message to log.
+   */
+  public static void info(Object message) {
+		org.slf4j.Logger logger = getLogger();
+		logger.info(prepareMessage(message));
+  }
+  
+  /**
+   * Log a warning message.
+   * 
+   * @param message The message to log.
+   */
+  public static void warn(Object message) {
+		org.slf4j.Logger logger = getLogger();
+		logger.warn(prepareMessage(message));
+  }
+
+  /**
+   * Log a warning message.
+   * 
+   * @param message The message to log.
+   * @param t An exception that may be the cause of the warning.
+   */
+  public static void warn(Object message, Throwable t) {
+		org.slf4j.Logger logger = getLogger();
+		logger.warn(prepareMessage(message), t);
+  }
+  
+  /**
+   * Log an error message.
+   * 
+   * @param message The message to log.
+   */
+  public static void error(Object message) {
+		org.slf4j.Logger logger = getLogger();
+		logger.error(prepareMessage(message));
+  }
+
+  /**
+   * Log an error message.
+   * 
+   * @param message The message to log.
+   * @param t An exception that may be the cause of the error.
+   */
+  public static void error(Object message, Throwable t) {
+		org.slf4j.Logger logger = getLogger();
+		logger.error(prepareMessage(message), t);
+  }
+  
+  /**
+   * Log a fatal error message.
+   * 
+   * @param message The message to log.
+   */
+  public static void fatal(Object message) {
+		error(message);
+  }
+
+  /**
+   * Log a fatal error message.
+   * 
+   * @param message The message to log.
+   * @param t An exception that may be the cause of the error.
+   */
+  public static void fatal(Object message, Throwable t) {
+		error(message, t);
+  }
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java
new file mode 100644
index 0000000..db4b93a
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.logging;
+
+/**
+ * Encapsulates contextual information (i.e. per request information) for
+ * logging purposes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class LoggingContext {
+  /** The name of the node ID system property. */
+  public static final String NODE_ID_PROPERTY = "moa.node-id";
+  
+  /** The current transaction ID. */
+  private String transactionID;
+  /** The node ID. */
+  private String nodeID;
+  
+  /**
+   * Create a new <code>LoggingContext</code>.
+   * 
+   * @param transactionID The transaction ID. May be <code>null</code>.
+   */
+  public LoggingContext(String transactionID) {
+    this.transactionID = transactionID;
+    this.nodeID = System.getProperty(NODE_ID_PROPERTY);
+  }
+  
+  /**
+   * Return the transaction ID.
+   * 
+   * @return The transaction ID.
+   */
+  public String getTransactionID() {
+    return transactionID;
+  }
+  
+  /**
+   * Return the node ID.
+   * 
+   * @return The node ID.
+   */
+  public String getNodeID() {
+    return nodeID;
+  }
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
new file mode 100644
index 0000000..f0d7b4c
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.logging;
+
+/**
+ * Provides each thread with a single instance of <code>LoggingContext</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class LoggingContextManager {
+  /** The single instance of this class. */
+  private static LoggingContextManager instance = null;
+  
+  /** The <code>LoggingContext</code> for each thread. */
+  private ThreadLocal context;
+  
+  /**
+   * Get the single instance of the <code>LoggingContextManager</code> class.
+   * 
+   * @return LoggingContextManager The single instance.
+   */
+  public static synchronized LoggingContextManager getInstance() {
+    if (instance == null) {
+      instance = new LoggingContextManager();
+    }
+    return instance;
+  }
+  
+  /**
+   * Creates a new <code>LoggingContextManager</code>.
+   * 
+   * Protected to disallow direct instantiation.
+   */
+  protected LoggingContextManager() {
+    context = new ThreadLocal();
+  }
+  
+  /**
+   * Set the <code>LoggingContext</code> context for the current thread.
+   * 
+   * @param ctx The <code>LoggingContext</code> for the current thread.
+   */
+  public void setLoggingContext(LoggingContext ctx) {
+    context.set(ctx);
+  }
+  
+  /**
+   * Return the <code>LoggingContext</code> for the current thread.
+   * 
+   * @return LoggingContext The <code>LoggingContext</code> for the current
+   * thread, or <code>null</code> if none has been set.
+   */
+  public LoggingContext getLoggingContext() {
+    return (LoggingContext) context.get();
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Base64Utils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Base64Utils.java
new file mode 100644
index 0000000..66bf503
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Base64Utils.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+
+import iaik.utils.Base64InputStream;
+import iaik.utils.Base64OutputStream;
+
+/**
+ * Utitility functions for encoding/decoding Base64 strings.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class Base64Utils {
+
+  /**
+   * Read the bytes encoded in a Base64 encoded <code>String</code>. 
+   * 
+   * @param base64String The <code>String</code> containing the Base64 encoded
+   * bytes.
+   * @param ignoreInvalidChars Whether to ignore invalid Base64 characters.
+   * @return byte[] The raw bytes contained in the <code>base64String</code>.
+   * @throws IOException Failed to read the Base64 data.
+   */
+  public static byte[] decode(String base64String, boolean ignoreInvalidChars, String encoding)
+    throws IOException {
+
+    Base64InputStream in =
+      new Base64InputStream(
+        new ByteArrayInputStream(base64String.getBytes(encoding)),
+        ignoreInvalidChars);
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    byte[] bytes = new byte[256];
+    int bytesRead;
+
+    while ((bytesRead = in.read(bytes)) > 0) {
+      out.write(bytes, 0, bytesRead);
+    }
+    in.close();
+    
+    return out.toByteArray();
+  }
+
+  public static byte[] decode(String base64String, boolean ignoreInvalidChars) throws IOException {
+	  return decode(base64String, ignoreInvalidChars, "UTF-8");
+  }
+  
+  /**
+   * Read the bytes encoded in a Base64 encoded <code>String</code> and provide
+   * them via an <code>InputStream</code>.
+   * 
+   * @param base64String The <code>String</code> containing the Base64 encoded
+   * bytes.
+   * @param ignoreInvalidChars Whether to ignore invalid Base64 characters.
+   * @return The <code>InputStream</code> from which the binary content of the
+   * <code>base64String</code> can be read.
+   */
+  public static InputStream decodeToStream(
+    String base64String,
+    boolean ignoreInvalidChars,
+    String encoding) {
+
+    try {
+      ByteArrayInputStream bin = 
+        new ByteArrayInputStream(base64String.getBytes(encoding));
+      Base64InputStream in = new Base64InputStream(bin, ignoreInvalidChars);
+      
+      return in;
+    } catch (UnsupportedEncodingException e) {
+      // cannot occur, since UTF-8 is required to be supported by every JRE
+      return null; 
+    }
+  }
+
+  public static InputStream decodeToStream(
+		    String base64String,
+		    boolean ignoreInvalidChars) {
+	  return decodeToStream(base64String, ignoreInvalidChars, "UTF-8");
+	  
+  }
+  
+  /**
+   * Convert a byte array to a Base64 encoded <code>String</code>.
+   * 
+   * @param bytes The bytes to encode.
+   * @return String The Base64 encoded representation of the <code>bytes</code>.
+   * @throws IOException Failed to write the bytes as Base64 data.
+   */
+  public static String encode(byte[] bytes) throws IOException {
+    return encode(new ByteArrayInputStream(bytes), "UTF-8");
+  }
+
+  public static String encode(byte[] bytes, String encoding) throws IOException {
+	    return encode(new ByteArrayInputStream(bytes), encoding);
+	  }
+  
+  public static String encode(InputStream inputStream) throws IOException {
+	  return encode(inputStream, "UTF-8");
+  }
+  /**
+   * Convert the data contained in the given stream to a Base64 encoded
+   * <code>String</code>.
+   * 
+   * @param inputStream The stream containing the data to encode.
+   * @return The Base64 encoded data of <code>inputStream</code>, as a 
+   * <code>String</code>.
+   * @throws IOException Failed to convert the data in the stream.
+   */
+  public static String encode(InputStream inputStream, String encoding) throws IOException {
+    ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
+    Base64OutputStream base64Stream = new Base64OutputStream(byteStream, "\n".getBytes());
+    byte[] bytes = new byte[256];
+    int bytesRead;
+
+    while ((bytesRead = inputStream.read(bytes)) > 0) {
+      base64Stream.write(bytes, 0, bytesRead);
+    }
+    base64Stream.flush();
+    base64Stream.close();
+    inputStream.close();
+
+    return byteStream.toString(encoding);
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/BoolUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/BoolUtils.java
new file mode 100644
index 0000000..492aca9
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/BoolUtils.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+/**
+ * Utility class for parsing XML schema boolean values.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class BoolUtils {
+  
+  /**
+   * Return the boolean value of an <code>xsd:boolean</code> type of DOM 
+   * element/attribute.
+   * 
+   * @param boolStr The value of the <code>xsd:boolean</code> element/attribute.
+   * @return <code>true</code>, if <code>boolStr</code> equals 
+   * <code>&quot;true&quot;</code> or <code>&quot;1;&quot;</code>. Otherwise,
+   * <code>false</code> is returned.
+   */
+  public static boolean valueOf(String boolStr) {
+    return "true".equals(boolStr) || "1".equals(boolStr);
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/CollectionUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/CollectionUtils.java
new file mode 100644
index 0000000..8597e1e
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/CollectionUtils.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * Various utility methods for dealing with <code>java.util.Collection</code> 
+ * classes. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CollectionUtils {
+  
+  /**
+   * Convert a <code>List</code> of <code>Number</code> objects to an 
+   * <code>int</code> array.
+   * 
+   * @param nums The <code>List</code> containing the numbers whose integer
+   * value to put into the result. 
+   * @return The <code>int</code> values of the <code>Number</code>s contained
+   * in <code>nums</code>.
+   */
+  public static int[] toIntArray(List nums) {
+    int[] result = new int[nums.size()];
+    Iterator iter;
+    int i;
+    
+    for (i = 0, iter = nums.iterator(); iter.hasNext(); i++) {
+      Number num = (Number) iter.next();
+      result[i] = num.intValue();
+    }
+    
+    return result;
+  }
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
new file mode 100644
index 0000000..e288cfe
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -0,0 +1,504 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.util.HashMap;
+
+/**
+ * Contains various constants used throughout the system.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface Constants {
+  /** Root location of the schema files. */
+  public static final String SCHEMA_ROOT = "/resources/schemas/";
+
+  /** URI of the Widerrufregister XML namespace. */
+  public static final String WRR_NS_URI =
+    "http://reference.e-government.gv.at/namespace/moavv/20041223";
+
+  /** Prefix used for the Widerrufregister XML namespace */
+  public static final String WRR_PREFIX = "wrr";
+
+  /** URI of the StandardTextBlock XML namespace. */
+  public static final String STB_NS_URI =
+    "http://reference.e-government.gv.at/namespace/standardtextblock/20041105#";
+
+  /** Prefix used for the standard text block XML namespace */
+  public static final String STB_PREFIX = "stb";
+
+  /** URI of the MOA XML namespace. */
+  public static final String MOA_NS_URI =
+    "http://reference.e-government.gv.at/namespace/moa/20020822#";
+
+  /** Name of the mandates infobox */
+  public static final String INFOBOXIDENTIFIER_MANDATES = "Mandates";
+
+  /** Prefix used for the Mandate XML namespace */
+  public static final String MD_PREFIX = "md";
+
+  /** URI of the Mandate XML namespace. */
+  public static final String MD_NS_URI =
+    "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+
+  /** Prefix used for the Mandate XML namespace */
+  public static final String MVV_PREFIX = "mvv";
+
+  /** URI of the Mandate XML namespace. */
+  public static final String MVV_NS_URI =
+    "http://reference.e-government.gv.at/namespace/moavv/app2mvv/20041125";
+
+  /** Prefix used for the MandateCheckProfile XML namespace */
+  public static final String MDP_PREFIX = "mdp";
+
+  /** URI of the Mandate XML namespace. */
+  public static final String MDP_NS_URI =
+    "http://reference.e-government.gv.at/namespace/mandateprofile/20041105#";
+
+  /** Prefix used for the MOA XML namespace */
+  public static final String MOA_PREFIX = "moa";
+
+  /** Local location of the MOA XML schema definition. */
+  public static final String MOA_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "MOA-SPSS-2.0.0.xsd";
+
+  /** URI of the MOA configuration XML namespace. */
+  public static final String MOA_CONFIG_NS_URI =
+    "http://reference.e-government.gv.at/namespace/moaconfig/20021122#";
+
+  /** URI of the MOA ID configuration XML namespace. */
+  public static final String MOA_ID_CONFIG_NS_URI =
+    "http://www.buergerkarte.at/namespaces/moaconfig#";
+
+  /** Prefix used for the MOA configuration XML namespace */
+  public static final String MOA_CONFIG_PREFIX = "conf";
+
+  /** Prefix used for the MOA configuration XML namespace */
+  public static final String MOA_ID_CONFIG_PREFIX = "confID";
+
+  /** Local location of the MOA configuration XML schema definition. */
+  public static final String MOA_CONFIG_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "MOA-SPSS-config-2.0.0.xsd";
+
+  /** Local location of the MOA ID configuration XML schema definition. */
+  public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "MOA-ID-Configuration-1.5.2.xsd";
+
+  /** URI of the Security Layer 1.0 namespace. */
+  public static final String SL10_NS_URI =
+    "http://www.buergerkarte.at/namespaces/securitylayer/20020225#";
+
+  /** Prefix used for the Security Layer 1.0 XML namespace */
+  public static final String SL10_PREFIX = "sl10";
+
+  /** Local location of the Security Layer 1.0 XML schema definition */
+  public static final String SL10_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "Core.20020225.xsd";
+
+  /** URI of the Security Layer 1.1 XML namespace */
+  public static final String SL11_NS_URI =
+    "http://www.buergerkarte.at/namespaces/securitylayer/20020831#";
+
+  /** Prefix used for the Security Layer 1.1 XML namespace */
+  public static final String SL11_PREFIX = "sl11";
+
+  /** Local location of the Security Layer 1.1 XML schema definition */
+  public static final String SL11_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "Core.20020831.xsd";
+  
+  /** URI of the Security Layer 1.2 XML namespace */
+  public static final String SL12_NS_URI =
+    "http://www.buergerkarte.at/namespaces/securitylayer/1.2#";
+
+  /** Prefix used for the Security Layer 1.2 XML namespace */
+  public static final String SL12_PREFIX = "sl";
+
+  /** Local location of the Security Layer 1.2 XML schema definition */
+  public static final String SL12_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "Core-1.2.xsd";
+  
+  /** URI of the ECDSA XML namespace */
+  public static final String ECDSA_NS_URI =
+    "http://www.w3.org/2001/04/xmldsig-more#";
+  
+  /** Prefix used for ECDSA namespace */
+  public static final String ECDSA_PREFIX = "ecdsa";
+
+  /** Local location of ECDSA XML schema definition */
+  public static final String ECDSA_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "ECDSAKeyValue.xsd";
+
+  /** URI of the PersonData XML namespace. */
+  public static final String PD_NS_URI =
+    "http://reference.e-government.gv.at/namespace/persondata/20020228#";
+
+  /** Prefix used for the PersonData XML namespace */
+  public static final String PD_PREFIX = "pr";
+
+//  /** Local location of the PersonData XML schema definition */
+//  public static final String PD_SCHEMA_LOCATION =
+//    SCHEMA_ROOT + "PersonData.xsd";
+  
+  /** Local location of the PersonData XML schema definition */
+  public static final String PD_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "PersonData_20_en_moaWID.xsd";
+
+  /** URI of the SAML namespace. */
+  public static final String SAML_NS_URI =
+    "urn:oasis:names:tc:SAML:1.0:assertion";
+
+  /** Prefix used for the SAML XML namespace */
+  public static final String SAML_PREFIX = "saml";
+
+  /** Local location of the SAML XML schema definition. */
+  public static final String SAML_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "cs-sstc-schema-assertion-01.xsd";
+
+  /** URI of the SAML request-response protocol namespace. */
+  public static final String SAMLP_NS_URI =
+    "urn:oasis:names:tc:SAML:1.0:protocol";
+
+  /** Prefix used for the SAML request-response protocol namespace */
+  public static final String SAMLP_PREFIX = "samlp";
+
+  /** Local location of the SAML request-response protocol schema definition. */
+  public static final String SAMLP_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "cs-sstc-schema-protocol-01.xsd";
+
+  /** URI of the XML namespace. */
+  public static final String XML_NS_URI =
+    "http://www.w3.org/XML/1998/namespace";
+
+  /** Prefix used for the XML namespace */
+  public static final String XML_PREFIX = "xml";
+
+  /** Local location of the XML schema definition. */
+  public static final String XML_SCHEMA_LOCATION = SCHEMA_ROOT + "xml.xsd";
+
+  /** URI of the XMLNS namespace */
+  public static final String XMLNS_NS_URI = "http://www.w3.org/2000/xmlns/";
+
+  /** Prefix used for the XSI namespace */
+  public static final String XSI_PREFIX = "xsi";
+
+  /** Local location of the XSI schema definition. */
+  public static final String XSI_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "XMLSchema-instance.xsd";
+
+  /** URI of the XSI XMLNS namespace */
+  public static final String XSI_NS_URI =
+    "http://www.w3.org/2001/XMLSchema-instance";
+
+  /** URI of the XSLT XML namespace */
+  public static final String XSLT_NS_URI =
+    "http://www.w3.org/1999/XSL/Transform";
+
+  /** Prefix used for the XSLT XML namespace */
+  public static final String XSLT_PREFIX = "xsl";
+
+  /** URI of the XMLDSig XML namespace. */
+  public static final String DSIG_NS_URI = "http://www.w3.org/2000/09/xmldsig#";
+
+  /** Prefix used for the XMLDSig XML namespace */
+  public static final String DSIG_PREFIX = "dsig";
+
+  /** Local location of the XMLDSig XML schema. */
+  public static final String DSIG_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "xmldsig-core-schema.xsd";
+
+  /** URI of the XMLDSig XPath Filter XML namespace. */
+  public static final String DSIG_FILTER2_NS_URI =
+    "http://www.w3.org/2002/06/xmldsig-filter2";
+
+  /** Prefix used for the XMLDSig XPath Filter XML namespace */
+  public static final String DSIG_FILTER2_PREFIX = "dsig-filter2";
+
+  /** Local location of the XMLDSig XPath Filter XML schema definition. */
+  public static final String DSIG_FILTER2_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "xmldsig-filter2.xsd";
+
+  /** URI of the Exclusive Canonicalization XML namespace */
+  public static final String DSIG_EC_NS_URI =
+    "http://www.w3.org/2001/10/xml-exc-c14n#";
+    
+  /** Prefix used for the Exclusive Canonicalization XML namespace */
+  public static final String DSIG_EC_PREFIX = "ec";
+
+  /** Local location of the Exclusive Canonicalizaion XML schema definition */
+  public static final String DSIG_EC_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "exclusive-canonicalization.xsd";
+
+	/** URI of the XMLLoginParameterResolver Configuration XML namespace */
+	public static final String XMLLPR_NS_URI="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814";
+
+	/** Local location of the XMLLoginParameterResolver Configuration XML schema definition */
+	public static final String XMLLPR_SCHEMA_LOCATION =
+		SCHEMA_ROOT + "MOAIdentities.xsd";
+	
+  /** Local location of the XAdES v1.1.1 schema definition */ 
+  public static final String XADES_1_1_1_SCHEMA_LOCATION =
+	SCHEMA_ROOT + "XAdES-1.1.1.xsd";
+
+  /** URI of the XAdES v1.1.1 namespace */
+  public static final String XADES_1_1_1_NS_URI = "http://uri.etsi.org/01903/v1.1.1#";
+  
+  public static final String XADES_1_1_1_NS_PREFIX = "xades111";
+  
+  /** Local location of the XAdES v1.2.2 schema definition */ 
+  public static final String XADES_1_2_2_SCHEMA_LOCATION =
+	SCHEMA_ROOT + "XAdES-1.2.2.xsd";
+
+  /** URI of the XAdES v1.2.2 namespace */
+  public static final String XADES_1_2_2_NS_URI = "http://uri.etsi.org/01903/v1.2.2#";
+  
+  public static final String XADES_1_2_2_NS_PREFIX = "xades122";
+
+  /** Local location of the XAdES v1.1.1 schema definition */ 
+  public static final String XADES_1_3_2_SCHEMA_LOCATION =
+	SCHEMA_ROOT + "XAdES-1.3.2.xsd";
+
+  /** URI of the XAdES v1.3.2 namespace */
+  public static final String XADES_1_3_2_NS_URI = "http://uri.etsi.org/01903/v1.3.2#";
+  
+  public static final String XADES_1_3_2_NS_PREFIX = "xades132";
+
+  /** Local location of the XAdES v1.4.1 schema definition */ 
+  public static final String XADES_1_4_1_SCHEMA_LOCATION =
+	SCHEMA_ROOT + "XAdES-1.4.1.xsd";
+
+  /** URI of the XAdES v1.4.1 namespace */
+  public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#";
+  
+  public static final String XADES_1_4_1_NS_PREFIX = "xades141";
+  /** URI of the SAML 2.0 namespace. */
+  public static final String SAML2_NS_URI =
+    "urn:oasis:names:tc:SAML:2.0:assertion";
+
+  /** Prefix used for the SAML 2.0 XML namespace */
+  public static final String SAML2_PREFIX = "saml2";
+
+  /** Local location of the SAML 2.0 XML schema definition. */
+  public static final String SAML2_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "saml-schema-assertion-2.0.xsd";
+  
+  /** URI of the SAML 2.0 protocol namespace. */
+  public static final String SAML2P_NS_URI =
+    "urn:oasis:names:tc:SAML:2.0:protocol";
+
+  /** Prefix used for the SAML 2.0 protocol XML namespace */
+  public static final String SAML2P_PREFIX = "saml2p";
+
+  /** Local location of the SAML 2.0 protocol XML schema definition. */
+  public static final String SAML2P_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "saml-schema-protocol-2.0.xsd";
+  
+  /** URI of the STORK namespace. */
+  public static final String STORK_NS_URI =
+    "urn:eu:stork:names:tc:STORK:1.0:assertion";
+
+  /** Prefix used for the STORK XML namespace */
+  public static final String STORK_PREFIX = "stork";
+
+  /** Local location of the STORK XML schema definition. */
+  public static final String STORK_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "stork-schema-assertion-1.0.xsd";
+  
+  /** URI of the STORK protocol namespace. */
+  public static final String STORKP_NS_URI =
+    "urn:eu:stork:names:tc:STORK:1.0:protocol";
+
+  /** Prefix used for the STORK protocol XML namespace */
+  public static final String STORKP_PREFIX = "storkp";
+
+  /** Local location of the STORK protocol XML schema definition. */
+  public static final String STORKP_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "stork-schema-protocol-1.0.xsd";
+  
+  /** URI of the TSL namespace. */
+  public static final String TSL_NS_URI =
+    "http://uri.etsi.org/02231/v2#";
+
+  /** Prefix used for the TSL namespace */
+  public static final String TSL_PREFIX = "tsl1";
+
+  /** Local location of the TSL schema definition. */
+  public static final String TSL_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "ts_119612v010201_xsd.xsd";	
+
+  /** URI of the TSL SIE namespace. */
+  public static final String TSL_SIE_NS_URI =
+    "http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#";
+
+  /** Prefix used for the TSL SIE namespace */
+  public static final String TSL_SIE_PREFIX = "tslsie";
+
+  /** Local location of the TSL SIE schema definition. */
+  public static final String TSL_SIE_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "ts_119612v010201_sie_xsd.xsd";
+  
+  /** URI of the TSL additional types namespace. */
+  public static final String TSL_ADDTYPES_NS_URI =
+    "http://uri.etsi.org/02231/v2/additionaltypes#";
+
+  /** Prefix used for the TSL additional types namespace */
+  public static final String TSL_ADDTYPES_PREFIX = "tsltype";
+
+  /** Local location of the TSL additional types schema definition. */
+  public static final String TSL_ADDTYPES_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "ts_ts_119612v010201_additionaltypes_xsd.xsd";
+  
+  /** URI of the XML Encryption namespace. */
+  public static final String XENC_NS_URI =
+    "http://www.w3.org/2001/04/xmlenc#";
+
+  /** Prefix used for the XML Encryption XML namespace */
+  public static final String XENC_PREFIX = "xenc";
+
+  /** Local location of the XML Encryption XML schema definition. */
+  public static final String XENC_SCHEMA_LOCATION =
+    SCHEMA_ROOT + "xenc-schema.xsd";
+
+  /**
+   * Contains all namespaces and local schema locations for XML schema
+   * definitions relevant for MOA. For use in validating XML parsers.
+   */
+  public static final String ALL_SCHEMA_LOCATIONS =
+    (MOA_NS_URI + " " + MOA_SCHEMA_LOCATION + " ")
+      + (MOA_CONFIG_NS_URI + " " + MOA_CONFIG_SCHEMA_LOCATION + " ")
+      + (MOA_ID_CONFIG_NS_URI + " " + MOA_ID_CONFIG_SCHEMA_LOCATION + " ")
+      + (SL10_NS_URI + " " + SL10_SCHEMA_LOCATION + " ")
+      + (SL11_NS_URI + " " + SL11_SCHEMA_LOCATION + " ")
+      + (SL12_NS_URI + " " + SL12_SCHEMA_LOCATION + " ")
+      + (ECDSA_NS_URI + " " + ECDSA_SCHEMA_LOCATION + " ")
+      + (PD_NS_URI + " " + PD_SCHEMA_LOCATION + " ")
+      + (SAML_NS_URI + " " + SAML_SCHEMA_LOCATION + " ")
+      + (SAMLP_NS_URI + " " + SAMLP_SCHEMA_LOCATION + " ")
+      + (XML_NS_URI + " " + XML_SCHEMA_LOCATION + " ")
+      + (XSI_NS_URI + " " + XSI_SCHEMA_LOCATION + " ")
+      + (DSIG_NS_URI + " " + DSIG_SCHEMA_LOCATION + " ")
+      + (DSIG_FILTER2_NS_URI + " " + DSIG_FILTER2_SCHEMA_LOCATION + " ")
+      + (DSIG_EC_NS_URI + " " + DSIG_EC_SCHEMA_LOCATION + " ")
+      + (XMLLPR_NS_URI + " " + XMLLPR_SCHEMA_LOCATION + " ")
+      + (XADES_1_1_1_NS_URI + " " + XADES_1_1_1_SCHEMA_LOCATION + " ")
+      + (XADES_1_2_2_NS_URI + " " + XADES_1_2_2_SCHEMA_LOCATION + " ")
+      + (XADES_1_3_2_NS_URI + " " + XADES_1_3_2_SCHEMA_LOCATION + " ")
+      + (XADES_1_4_1_NS_URI + " " + XADES_1_4_1_SCHEMA_LOCATION + " ")
+      + (TSL_NS_URI + " " + TSL_SCHEMA_LOCATION + " ")
+      + (TSL_SIE_NS_URI + " " + TSL_SIE_SCHEMA_LOCATION + " ")
+      + (TSL_ADDTYPES_NS_URI + " " + TSL_ADDTYPES_SCHEMA_LOCATION + " ")
+      + (SAML2_NS_URI + " " + SAML2_SCHEMA_LOCATION + " ")
+      + (SAML2P_NS_URI + " " + SAML2P_SCHEMA_LOCATION + " ")
+      + (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ")
+      + (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ")
+      + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION);
+
+  /** URN prefix for bPK and wbPK. */
+  public static final String URN_PREFIX = "urn:publicid:gv.at";
+  
+  /** URN prefix for context dependent id. */
+  public static final String URN_PREFIX_CDID = URN_PREFIX + ":cdid";
+  
+  /** URN prefix for context dependent id (bPK). */
+  public static final String URN_PREFIX_BPK = URN_PREFIX_CDID + "+bpk";
+
+  /** URN prefix for context dependent id (HPI). */
+  public static final String URN_PREFIX_HPI = URN_PREFIX_CDID + "+EHSP";
+  
+  /** URN prefix for context dependent id (wbPK). */
+  public static final String URN_PREFIX_WBPK = URN_PREFIX + ":wbpk";
+
+  /** URN prefix for context dependent id (stork). */
+  public static final String URN_PREFIX_STORK = URN_PREFIX + ":storkid";
+
+  /** URN prefix for context dependent id. */
+  public static final String URN_PREFIX_BASEID = URN_PREFIX + ":baseid";
+  
+  /** Security Layer manifest type URI. */
+  public static final String SL_MANIFEST_TYPE_URI =
+    "http://www.buergerkarte.at/specifications/Security-Layer/20020225#SignatureManifest";
+
+  /** URI of the SHA1 digest algorithm */
+  public static final String SHA1_URI =
+    "http://www.w3.org/2000/09/xmldsig#sha1";
+  
+  /** URI of the SHA1 digest algorithm */
+  public static final String SHA256_URI =
+    "http://www.w3.org/2000/09/xmldsig#sha256";
+  
+  /** URI of the SHA1 digest algorithm */
+  public static final String SHA384_URI =
+    "http://www.w3.org/2000/09/xmldsig#sha384";
+  
+  /** URI of the SHA1 digest algorithm */
+  public static final String SHA512_URI =
+    "http://www.w3.org/2000/09/xmldsig#sha512";
+  
+  /** URI of the Canonical XML algorithm */
+  public static final String C14N_URI =
+    "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+
+  /** URI of the Canoncial XML with comments algorithm */
+  public static final String C14N_WITH_COMMENTS_URI =
+    "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
+
+  /** URI of the Exclusive Canonical XML algorithm */
+  public static final String EXC_C14N_URI =
+    "http://www.w3.org/2001/10/xml-exc-c14n#";
+  
+  /** URI of the Exclusive Canonical XML with commments algorithm */
+  public static final String EXC_C14N_WITH_COMMENTS_URI =
+    "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
+    
+  //
+  // Local names for elements of the MOA SPSS schema
+  //
+  
+  /** 
+   * Local name of request for creating an XML signature.
+   */
+  public static final String MOA_SPSS_CREATE_XML_REQUEST = "CreateXMLSignatureRequest";
+  
+  /** 
+   * Local name of request for creating a CMS signature.
+   */
+  public static final String MOA_SPSS_CREATE_CMS_REQUEST = "CreateCMSSignatureRequest";
+  
+  /** 
+   * Local name of request for creating a CMS signature.
+   */
+  public static final String MOA_SPSS_CREATE_PDF_REQUEST = "CreatePDFSignatureRequest";
+  
+  /** 
+   * Local name of request for verifying an XML signature.
+   */
+  public static final String MOA_SPSS_VERIFY_XML_REQUEST = "VerifiyXMLSignatureRequest";
+  
+  /** 
+   * A map used to map namespace prefixes to namespace URIs 
+   */ 
+  public static HashMap<String, String> nSMap = new HashMap<String, String>(5);
+   
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
new file mode 100644
index 0000000..2b816ed
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -0,0 +1,1168 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.xerces.parsers.DOMParser;
+import org.apache.xerces.parsers.SAXParser;
+import org.apache.xerces.parsers.XMLGrammarPreparser;
+import org.apache.xerces.util.SymbolTable;
+import org.apache.xerces.util.XMLGrammarPoolImpl;
+import org.apache.xerces.xni.grammars.XMLGrammarDescription;
+import org.apache.xerces.xni.grammars.XMLGrammarPool;
+import org.apache.xerces.xni.parser.XMLInputSource;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.EntityResolver;
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Various utility functions for handling XML DOM trees.
+ * 
+ * The parsing methods in this class make use of some features internal to the
+ * Xerces DOM parser, mainly for performance reasons. As soon as JAXP
+ * (currently at version 1.2) is better at schema handling, it should be used as
+ * the parser interface.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DOMUtils {
+
+  /** Feature URI for namespace aware parsing. */
+  private static final String NAMESPACES_FEATURE =
+    "http://xml.org/sax/features/namespaces";
+  /** Feature URI for validating parsing. */
+  private static final String VALIDATION_FEATURE =
+    "http://xml.org/sax/features/validation";
+  /** Feature URI for schema validating parsing. */
+  private static final String SCHEMA_VALIDATION_FEATURE =
+    "http://apache.org/xml/features/validation/schema";
+  /** Feature URI for normalization of element/attribute values. */
+  private static final String NORMALIZED_VALUE_FEATURE =
+    "http://apache.org/xml/features/validation/schema/normalized-value";
+  /** Feature URI for parsing ignorable whitespace. */
+  private static final String INCLUDE_IGNORABLE_WHITESPACE_FEATURE =
+    "http://apache.org/xml/features/dom/include-ignorable-whitespace";
+  /** Feature URI for creating EntityReference nodes in the DOM tree. */
+  private static final String CREATE_ENTITY_REF_NODES_FEATURE =
+    "http://apache.org/xml/features/dom/create-entity-ref-nodes";
+  /** Property URI for providing external schema locations. */
+  private static final String EXTERNAL_SCHEMA_LOCATION_PROPERTY =
+    "http://apache.org/xml/properties/schema/external-schemaLocation";
+  /** Property URI for providing the external schema location for elements 
+   * without a namespace. */
+  private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY =
+    "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation";
+  
+  private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE =
+  	"http://xml.org/sax/features/external-general-entities";
+  
+  private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
+	  "http://xml.org/sax/features/external-parameter-entities";
+  
+  private static final String DISALLOW_DOCTYPE_FEATURE =
+		  "http://apache.org/xml/features/disallow-doctype-decl";
+  
+  
+  
+  /** Property URI for the Xerces grammar pool. */
+  private static final String GRAMMAR_POOL =
+    org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX
+      + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY;
+  /** A prime number for initializing the symbol table. */
+  private static final int BIG_PRIME = 2039;
+  /** Symbol table for the grammar pool. */
+  private static SymbolTable symbolTable = new SymbolTable(BIG_PRIME);
+  /** Xerces schema grammar pool. */
+  private static XMLGrammarPool grammarPool = new XMLGrammarPoolImpl();
+  /** Set holding the NamespaceURIs of the grammarPool, to prevent multiple
+    * entries of same grammars to the pool */
+  private static Set grammarNamespaces; 
+
+  static {
+    grammarPool.lockPool();
+    grammarNamespaces = new HashSet();
+  }
+
+  /**
+   * Preparse a schema and add it to the schema pool.
+   * The method only adds the schema to the pool if a schema having the same
+   * <code>systemId</code> (namespace URI) is not already present in the pool.
+   * 
+   * @param inputStream An <code>InputStream</code> providing the contents of
+   * the schema.
+   * @param systemId The systemId (namespace URI) to use for the schema.
+   * @throws IOException An error occurred reading the schema.
+   */
+  public static void addSchemaToPool(InputStream inputStream, String systemId)
+    throws IOException {
+    XMLGrammarPreparser preparser;
+
+    if (!grammarNamespaces.contains(systemId)) { 
+
+      grammarNamespaces.add(systemId);
+    
+      // unlock the pool so that we can add another grammar
+      grammarPool.unlockPool();
+	
+      // prepare the preparser
+      preparser = new XMLGrammarPreparser(symbolTable);
+      preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null);
+      preparser.setProperty(GRAMMAR_POOL, grammarPool);
+      preparser.setFeature(NAMESPACES_FEATURE, true);
+      preparser.setFeature(VALIDATION_FEATURE, true);
+	
+      // add the grammar to the pool
+      preparser.preparseGrammar(
+      XMLGrammarDescription.XML_SCHEMA,
+        new XMLInputSource(null, systemId, null, inputStream, null));
+	
+      // lock the pool again so that schemas are not added automatically
+      grammarPool.lockPool();
+    }
+  }
+
+  /**
+   * Parse an XML document from an <code>InputStream</code>.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @param entityResolver An <code>EntityResolver</code> to resolve external
+   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
+   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
+   * with parsing errors. If <code>null</code>, it will not be set.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocument(
+    InputStream inputStream,
+    boolean validating,
+    String externalSchemaLocations,
+    String externalNoNamespaceSchemaLocation,
+    EntityResolver entityResolver,
+    ErrorHandler errorHandler)
+    throws  SAXException, IOException, ParserConfigurationException {
+
+    DOMParser parser;
+
+//    class MyEntityResolver implements EntityResolver {
+//
+//		public InputSource resolveEntity(String publicId, String systemId)
+//				throws SAXException, IOException {
+//		    return new InputSource(new ByteArrayInputStream(new byte[0]));
+//		}
+//    }
+
+
+		//if Debug is enabled make a copy of inputStream to enable debug output in case of SAXException
+		byte buffer [] = null;
+		ByteArrayInputStream baStream = null;
+		if(true == Logger.isDebugEnabled()) {
+			int len = inputStream.available();
+			buffer = new byte[len];
+			inputStream.read(buffer);
+			baStream = new ByteArrayInputStream(buffer);
+		}	
+			
+    // create the DOM parser
+    if (symbolTable != null) {
+      parser = new DOMParser(symbolTable, grammarPool);
+    } else {
+      parser = new DOMParser();
+    }
+    
+    // set parser features and properties
+    try {
+	    parser.setFeature(NAMESPACES_FEATURE, true);
+	    parser.setFeature(VALIDATION_FEATURE, validating);
+	    parser.setFeature(SCHEMA_VALIDATION_FEATURE, validating);
+	    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
+	    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
+	    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
+	    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+	    parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
+	
+	    if (validating) {
+	      if (externalSchemaLocations != null) {
+	        parser.setProperty(
+	          EXTERNAL_SCHEMA_LOCATION_PROPERTY,
+	          externalSchemaLocations);
+	      }
+	      if (externalNoNamespaceSchemaLocation != null) {
+	        parser.setProperty(
+	          EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
+	          externalNoNamespaceSchemaLocation);
+	      }
+	    }
+	
+	    // set entity resolver and error handler
+	    if (entityResolver != null) {
+	      parser.setEntityResolver(entityResolver);
+	    }
+	    if (errorHandler != null) {
+	      parser.setErrorHandler(errorHandler);
+	    }
+	
+	    // parse the document and return it
+	    // if debug is enabled: use copy of strem (baStream) else use orig stream
+	    if(null != baStream)
+	    	parser.parse(new InputSource(baStream));
+	    else 
+			parser.parse(new InputSource(inputStream));
+    } catch(SAXException e) {
+			if(true == Logger.isDebugEnabled() && null != buffer) {
+				String xmlContent = new String(buffer);
+				Logger.debug("SAXException in:\n" + xmlContent);				 
+			} 
+		  throw(e);
+    }
+
+    return parser.getDocument();
+  }
+
+  /**
+   * Parse an XML document from an <code>InputStream</code>.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @param entityResolver An <code>EntityResolver</code> to resolve external
+   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
+   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
+   * with parsing errors. If <code>null</code>, it will not be set.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocumentSimple(InputStream inputStream)
+    throws  SAXException, IOException, ParserConfigurationException {
+
+    DOMParser parser;
+			
+    parser = new DOMParser();
+    // set parser features and properties
+    parser.setFeature(NAMESPACES_FEATURE, true);
+    parser.setFeature(VALIDATION_FEATURE, false);
+    parser.setFeature(SCHEMA_VALIDATION_FEATURE, false);
+    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
+    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
+    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
+		
+    parser.parse(new InputSource(inputStream));
+    
+    return parser.getDocument();
+  }
+
+  
+  /**
+   * Parse an XML document from an <code>InputStream</code>.
+   * 
+   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
+   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocument(
+    InputStream inputStream,
+    boolean validating,
+    String externalSchemaLocations,
+    String externalNoNamespaceSchemaLocation)
+    throws SAXException, IOException, ParserConfigurationException {
+
+  
+	  
+    return parseDocument(
+      inputStream,
+      validating,
+      externalSchemaLocations,
+      externalNoNamespaceSchemaLocation,
+      new MOAEntityResolver(),
+      new MOAErrorHandler());
+  }
+
+  /**
+   * Parse an XML document from a <code>String</code>.
+   * 
+   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
+   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
+   * 
+   * @param xmlString The <code>String</code> containing the XML document.
+   * @param encoding The encoding of the XML document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocument(
+    String xmlString,
+    String encoding,
+    boolean validating,
+    String externalSchemaLocations,
+    String externalNoNamespaceSchemaLocation)
+    throws SAXException, IOException, ParserConfigurationException {
+
+    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
+    return parseDocument(
+      in,
+      validating,
+      externalSchemaLocations,
+      externalNoNamespaceSchemaLocation);
+  }
+
+  /**
+   * Parse an UTF-8 encoded XML document from a <code>String</code>.
+   * 
+   * @param xmlString The <code>String</code> containing the XML document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocument(
+    String xmlString,
+    boolean validating,
+    String externalSchemaLocations,
+    String externalNoNamespaceSchemaLocation)
+    throws SAXException, IOException, ParserConfigurationException {
+
+    return parseDocument(
+      xmlString,
+      "UTF-8",
+      validating,
+      externalSchemaLocations,
+      externalNoNamespaceSchemaLocation);
+  }
+
+  /**
+   * A convenience method to parse an XML document validating.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @return The root element of the parsed XML document.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Element parseXmlValidating(InputStream inputStream)
+    throws ParserConfigurationException, SAXException, IOException {
+    return DOMUtils
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .getDocumentElement();
+  }
+  
+  /**
+   * A convenience method to parse an XML document non validating.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @return The root element of the parsed XML document.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Element parseXmlNonValidating(InputStream inputStream)
+    throws ParserConfigurationException, SAXException, IOException {
+    return DOMUtils
+      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .getDocumentElement();
+  }
+
+  /**
+   * Schema validate a given DOM element.
+   * 
+   * @param element The element to validate.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @return <code>true</code>, if the <code>element</code> validates against
+   * the schemas declared in it.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document from its
+   * serialized representation.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * @throws TransformerException An error occurred serializing the element.
+   */
+  public static boolean validateElement(
+    Element element,
+    String externalSchemaLocations,
+    String externalNoNamespaceSchemaLocation)
+    throws
+      ParserConfigurationException,
+      IOException,
+      SAXException,
+      TransformerException {
+
+    byte[] docBytes;
+    SAXParser parser;
+
+    // create the SAX parser
+    if (symbolTable != null) {
+      parser = new SAXParser(symbolTable, grammarPool);
+    } else {
+      parser = new SAXParser();
+    }
+
+    // serialize the document
+    docBytes = serializeNode(element, "UTF-8");
+
+    // set up parser features and attributes
+    parser.setFeature(NAMESPACES_FEATURE, true);
+    parser.setFeature(VALIDATION_FEATURE, true);
+    parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
+    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+    parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true);
+    
+    
+    if (externalSchemaLocations != null) {
+      parser.setProperty(
+        EXTERNAL_SCHEMA_LOCATION_PROPERTY,
+        externalSchemaLocations);
+    }
+    if (externalNoNamespaceSchemaLocation != null) {
+      parser.setProperty(
+        EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
+        "externalNoNamespaceSchemaLocation");
+    }
+
+    // set up entity resolver and error handler
+    parser.setEntityResolver(new MOAEntityResolver());
+    parser.setErrorHandler(new MOAErrorHandler());
+
+    // parse validating
+    parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
+    return true;
+  }
+
+  
+  /**
+   * Schema validate a given DOM element.
+   * 
+   * @param element The element to validate.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @return <code>true</code>, if the <code>element</code> validates against
+   * the schemas declared in it.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document from its
+   * serialized representation.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * @throws TransformerException An error occurred serializing the element.
+   */
+  public static boolean validateElement(
+    Element element,
+    String externalSchemaLocations,
+    String externalNoNamespaceSchemaLocation,
+    EntityResolver entityResolver)
+    throws
+      ParserConfigurationException,
+      IOException,
+      SAXException,
+      TransformerException {
+
+    byte[] docBytes;
+    SAXParser parser;
+
+    // create the SAX parser
+    if (symbolTable != null) {
+      parser = new SAXParser(symbolTable, grammarPool);
+    } else {
+      parser = new SAXParser();
+    }
+
+    // serialize the document
+    docBytes = serializeNode(element, "UTF-8");
+
+    // set up parser features and attributes
+    parser.setFeature(NAMESPACES_FEATURE, true);
+    parser.setFeature(VALIDATION_FEATURE, true);
+    parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
+    
+    if (externalSchemaLocations != null) {
+      parser.setProperty(
+        EXTERNAL_SCHEMA_LOCATION_PROPERTY,
+        externalSchemaLocations);
+    }
+    if (externalNoNamespaceSchemaLocation != null) {
+      parser.setProperty(
+        EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
+        "externalNoNamespaceSchemaLocation");
+    }
+
+    // set up entity resolver and error handler
+    parser.setEntityResolver(entityResolver);
+    parser.setErrorHandler(new MOAErrorHandler());
+
+    // parse validating
+    parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
+    return true;
+  }
+  
+  /**
+   * Serialize the given DOM node.
+   * 
+   * The node will be serialized using the UTF-8 encoding.
+   * 
+   * @param node The node to serialize.
+   * @return String The <code>String</code> representation of the given DOM
+   * node.
+   * @throws TransformerException An error occurred transforming the
+   * node to a <code>String</code>.
+   * @throws IOException An IO error occurred writing the node to a byte array.
+   */
+  public static String serializeNode(Node node)
+    throws TransformerException, IOException {
+    return new String(serializeNode(node, "UTF-8", false), "UTF-8");
+  }
+
+
+  /**
+   * Serialize the given DOM node.
+   * 
+   * The node will be serialized using the UTF-8 encoding.
+   * 
+   * @param node The node to serialize.
+   * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
+   * @return String The <code>String</code> representation of the given DOM
+   * node.
+   * @throws TransformerException An error occurred transforming the
+   * node to a <code>String</code>.
+   * @throws IOException An IO error occurred writing the node to a byte array.
+   */
+  public static String serializeNode(Node node, boolean omitXmlDeclaration)
+    throws TransformerException, IOException {
+    return new String(serializeNode(node, "UTF-8", omitXmlDeclaration), "UTF-8");
+  }
+
+  /**
+   * Serialize the given DOM node.
+   * 
+   * The node will be serialized using the UTF-8 encoding.
+   * 
+   * @param node The node to serialize.
+   * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
+   * @param lineSeperator Sets the line seperator String of the parser
+   * @return String The <code>String</code> representation of the given DOM
+   * node.
+   * @throws TransformerException An error occurred transforming the
+   * node to a <code>String</code>.
+   * @throws IOException An IO error occurred writing the node to a byte array.
+   */
+  public static String serializeNode(Node node, boolean omitXmlDeclaration, String lineSeperator)
+    throws TransformerException, IOException {
+    return new String(serializeNode(node, "UTF-8", omitXmlDeclaration, lineSeperator), "UTF-8");
+  }
+  
+  /**
+   * Serialize the given DOM node to a byte array.
+   * 
+   * @param node The node to serialize.
+   * @param xmlEncoding The XML encoding to use.
+   * @return The serialized node, as a byte array. Using a compatible encoding
+   * this can easily be converted into a <code>String</code>.
+   * @throws TransformerException An error occurred transforming the node to a 
+   * byte array.
+   * @throws IOException An IO error occurred writing the node to a byte array.
+   */
+  public static byte[] serializeNode(Node node, String xmlEncoding)
+  throws TransformerException, IOException {
+    return serializeNode(node, xmlEncoding, false);
+  }
+  
+  /**
+   * Serialize the given DOM node to a byte array.
+   * 
+   * @param node The node to serialize.
+   * @param xmlEncoding The XML encoding to use.
+   * @param omitDeclaration The boolean value for omitting the XML Declaration.
+   * @return The serialized node, as a byte array. Using a compatible encoding
+   * this can easily be converted into a <code>String</code>.
+   * @throws TransformerException An error occurred transforming the node to a 
+   * byte array.
+   * @throws IOException An IO error occurred writing the node to a byte array.
+   */
+  public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration)
+    throws TransformerException, IOException {
+    return serializeNode(node, xmlEncoding, omitDeclaration, null);
+  }
+
+
+  /**
+   * Serialize the given DOM node to a byte array.
+   * 
+   * @param node The node to serialize.
+   * @param xmlEncoding The XML encoding to use.
+   * @param omitDeclaration The boolean value for omitting the XML Declaration.
+   * @param lineSeperator Sets the line seperator String of the parser
+   * @return The serialized node, as a byte array. Using a compatible encoding
+   * this can easily be converted into a <code>String</code>.
+   * @throws TransformerException An error occurred transforming the node to a 
+   * byte array.
+   * @throws IOException An IO error occurred writing the node to a byte array.
+   */
+  public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration, String lineSeperator)
+    throws TransformerException, IOException {
+
+    TransformerFactory transformerFactory = TransformerFactory.newInstance();
+    Transformer transformer = transformerFactory.newTransformer();
+    ByteArrayOutputStream bos = new ByteArrayOutputStream(16384);
+
+    transformer.setOutputProperty(OutputKeys.METHOD, "xml");
+    transformer.setOutputProperty(OutputKeys.ENCODING, xmlEncoding);
+    String omit = omitDeclaration ? "yes" : "no";
+    transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, omit);
+    if (null!=lineSeperator) {
+      transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", lineSeperator);//does not work for xalan <= 2.5.1
+    }
+    transformer.transform(new DOMSource(node), new StreamResult(bos));
+
+    bos.flush();
+    bos.close();
+
+    return bos.toByteArray();
+  }
+
+  /**
+    * Return the text that a node contains. 
+    * 
+    * This routine:
+    * <ul>
+    * <li>Ignores comments and processing instructions.</li>
+    * <li>Concatenates TEXT nodes, CDATA nodes, and the results recursively
+    * processing EntityRef nodes.</li>
+    * <li>Ignores any element nodes in the sublist. (Other possible options are
+    * to recurse into element sublists or throw an exception.)</li>
+    * </ul>
+    * 
+    * @param node A DOM node from which to extract text.
+    * @return A String representing its contents.
+    */
+  public static String getText(Node node) {
+    if (!node.hasChildNodes()) {
+      return "";
+    }
+
+    StringBuffer result = new StringBuffer();
+    NodeList list = node.getChildNodes();
+
+    for (int i = 0; i < list.getLength(); i++) {
+      Node subnode = list.item(i);
+      if (subnode.getNodeType() == Node.TEXT_NODE) {
+        result.append(subnode.getNodeValue());
+      } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) {
+        result.append(subnode.getNodeValue());
+      } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) {
+        // Recurse into the subtree for text
+        // (and ignore comments)
+        result.append(getText(subnode));
+      }
+    }
+    return result.toString();
+  }
+
+  /**
+   * Build the namespace prefix to namespace URL mapping in effect for a given
+   * node.
+   * 
+   * @param node The context node for which build the map.
+   * @return The namespace prefix to namespace URL mapping (
+   * a <code>String</code> value to <code>String</code> value mapping).
+   */
+  public static Map getNamespaceDeclarations(Node node) {
+    Map nsDecls = new HashMap();
+    int i;
+
+    do {
+      if (node.hasAttributes()) {
+        NamedNodeMap attrs = node.getAttributes();
+
+        for (i = 0; i < attrs.getLength(); i++) {
+          Attr attr = (Attr) attrs.item(i);
+
+          // add prefix mapping if none exists
+          if ("xmlns".equals(attr.getPrefix())
+            || "xmlns".equals(attr.getName())) {
+
+            String nsPrefix =
+              attr.getPrefix() != null ? attr.getLocalName() : "";
+
+            if (nsDecls.get(nsPrefix) == null) {
+              nsDecls.put(nsPrefix, attr.getValue());
+            }
+          }
+        }
+      }
+    } while ((node = node.getParentNode()) != null);
+
+    return nsDecls;
+  }
+
+  /**
+   * Add all namespace declarations declared in the parent(s) of a given
+   * element and used in the subtree of the given element to the given element.  
+   * 
+   * @param context The element to which to add the namespaces.
+   */
+  public static void localizeNamespaceDeclarations(Element context) {
+    Node parent = context.getParentNode();
+
+    if (parent != null) {
+      Map namespaces = getNamespaceDeclarations(context.getParentNode());
+      Set nsUris = collectNamespaceURIs(context);
+      Iterator iter;
+
+      for (iter = namespaces.entrySet().iterator(); iter.hasNext();) {
+        Map.Entry e = (Map.Entry) iter.next();
+
+        if (nsUris.contains(e.getValue())) {
+          String prefix = (String) e.getKey();
+          String nsUri = (String) e.getValue();
+          String nsAttrName = "".equals(prefix) ? "xmlns" : "xmlns:" + prefix;
+
+          context.setAttributeNS(Constants.XMLNS_NS_URI, nsAttrName, nsUri);
+        }
+      }
+    }
+  }
+
+  /**
+   * Collect all the namespace URIs used in the subtree of a given element.
+   * 
+   * @param context The element that should be searched for namespace URIs.
+   * @return All namespace URIs used in the subtree of <code>context</code>,
+   * including the ones used in <code>context</code> itself.
+   */
+  public static Set collectNamespaceURIs(Element context) {
+    Set result = new HashSet();
+
+    collectNamespaceURIsImpl(context, result);
+    return result;
+  }
+
+  /**
+   * A recursive method to do the work of <code>collectNamespaceURIs</code>.
+   * 
+   * @param context The context element to evaluate.
+   * @param result The result, passed as a parameter to avoid unnecessary
+   * instantiations of <code>Set</code>.
+   */
+  private static void collectNamespaceURIsImpl(Element context, Set result) {
+    NamedNodeMap attrs = context.getAttributes();
+    NodeList childNodes = context.getChildNodes();
+    String nsUri;
+    int i;
+
+    // add the namespace of the context element
+    nsUri = context.getNamespaceURI();
+    if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) {
+      result.add(nsUri);
+    }
+
+    // add all namespace URIs from attributes
+    for (i = 0; i < attrs.getLength(); i++) {
+      nsUri = attrs.item(i).getNamespaceURI();
+      if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) {
+        result.add(nsUri);
+      }
+    }
+
+    // add all namespaces from subelements
+    for (i = 0; i < childNodes.getLength(); i++) {
+      Node node = childNodes.item(i);
+
+      if (node.getNodeType() == Node.ELEMENT_NODE) {
+        collectNamespaceURIsImpl((Element) node, result);
+      }
+    }
+  }
+
+  /**
+   * Check, that each attribute node in the given <code>NodeList</code> has its
+   * parent in the <code>NodeList</code> as well.
+   * 
+   * @param nodes The <code>NodeList</code> to check.
+   * @return <code>true</code>, if each attribute node in <code>nodes</code>
+   * has its parent in <code>nodes</code> as well.
+   */
+  public static boolean checkAttributeParentsInNodeList(NodeList nodes) {
+    Set nodeSet = new HashSet();
+    int i;
+
+    // put the nodes into the nodeSet
+    for (i = 0; i < nodes.getLength(); i++) {
+      nodeSet.add(nodes.item(i));
+    }
+
+    // check that each attribute node's parent is in the node list
+    for (i = 0; i < nodes.getLength(); i++) {
+      Node n = nodes.item(i);
+
+      if (n.getNodeType() == Node.ATTRIBUTE_NODE) {
+        Attr attr = (Attr) n;
+        Element owner = attr.getOwnerElement();
+
+        if (owner == null) {
+          if (!isNamespaceDeclaration(attr)) {
+            return false;
+          }
+        }
+
+        if (!nodeSet.contains(owner) && !isNamespaceDeclaration(attr)) {
+          return false;
+        }
+      }
+    }
+
+    return true;
+  }
+
+  /**
+   * Convert an unstructured <code>NodeList</code> into a 
+   * <code>DocumentFragment</code>.
+   *
+   * @param nodeList Contains the node list to be converted into a DOM 
+   * DocumentFragment.
+   * @return the resulting DocumentFragment. The DocumentFragment will be 
+   * backed by a new DOM Document, i.e. all noded of the node list will be 
+   * cloned.
+   * @throws ParserConfigurationException An error occurred creating the
+   * DocumentFragment.
+   * @precondition The nodes in the node list appear in document order
+   * @precondition for each Attr node in the node list, the owning Element is 
+   * in the node list as well.
+   * @precondition each Element or Attr node in the node list is namespace 
+   * aware.
+   */
+  public static DocumentFragment nodeList2DocumentFragment(NodeList nodeList)
+    throws ParserConfigurationException {
+
+    DocumentBuilder builder =
+      DocumentBuilderFactory.newInstance().newDocumentBuilder();
+    Document doc = builder.newDocument();
+    DocumentFragment result = doc.createDocumentFragment();
+
+    if (null == nodeList || nodeList.getLength() == 0) {
+      return result;
+    }
+
+    int currPos = 0;
+    currPos =
+      nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
+
+    while (currPos < nodeList.getLength()) {
+      currPos =
+        nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
+    }
+    return result;
+  }
+
+  /**
+   * Helper method for the <code>nodeList2DocumentFragment</code>.
+   * 
+   * @param nodeList The <code>NodeList</code> to convert.
+   * @param currPos The current position in the <code>nodeList</code>.
+   * @param result The resulting <code>DocumentFragment</code>.
+   * @param currOrgElem The current original element.
+   * @param currClonedElem The current cloned element.
+   * @return The current position.
+   */
+  private static int nodeList2DocumentFragment(
+    NodeList nodeList,
+    int currPos,
+    DocumentFragment result,
+    Element currOrgElem,
+    Element currClonedElem) {
+
+    while (currPos < nodeList.getLength()) {
+      Node currentNode = nodeList.item(currPos);
+      switch (currentNode.getNodeType()) {
+        case Node.COMMENT_NODE :
+        case Node.PROCESSING_INSTRUCTION_NODE :
+        case Node.TEXT_NODE :
+          {
+            // Append current node either to resulting DocumentFragment or to 
+            // current cloned Element
+            if (null == currClonedElem) {
+              result.appendChild(
+                result.getOwnerDocument().importNode(currentNode, false));
+            } else {
+              // Stop processing if current Node is not a descendant of 
+              // current Element
+              if (!isAncestor(currOrgElem, currentNode)) {
+                return --currPos;
+              }
+
+              currClonedElem.appendChild(
+                result.getOwnerDocument().importNode(currentNode, false));
+            }
+            break;
+          }
+
+        case Node.ELEMENT_NODE :
+          {
+            Element nextCurrOrgElem = (Element) currentNode;
+            Element nextCurrClonedElem =
+              result.getOwnerDocument().createElementNS(
+                nextCurrOrgElem.getNamespaceURI(),
+                nextCurrOrgElem.getNodeName());
+
+            // Append current Node either to resulting DocumentFragment or to 
+            // current cloned Element
+            if (null == currClonedElem) {
+              result.appendChild(nextCurrClonedElem);
+              currOrgElem = nextCurrOrgElem;
+              currClonedElem = nextCurrClonedElem;
+            } else {
+              // Stop processing if current Node is not a descendant of
+              // current Element
+              if (!isAncestor(currOrgElem, currentNode)) {
+                return --currPos;
+              }
+
+              currClonedElem.appendChild(nextCurrClonedElem);
+            }
+
+            // Process current Node (of type Element) recursively
+            currPos =
+              nodeList2DocumentFragment(
+                nodeList,
+                ++currPos,
+                result,
+                nextCurrOrgElem,
+                nextCurrClonedElem);
+
+            break;
+          }
+
+        case Node.ATTRIBUTE_NODE :
+          {
+            Attr currAttr = (Attr) currentNode;
+
+            // GK 20030411: Hack to overcome problems with IAIK IXSIL
+            if (currAttr.getOwnerElement() == null)
+              break;
+            if (currClonedElem == null)
+              break;
+
+            // currClonedElem must be the owner Element of currAttr if 
+            // preconditions are met
+            currClonedElem.setAttributeNS(
+              currAttr.getNamespaceURI(),
+              currAttr.getNodeName(),
+              currAttr.getValue());
+            break;
+          }
+
+        default :
+          {
+            // All other nodes will be ignored
+          }
+      }
+
+      currPos++;
+    }
+
+    return currPos;
+  }
+
+  /**
+   * Check, if the given attribute is a namespace declaration.
+   * 
+   * @param attr The attribute to check.
+   * @return <code>true</code>, if the attribute is a namespace declaration,
+   * <code>false</code> otherwise.
+   */
+  private static boolean isNamespaceDeclaration(Attr attr) {
+    return Constants.XMLNS_NS_URI.equals(attr.getNamespaceURI());
+  }
+
+  /**
+   * Check, if a given DOM element is an ancestor of a given node.
+   * 
+   * @param candAnc The DOM element to check for being the ancestor.
+   * @param cand The node to check for being the child.
+   * @return <code>true</code>, if <code>candAnc</code> is an (indirect) 
+   * ancestor of <code>cand</code>; <code>false</code> otherwise.
+   */
+  public static boolean isAncestor(Element candAnc, Node cand) {
+    Node currPar = cand.getParentNode();
+
+    while (currPar != null) {
+      if (candAnc == currPar)
+        return true;
+      currPar = currPar.getParentNode();
+    }
+    return false;
+  }
+  
+  /**
+   * Selects the (first) element from a node list and returns it.
+   * 
+   * @param nl  The NodeList to get the element from.
+   * @return    The (first) element included in the node list or <code>null</code>
+   *            if the node list is <code>null</code> or empty or no element is
+   *            included in the list.
+   */
+  public static Element getElementFromNodeList (NodeList nl) {
+    if ((nl == null) || (nl.getLength() == 0)) {
+      return null;
+    }
+    for (int i=0; i<nl.getLength(); i++) {
+      Node node = nl.item(i);
+      if (node.getNodeType() == Node.ELEMENT_NODE)  {
+        return  (Element)node;
+      }
+    }
+    return null;
+  }
+  
+  /**
+   * Returns all child elements of the given element.
+   * 
+   * @param parent  The element to get the child elements from.
+   * 
+   * @return A list including all child elements of the given element.
+   *         Maybe empty if the parent element has no child elements.
+   */
+  public static List getChildElements (Element parent) {
+    Vector v = new Vector();
+    NodeList nl = parent.getChildNodes();
+    int length = nl.getLength();
+    for (int i=0; i < length; i++) {
+      Node node = nl.item(i);
+      if (node.getNodeType() == Node.ELEMENT_NODE) {
+        v.add((Element)node);
+      }
+    }
+    return v;
+  }
+  
+  /**
+   * Returns a byte array from given node.
+   * @param node
+   * @return
+   * @throws TransformerException
+   */
+  public static byte[] nodeToByteArray(Node node) throws TransformerException {
+	  Source source = new DOMSource(node);
+	  ByteArrayOutputStream out = new ByteArrayOutputStream();
+	  //StringWriter stringWriter = new StringWriter();
+	  Result result = new StreamResult(out);
+	  TransformerFactory factory = TransformerFactory.newInstance();
+	  Transformer transformer = factory.newTransformer();
+	  transformer.transform(source, result);
+	  return out.toByteArray();
+  }
+
+ 
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
new file mode 100644
index 0000000..a2e0965
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
@@ -0,0 +1,515 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.StringWriter;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.TimeZone;
+
+import org.joda.time.DateTime;
+import org.joda.time.format.DateTimeFormat;
+import org.joda.time.format.DateTimeFormatter;
+
+/**
+ * Utility for parsing and building XML type <code>dateTime</code>,
+ * according to ISO 8601.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ * @see <code>http://www.w3.org/2001/XMLSchema-datatypes"</code>
+ */
+public class DateTimeUtils {
+  /** Error messages. */
+  private static MessageProvider msg = MessageProvider.getInstance();
+
+//  /**
+//   * Builds a <code>dateTime</code> value from a <code>Calendar</code> value.
+//   * @param cal the <code>Calendar</code> value
+//   * @return the <code>dateTime</code> value
+//   */
+//  public static String buildDateTime(Calendar cal, boolean useUTC) {
+//	  
+//	  if (useUTC)
+//		  return buildDateTimeUTC(cal);
+//	  else {
+//	    StringWriter out = new StringWriter();
+//	    out.write("" + cal.get(Calendar.YEAR));
+//	    out.write("-");
+//	    out.write(to2DigitString(cal.get(Calendar.MONTH) + 1));
+//	    out.write("-");
+//	    out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH)));
+//	    out.write("T");
+//	    out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY)));
+//	    out.write(":");
+//	    out.write(to2DigitString(cal.get(Calendar.MINUTE)));
+//	    out.write(":");
+//	    out.write(to2DigitString(cal.get(Calendar.SECOND)));
+//	    int tzOffsetMilliseconds =
+//	      cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET);
+//	    if (tzOffsetMilliseconds != 0) {
+//	      int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60);
+//	      int tzOffsetHours = tzOffsetMinutes / 60;
+//	      tzOffsetMinutes -= tzOffsetHours * 60;
+//	      if (tzOffsetMilliseconds > 0) {
+//	        out.write("+");
+//	        out.write(to2DigitString(tzOffsetHours));
+//	        out.write(":");
+//	        out.write(to2DigitString(tzOffsetMinutes));
+//	      } else {
+//	        out.write("-");
+//	        out.write(to2DigitString(-tzOffsetHours));
+//	        out.write(":");
+//	        out.write(to2DigitString(-tzOffsetMinutes));
+//	      }
+//	    }
+//	    return out.toString();
+//	  }
+//  }
+  
+  /**
+   * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value.
+   * @param cal the <code>Calendar</code> value
+   * @return the <code>dateTime</code> value
+   */
+  public static String buildDateTimeUTC(Calendar cal) {
+    
+	  SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+	  f.setTimeZone(TimeZone.getTimeZone("UTC"));
+	  
+	  return f.format(cal.getTime());		
+  }
+  
+  /**
+   * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value.
+   * @param cal the <code>Calendar</code> value
+   * @return the <code>dateTime</code> value
+   */
+  public static String buildDateTimeUTC(Date cal) {
+    
+	  SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+	  f.setTimeZone(TimeZone.getTimeZone("UTC"));
+	  
+	  return f.format(cal);
+	  
+  }
+  
+  /**
+   * Builds a <code>dateTime</code> value from a <code>Calendar</code> value.
+   * @param cal the <code>Calendar</code> value
+   * @return the <code>dateTime</code> value
+   */
+  public static String buildDate(Calendar cal) {
+    StringWriter out = new StringWriter();
+    out.write("" + cal.get(Calendar.YEAR));
+    out.write("-");
+    out.write(to2DigitString(cal.get(Calendar.MONTH) + 1));
+    out.write("-");
+    out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH)));
+    return out.toString();
+  }
+  
+  /**
+   * Builds a <code>dateTime</code> value from a <code>Calendar</code> value.
+   * @param cal the <code>Calendar</code> value
+   * @return the <code>dateTime</code> value
+   */
+  public static String buildTime(Calendar cal) {
+	  StringWriter out = new StringWriter();
+	  out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY)));
+	  out.write(":");
+	  out.write(to2DigitString(cal.get(Calendar.MINUTE)));
+	  out.write(":");
+	  out.write(to2DigitString(cal.get(Calendar.SECOND)));
+	  
+	  return out.toString();
+  }
+  
+  /**
+   * Converts month, day, hour, minute, or second value
+   * to a 2 digit String.
+   * @param number the month, day, hour, minute, or second value
+   * @return 2 digit String
+   */
+  private static String to2DigitString(int number) {
+    if (number < 10)
+      return "0" + number;
+    else
+      return "" + number;
+  }
+
+  /**
+   * Parse a <code>String</code> containing a date and time instant, given in
+   * ISO 8601 format.
+   * 
+   * @param dateTime The <code>String</code> to parse.
+   * @return The <code>Date</code> representation of the contents of
+   * <code>dateTime</code>.
+   * @throws ParseException Parsing the <code>dateTime</code> failed.
+   */
+  public static Date parseDateTime(String dateTime) throws ParseException {
+    GregorianCalendar calendar;
+    long time;
+    int yearSign = 1, year, month, day;
+    int hour, minute, second;
+    double fraction = 0.0;
+    int tzSign = 1, tzHour = 0, tzMinute = 0;
+    int curPos = 0;
+    String fractStr;
+    boolean localTime = false;
+    char c;
+
+    // parse year sign
+    ensureChars(dateTime, curPos, 1);
+    c = dateTime.charAt(curPos);
+    if (c == '+' || c == '-') {
+      yearSign = c == '+' ? 1 : -1;
+      curPos++;
+    }
+
+    // parse year
+    year = parseInt(dateTime, curPos, 4);
+    curPos += 4;
+
+    // parse '-'
+    ensureChar(dateTime, curPos, '-');
+    curPos++;
+
+    // parse month
+    month = parseInt(dateTime, curPos, 2);
+    ensureValue(month, 1, 12, curPos);
+    curPos += 2;
+
+    // parse '-'
+    ensureChar(dateTime, curPos, '-');
+    curPos++;
+
+    // parse day
+    day = parseInt(dateTime, curPos, 2);
+    ensureValue(day, 1, 31, curPos);
+    curPos += 2;
+
+    // parse 'T'
+    ensureChar(dateTime, curPos, 'T');
+    curPos++;
+
+    // parse hour
+    hour = parseInt(dateTime, curPos, 2);
+    ensureValue(hour, 0, 23, curPos);
+    curPos += 2;
+
+    // parse ':'
+    ensureChar(dateTime, curPos, ':');
+    curPos++;
+
+    // parse minute
+    minute = parseInt(dateTime, curPos, 2);
+    ensureValue(minute, 0, 59, curPos);
+    curPos += 2;
+
+    // parse ':'
+    ensureChar(dateTime, curPos, ':');
+    curPos++;
+
+    // parse second
+    second = parseInt(dateTime, curPos, 2);
+    ensureValue(second, 0, 59, curPos);
+    curPos += 2;
+
+    // parse a fraction
+    if (dateTime.length() > curPos && dateTime.charAt(curPos) == '.') {
+      curPos++;
+      ensureDigits(dateTime, curPos, 1);
+      fractStr = "0.";
+      fractStr
+        += dateTime.substring(curPos, curPos + countDigits(dateTime, curPos));
+      fraction = Double.parseDouble(fractStr);
+      curPos += countDigits(dateTime, curPos);
+    }
+
+    // parse a time zone
+    if (dateTime.length() > curPos) {
+      c = dateTime.charAt(curPos);
+      if (c == 'Z') {
+        curPos++;
+      } else if (c == '+' || c == '-') {
+        // parse time zone sign
+        tzSign = c == '+' ? 1 : -1;
+        curPos++;
+
+        // parse time zone hour
+        tzHour = parseInt(dateTime, curPos, 2);
+        ensureValue(tzHour, 0, 14, curPos);
+        curPos += 2;
+
+        // parse ':'
+        ensureChar(dateTime, curPos, ':');
+        curPos++;
+
+        // parse time zone minute
+        tzMinute = parseInt(dateTime, curPos, 2);
+        ensureValue(tzMinute, 0, 59, curPos);
+        curPos += 2;
+      }
+    } else {
+      localTime = true;
+    }
+
+    // if we have characters left, it's an error
+    if (dateTime.length() != curPos) {
+      throw new ParseException(msg.getMessage("datetime.00", null), curPos);
+    }
+
+    // build the Date object
+    year = year * yearSign;
+    try {
+      calendar = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
+      calendar.set(year, month - 1, day, hour, minute, second);
+      calendar.set(Calendar.MILLISECOND, 0);
+      time = calendar.getTime().getTime();
+      time += (long) (fraction * 1000.0);
+      time -= tzSign * ((tzHour * 60) + tzMinute) * 60 * 1000;
+      if (localTime) {
+        time -= TimeZone.getDefault().getRawOffset();        
+      }
+      return new Date(time);
+    } catch (IllegalArgumentException e) {
+      throw new ParseException(msg.getMessage("datetime.00", null), curPos);
+    }
+
+  }
+
+  /**
+   * Parse an integer value.
+   * 
+   * @param str The <code>String</code> containing the digits.
+   * @param curPos The starting position.
+   * @param digits The number of digist making up the integer value.
+   * @return int The integer representation of the digits contained in
+   * <code>str</code>.
+   * @throws ParseException Parsing the integer value failed.
+   */
+  private static int parseInt(String str, int curPos, int digits)
+    throws ParseException {
+
+    ensureDigits(str, curPos, digits);
+    return Integer.parseInt(str.substring(curPos, curPos + digits));
+  }
+
+  /**
+   * Count the number of digits following <code>curPos</code>.
+   * 
+   * @param str The <code>String</code> in which to count digits.
+   * @param curPos The starting position.
+   * @return int The number of digits.
+   */
+  private static int countDigits(String str, int curPos) {
+    int i;
+
+    for (i = curPos; i < str.length() && Character.isDigit(str.charAt(i)); i++);
+    return i - curPos;
+  }
+
+  /**
+   * Ensure that a value falls in a given min/max range.
+   * 
+   * @param value The value to check.
+   * @param min The minimum allowed value.
+   * @param max The maximum allowed value.
+   * @param curPos To indicate the parsing position in the
+   * <code>ParseException</code>.
+   * @throws ParseException Thrown, if <code>value &lt; min || value &gt;
+   * max</code>
+   */
+  private static void ensureValue(int value, int min, int max, int curPos)
+    throws ParseException {
+
+    if (value < min || value > max) {
+      throw new ParseException(msg.getMessage("datetime.00", null), curPos);
+    }
+  }
+
+  /**
+   * Ensure that the given <code>String</code> has a number of characters left.
+   * 
+   * @param str The <code>String</code> to check for its length.
+   * @param curPos The starting position.
+   * @param count The minimum number of characters that <code>str</code> must
+   * contain, starting at from <code>curPos</code>.
+   * @throws ParseException Thrown, if 
+   * <code>curPos + count &gt; str.length()</code>.
+   */
+  private static void ensureChars(String str, int curPos, int count)
+    throws ParseException {
+    if (curPos + count > str.length()) {
+      throw new ParseException(msg.getMessage("datetime.00", null), curPos);
+    }
+  }
+
+  /**
+   * Ensure that a given <code>String</code> contains a certain character at a
+   * certain position.
+   * 
+   * @param str The <code>String</code> in which to look up the character. 
+   * @param curPos The position in <code>str</code> that must contain the
+   * character.
+   * @param c The character value that must be contained at position
+   * <code>curPos</code>.
+   * @throws ParseException Thrown, if the characters do not match or
+   * <code>curPos</code> is out of range.
+   */
+  private static void ensureChar(String str, int curPos, char c)
+    throws ParseException {
+
+    ensureChars(str, curPos, 1);
+    if (str.charAt(curPos) != c) {
+      throw new ParseException(msg.getMessage("datetime.00", null), curPos);
+    }
+  }
+
+  /**
+   * Ensure that a given <code>String</code> contains a number of digits,
+   * starting at a given position.
+   * 
+   * @param str The <code>String</code> to scan for digits. 
+   * @param curPos The starting postion.
+   * @param count The number of digits that must be contained in
+   * <code>str</code>, starting at <code>curPos</code>.
+   * @throws ParseException Thrown, if <code>str</code> is not long enough, or
+   * one of the characters following <code>curPos</code> in <code>str</code> is
+   * not a digit.
+   */
+  private static void ensureDigits(String str, int curPos, int count)
+    throws ParseException {
+
+    ensureChars(str, curPos, count);
+    for (int i = curPos; i < curPos + count; i++) {
+      if (!Character.isDigit(str.charAt(i))) {
+        throw new ParseException(msg.getMessage("datetime.00", null), curPos);
+      }
+    }
+  }
+  
+  /**
+   * Calculates the age if date of birth is given (for a calendar time stamp)
+   * @param dateOfBirth Date of Birth
+   * @param now Calendar time stamp at which the age needs to be calculated for
+   * @return Age of a person
+   */
+  public static int calcAge(Calendar dateOfBirth, Calendar now) {
+      int age = now.get(Calendar.YEAR) - dateOfBirth.get(Calendar.YEAR);
+      
+      int nowM = now.get(Calendar.MONTH);
+      int dobM = dateOfBirth.get(Calendar.MONTH);
+      int nowDOM = now.get(Calendar.DAY_OF_MONTH);
+      int dobDOM = dateOfBirth.get(Calendar.DAY_OF_MONTH);
+      
+      if ((nowM < dobM) || ((nowM == dobM) && (nowDOM < dobDOM))) {
+         age--;
+      }
+      
+      if (age < 0) {
+         throw new IllegalArgumentException("Calculated age results in negative value.");
+      }
+      return age;
+   }
+
+  /**
+   * Calculates the age if date of birth is given as Calendar object
+   * @param dateOfBirth Date of Birth as Calendar object
+   * @return Age of a person
+   */
+   public static int calcAge(Calendar dateOfBirth) {
+      return calcAge(dateOfBirth, Calendar.getInstance());
+   }
+
+   /**
+    * Calculates the age if date of birth is given (for a date time stamp)
+    * @param dateOfBirth Date of Birth
+    * @param now Date time stamp at which the age needs to be calculated for
+    * @return Age of a person
+    */
+   public static int calcAge(Date dateOfBirth, Date now) {
+      Calendar dob = Calendar.getInstance();
+      dob.setTime(dateOfBirth);
+      Calendar nowCal = Calendar.getInstance();
+      nowCal.setTime(now);
+      return calcAge(dob, nowCal);
+   }
+
+   /**
+    * Calculates the age if date of birth is given as Date object
+    * @param dateOfBirth Date of Birth as Date object
+    * @return Age of a person
+    */
+   public static int calcAge(Date dateOfBirth) {
+      return calcAge(dateOfBirth, new Date());
+   }
+   
+   public static String formatPEPSDateToMOADate(String pepsDate) {		
+	   
+	   if (StringUtils.isEmpty(pepsDate)) {
+		   return null;
+	   }
+	   
+	   DateTimeFormatter fmt = null;
+		
+		switch (pepsDate.length()) {
+		case 4:
+			fmt = DateTimeFormat.forPattern("yyyy");
+			break;
+		case 6:
+			fmt = DateTimeFormat.forPattern("yyyyMM");
+			break;
+		case 8:
+			fmt = DateTimeFormat.forPattern("yyyyMMdd");
+			break;
+		default:
+			fmt = DateTimeFormat.forPattern("yyyy-MM-dd");
+			break;
+		}	
+		
+		DateTime dt = fmt.parseDateTime(pepsDate);
+		DateTimeFormatter fmt2 = DateTimeFormat.forPattern("yyyy-MM-dd");
+		return fmt2.print(dt);
+		
+	}
+   
+   /**
+    * Returns a date as String using a provided format
+    * @param format Format the date/time should be returned
+    * @return Date/Time as String formatted according the provided format
+    */
+   public static String getDateTimeWithFormat(String format) {
+        DateFormat dateFormat = new SimpleDateFormat(format);
+        Date date = new Date();
+        return dateFormat.format(date);
+    }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Empty.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Empty.java
new file mode 100644
index 0000000..533b39b
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Empty.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2011 Federal Chancellery Austria and
+ * Graz University of Technology
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egovernment.moa.util;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public interface Empty {
+
+   /**
+    * Returns {@code true} if underlying object is empty.
+    *
+    * @return {@code true} if empty, {@code false} if not empty.
+    */
+   boolean isEmpty();
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/EntityResolverChain.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/EntityResolverChain.java
new file mode 100644
index 0000000..7213d03
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/EntityResolverChain.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.xml.sax.EntityResolver;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * Implementation of the <code>org.xml.sax.EntityResolver</code>,
+ * for use by a <code>org.apache.xerces.parsers.DOMParser</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class EntityResolverChain implements EntityResolver {
+  /** The <code>EntityResolver</code>s in the chain. */
+  private List resolvers = new ArrayList();
+
+  /**
+   * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)
+   */
+  public InputSource resolveEntity(String publicId, String systemId)
+    throws SAXException, IOException {
+    
+    Iterator iter;
+    
+    for (iter = resolvers.iterator(); iter.hasNext(); ) {
+      EntityResolver resolver = (EntityResolver) iter.next();
+      InputSource is = resolver.resolveEntity(publicId, systemId);
+      
+      if (is != null) {
+        return is;
+      }
+    }
+    
+    return null;
+  }
+  
+  /**
+   * Add an <code>EntityResolver</code> to the chain.
+   * 
+   * @param entityResolver The <code>EntityResolver</code> to add.
+   */
+  public void addEntityResolver(EntityResolver entityResolver) {
+    resolvers.add(entityResolver);
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
new file mode 100644
index 0000000..a70d62e
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
@@ -0,0 +1,179 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.URL;
+
+/**
+ * Utility for accessing files on the file system, and for reading from input streams.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class FileUtils {
+  
+  /**
+   * Reads a file, given by URL, into a byte array.
+   * @param urlString file URL
+   * @return file content
+   * @throws IOException on any exception thrown
+   */
+  public static byte[] readURL(String urlString) throws IOException {	  
+    URL url = new URL(urlString);
+    InputStream in = new BufferedInputStream(url.openStream());
+    byte[] content = StreamUtils.readStream(in);
+    in.close();
+    return content;
+  }
+  /**
+   * Reads a file, given by URL, into a String.
+   * @param urlString file URL
+   * @param encoding character encoding
+   * @return file content
+   * @throws IOException on any exception thrown
+   */
+  public static String readURL(String urlString, String encoding) throws IOException {
+    byte[] content = readURL(urlString);
+    return new String(content, encoding);
+  }
+  /**
+   * Reads a file, given by filename, into a byte array.
+   * @param filename filename
+   * @return file content
+   * @throws IOException on any exception thrown
+   */
+  public static byte[] readFile(String filename) throws IOException {
+    BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename));
+    byte[] content = StreamUtils.readStream(in);
+    in.close();
+    return content;
+  }
+  /**
+   * Reads a file, given by filename, into a String.
+   * @param filename filename
+   * @param encoding character encoding
+   * @return file content
+   * @throws IOException on any exception thrown
+   */
+  public static String readFile(String filename, String encoding) throws IOException {
+    byte[] content = readFile(filename);
+    return new String(content, encoding);
+  }
+  /**
+   * Reads a file from a resource.
+   * @param name resource name
+   * @return file content as a byte array
+   * @throws IOException on any exception thrown
+   */
+  public static byte[] readResource(String name) throws IOException {
+    ClassLoader cl = FileUtils.class.getClassLoader();
+    BufferedInputStream in = new BufferedInputStream(cl.getResourceAsStream(name));
+    byte[] content = StreamUtils.readStream(in);
+    in.close();
+    return content;
+  }
+  /**
+   * Reads a file from a resource.
+   * @param name filename
+   * @param encoding character encoding
+   * @return file content
+   * @throws IOException on any exception thrown
+   */
+  public static String readResource(String name, String encoding) throws IOException {
+    byte[] content = readResource(name);
+    return new String(content, encoding);
+  }
+  
+	/**
+	 * Returns the absolute URL of a given url which is relative to the parameter root
+	 * @param url
+	 * @param root
+	 * @return String
+	 */
+	public static String makeAbsoluteURL(String url, String root) {
+		//if url is relative to rootConfigFileDirName make it absolute 					
+		
+    File keyFile;
+    String newURL = url;
+
+		if(null == url) return  null;
+    
+    if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("file:/") || url.startsWith("ftp:/")) {
+    	return url;
+    } else {
+      // check if absolute - if not make it absolute
+      keyFile = new File(url);
+      if (!keyFile.isAbsolute()) {
+        keyFile = new File(root, url);
+
+        if (keyFile.toString().startsWith("file:"))
+        	newURL = keyFile.toString();
+        
+        else
+        	newURL = keyFile.toURI().toString();
+        
+      }
+      return newURL;
+    }
+	}  
+	
+	
+	 private static void copy( InputStream fis, OutputStream fos )
+	  {
+	    try
+	    {
+	      byte[] buffer = new byte[ 0xFFFF ];
+	      for ( int len; (len = fis.read(buffer)) != -1; )
+	        fos.write( buffer, 0, len );
+	    }
+	    catch( IOException e ) {
+	      System.err.println( e );
+	    }
+	    finally {
+	      if ( fis != null )
+	        try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); }
+	      if ( fos != null )
+	        try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); }
+	    }
+	  }
+	 
+	 public static void copyFile(File src, File dest)
+	  {
+	    try
+	    {
+	      copy( new FileInputStream( src ), new FileOutputStream( dest ) );
+	    }
+	    catch( IOException e ) {
+	      e.printStackTrace();
+	    }
+	  }
+  
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
new file mode 100644
index 0000000..3d28f4f
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import iaik.x509.X509Certificate;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+
+/**
+ * Utility for creating and loading key stores.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class KeyStoreUtils {
+	
+	/**
+	 * JAVA KeyStore
+	 */
+	private static final String KEYSTORE_TYPE_JKS = "JKS";
+	
+	/**
+	 * PKCS12 KeyStore
+	 */
+	private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
+	
+	
+
+  /**
+   * Loads a key store from file.
+   * 
+   * @param keystoreType key store type
+   * @param urlString URL of key store
+   * @param password password protecting the key store
+   * @return key store loaded
+   * @throws IOException thrown while reading the key store from file
+   * @throws GeneralSecurityException thrown while creating the key store
+   */
+  public static KeyStore loadKeyStore(
+    String keystoreType,
+    String urlString,
+    String password)
+    throws IOException, GeneralSecurityException {
+
+    URL keystoreURL = new URL(urlString);
+    InputStream in = keystoreURL.openStream();
+    return loadKeyStore(keystoreType, in, password);
+  }
+  /**
+   * Loads a key store from an <code>InputStream</code>, and
+   * closes the <code>InputStream</code>.
+   * 
+   * @param keystoreType key store type
+   * @param in input stream
+   * @param password password protecting the key store
+   * @return key store loaded
+   * @throws IOException thrown while reading the key store from the stream
+   * @throws GeneralSecurityException thrown while creating the key store
+   */
+  public static KeyStore loadKeyStore(
+    String keystoreType,
+    InputStream in,
+    String password)
+    throws IOException, GeneralSecurityException {
+
+    char[] chPassword = null;
+    if (password != null)
+      chPassword = password.toCharArray();
+    KeyStore ks = KeyStore.getInstance(keystoreType);
+    ks.load(in, chPassword);
+    in.close();
+    return ks;
+  }
+  /**
+   * Creates a key store from X509 certificate files, aliasing them with
+   * the index in the <code>String[]</code>, starting with <code>"0"</code>.
+   * 
+   * @param keyStoreType key store type
+   * @param certFilenames certificate filenames
+   * @return key store created
+   * @throws IOException thrown while reading the certificates from file
+   * @throws GeneralSecurityException thrown while creating the key store
+   */
+  public static KeyStore createKeyStore(
+    String keyStoreType,
+    String[] certFilenames)
+    throws IOException, GeneralSecurityException {
+
+    KeyStore ks = KeyStore.getInstance(keyStoreType);
+    ks.load(null, null);
+    for (int i = 0; i < certFilenames.length; i++) {
+      Certificate cert = loadCertificate(certFilenames[i]);
+      ks.setCertificateEntry("" + i, cert);
+    }
+    return ks;
+  }
+  /**
+   * Creates a key store from a directory containg X509 certificate files, 
+   * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
+   * All the files in the directory are considered to be certificates.
+   * 
+   * @param keyStoreType key store type
+   * @param certDirURLString file URL of directory containing certificate filenames
+   * @return key store created
+   * @throws IOException thrown while reading the certificates from file
+   * @throws GeneralSecurityException thrown while creating the key store
+   */
+  public static KeyStore createKeyStoreFromCertificateDirectory(
+    String keyStoreType,
+    String certDirURLString)
+    throws IOException, GeneralSecurityException {
+
+    URL certDirURL = new URL(certDirURLString);
+    String certDirname = certDirURL.getFile();
+    File certDir = new File(certDirname);
+    String[] certFilenames = certDir.list();
+    String separator =
+      (certDirname.endsWith(File.separator) ? "" : File.separator);
+    for (int i = 0; i < certFilenames.length; i++) {
+      certFilenames[i] = certDirname + separator + certFilenames[i];
+    }
+    return createKeyStore(keyStoreType, certFilenames);
+  }
+
+  /**
+   * Loads an X509 certificate from file.
+   * @param certFilename filename
+   * @return the certificate loaded
+   * @throws IOException thrown while reading the certificate from file
+   * @throws GeneralSecurityException thrown while creating the certificate
+   */
+  private static Certificate loadCertificate(String certFilename)
+    throws IOException, GeneralSecurityException {
+
+    FileInputStream in = new FileInputStream(certFilename);
+    Certificate cert = new X509Certificate(in);
+    in.close();
+    return cert;
+  }
+  
+ 
+	/**
+	 * Loads a keyStore without knowing the keyStore type
+	 * @param keyStorePath URL to the keyStore
+	 * @param password Password protecting the keyStore
+	 * @return keyStore loaded
+	 * @throws KeyStoreException thrown if keyStore cannot be loaded
+	 * @throws FileNotFoundException 
+	 * @throws IOException 
+	 */
+  public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{
+		
+		//InputStream is = new FileInputStream(keyStorePath);
+	  	URL keystoreURL = new URL(keyStorePath);
+	    InputStream in = keystoreURL.openStream();
+		InputStream isBuffered = new BufferedInputStream(in);				
+		return loadKeyStore(isBuffered, password);
+		
+	}
+	
+	/**
+	 * Loads a keyStore without knowing the keyStore type
+	 * @param in input stream
+	 * @param password Password protecting the keyStore
+	 * @return keyStore loaded
+	 * @throws KeyStoreException thrown if keyStore cannot be loaded
+	 * @throws FileNotFoundException 
+	 * @throws IOException 
+	 */
+public static KeyStore loadKeyStore(InputStream is, String password) throws KeyStoreException, IOException{		
+		is.mark(1024*1024);
+		KeyStore ks = null;
+		try {
+			try {				
+				ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password);
+			} catch (IOException e2) {
+				is.reset();				
+				ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password);
+			}
+		} catch(Exception e) {			
+			e.printStackTrace();
+			//throw new KeyStoreException(e);
+		}
+		return ks;	
+						
+	}
+  
+	
+
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
new file mode 100644
index 0000000..7a79bd9
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.IOException;
+
+import org.xml.sax.EntityResolver;
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+import org.xml.sax.helpers.DefaultHandler;
+
+/**
+ * A <code>DefaultHandler</code> that uses a <code>MOAEntityResolver</code> and
+ * a <code>MOAErrorHandler</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOADefaultHandler extends DefaultHandler {
+  /** The <code>EntityResolver</code> to use. */
+  private EntityResolver entityResolver;
+  /** The <code>ErrorHandler</code> to use. */
+  private ErrorHandler errorHandler;
+
+  /**
+   * Create a new <code>MOADefaultHandler</code>.
+   */
+  public MOADefaultHandler() {
+    entityResolver = new MOAEntityResolver();
+    errorHandler = new MOAErrorHandler();
+  }
+
+  /**
+   * Create a new <code>MOADefaultHandler</code>.
+   * 
+   * @param entityResolver The <code>EntityResolver</code> to use for resolving
+   * external entities.
+   * @param errorHandler The <code>ErrorHandler</code> to use for reporting
+   * parsing errors.
+   */
+  public MOADefaultHandler(
+    EntityResolver entityResolver,
+    ErrorHandler errorHandler) {
+
+    this.entityResolver = entityResolver;
+    this.errorHandler = errorHandler;
+  }
+
+  /**
+   * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)
+   */
+  public InputSource resolveEntity(String publicId, String systemId)
+    throws SAXException {
+    try {
+      return entityResolver.resolveEntity(publicId, systemId);
+    } catch (IOException e) {
+      return null;
+    }
+  }
+
+  /**
+   * @see org.xml.sax.ErrorHandler#warning(org.xml.sax.SAXParseException)
+   */
+  public void warning(SAXParseException exception) throws SAXException {
+    errorHandler.warning(exception);
+  }
+
+  /**
+   * @see org.xml.sax.ErrorHandler#error(org.xml.sax.SAXParseException)
+   */
+  public void error(SAXParseException exception) throws SAXException {
+    errorHandler.error(exception);
+  }
+
+  /**
+   * @see org.xml.sax.ErrorHandler#fatalError(org.xml.sax.SAXParseException)
+   */
+  public void fatalError(SAXParseException exception) throws SAXException {
+    errorHandler.fatalError(exception);
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
new file mode 100644
index 0000000..8f3ffd4
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.InputStream;
+
+import org.apache.xerces.util.URI;
+import org.apache.xerces.util.URI.MalformedURIException;
+import org.xml.sax.EntityResolver;
+import org.xml.sax.InputSource;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * An <code>EntityResolver</code> that looks up entities stored as
+ * local resources.
+ * 
+ * <p>The following DTDs are mapped to local resources: 
+ * <ul>
+ * <li>The XMLSchema.dtd</li>
+ * <li>The datatypes.dtd</li>
+ * </ul>
+ * </p>
+ * <p>For all other resources, an attempt is made to resolve them as resources,
+ * either absolute or relative to <code>Constants.SCHEMA_ROOT</code>.
+ * 
+ * @author Patrick Peck
+ * @author Sven Aigner
+ */
+public class MOAEntityResolver implements EntityResolver {
+
+  /**
+   * Resolve an entity.
+   * 
+   * The <code>systemId</code> parameter is used to perform the lookup of the
+   * entity as a resource, either by interpreting the <code>systemId</code> as
+   * an absolute resource path, or by appending the last path component of
+   * <code>systemId</code> to <code>Constants.SCHEMA_ROOT</code>.
+   * 
+   * @param publicId The public ID of the resource.
+   * @param systemId The system ID of the resource.
+   * @return An <code>InputSource</code> from which the entity can be read, or
+   * <code>null</code>, if the entity could not be found.
+   * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)
+   */
+  public InputSource resolveEntity(String publicId, String systemId) {
+    InputStream stream;
+    int slashPos;
+
+    if (Logger.isDebugEnabled()) {
+      Logger.debug(
+        new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
+    }
+
+    if (publicId != null) {
+      // check if we can resolve some standard dtd's
+      if (publicId.equalsIgnoreCase("-//W3C//DTD XMLSchema 200102//EN")) {
+        return new InputSource(
+          getClass().getResourceAsStream(
+            Constants.SCHEMA_ROOT + "XMLSchema.dtd"));
+      } else if (publicId.equalsIgnoreCase("datatypes")) {
+        return new InputSource(
+          getClass().getResourceAsStream(
+            Constants.SCHEMA_ROOT + "datatypes.dtd"));
+      }
+    } else if (systemId != null) {
+      // get the URI path
+      try {
+        URI uri = new URI(systemId);
+        systemId = uri.getPath();
+       
+        if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {
+          return null;
+        }
+        
+      } catch (MalformedURIException e) {
+        return null;
+      }
+      
+      // try to get the resource from the full path
+      stream = getClass().getResourceAsStream(systemId);
+      if (stream != null) {
+        InputSource source = new InputSource(stream);
+
+        source.setSystemId(systemId);
+        return source;
+      }
+
+      // try to get the resource from the last path component
+      slashPos = systemId.lastIndexOf('/');
+      if (slashPos >= 0 && systemId.length() > slashPos) {
+        systemId = systemId.substring(slashPos + 1, systemId.length());
+        stream =
+          getClass().getResourceAsStream(Constants.SCHEMA_ROOT + systemId);
+        if (stream != null) {
+          InputSource source = new InputSource(stream);
+
+          source.setSystemId(systemId);
+          return source;
+        }
+      }
+    }
+
+    return null; // nothing found - let the parser handle the entity
+  }
+}
\ No newline at end of file
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
new file mode 100644
index 0000000..3769b26
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import org.apache.xml.utils.DefaultErrorHandler;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * An <code>ErrorHandler</code> that logs a message and throws a
+ * <code>SAXException</code> upon <code>error</code> and <code>fatal</code>
+ * parsing errors.
+ * 
+ * @author Patrick Peck
+ * @author Sven Aigner
+ */
+public class MOAErrorHandler extends DefaultErrorHandler {
+
+	
+  /**
+   * Logs a warning message.
+   * 
+   * @see org.xml.sax.ErrorHandler#warning(SAXParseException)
+   */
+  public void warning(SAXParseException exception) throws SAXException {
+    warn("parser.00", messageParams(exception), null);
+  }
+
+  /**
+   * Logs a warning and rethrows the <code>exception</code>.
+   * 
+   * @see org.xml.sax.ErrorHandler#error(SAXParseException)
+   */
+  public void error(SAXParseException exception) throws SAXException {
+	  warn("parser.01", messageParams(exception), null);
+	  
+	  // if Target attribute is missing in QualifyingProperties - don't throw exception (bug fix for old MOCCA signatures)
+	  if (exception.getMessage().startsWith("cvc-complex-type.4: Attribute 'Target' must appear on element"))
+		  warn("parser.04", new Object[] {"Attribute 'Target' must appear on element 'QualifyingProperties' - ignored for compatibility reasons."}, null);
+	  else
+		  throw exception;    
+  }
+
+  /**
+   * Logs a warning and rethrows the <code>exception</code>.
+   * 
+   * @see org.xml.sax.ErrorHandler#fatalError(SAXParseException)
+   */
+  public void fatalError(SAXParseException exception) throws SAXException {
+    warn("parser.02", messageParams(exception), null);
+    throw exception;
+  }
+
+  /**
+   * Log a warning message.
+   * 
+   * @param messageId The message ID to log.
+   * @param parameters Additional message parameters.
+   * @param t The <code>Throwable</code> to log; usually the cause of this
+   * warning.
+   */
+  private static void warn(
+    String messageId,
+    Object[] parameters,
+    Throwable t) {
+
+    MessageProvider msg = MessageProvider.getInstance();
+    Logger.warn(new LogMsg(msg.getMessage(messageId, parameters)), t);
+  }
+
+  /**
+   * Put the system id, line and column number information from the exception
+   * into an <code>Object</code> array, to provide it as a
+   * <code>MessageFormat</code> parameter.
+   * 
+   * @param e The <code>SAXParseException</code> containing the
+   * source system id and line/column numbers.
+   * @return An array containing the system id (a <code>String</code>) as well
+   * as line/column numbers (2 <code>Integer</code> objects) from the
+   * <code>SAXParseException</code>.
+   */
+  private static Object[] messageParams(SAXParseException e) {
+    return new Object[] {
+      e.getMessage(),
+      e.getSystemId(),
+      new Integer(e.getLineNumber()),
+      new Integer(e.getColumnNumber())};
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOATimer.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOATimer.java
new file mode 100644
index 0000000..acc380d
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MOATimer.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.util.Map;
+import java.util.WeakHashMap;
+
+/**
+ * A timer utility for named timers.
+ * 
+ * @author Sven Aigner
+ */
+public class MOATimer {
+
+  /** The single instance of this class. */
+  private static MOATimer instance = null;
+  /** The starting points of single timings. */
+  private static Map timemapstart = new WeakHashMap();
+  /** The end points of single timings. */
+  private static Map timemapend = new WeakHashMap();
+
+  /**
+   * Return the single instance of this class.
+   * 
+   * @return The single instance of this class.
+   */
+  public static MOATimer getInstance() {
+    if (instance == null) {
+      instance = new MOATimer();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>MOATimer</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected MOATimer() {
+    super();
+  }
+
+  /**
+   * Start timing a certain action.
+   * 
+   * The timing belonging to the action ID is garbage collected as soon as there
+   * exists no other reference to the action ID.
+   * 
+   * @param id The action ID.
+   */
+  public void startTiming(Object id) {
+    timemapstart.put(id, new Long(System.currentTimeMillis()));
+  }
+
+  /**
+   * Stop timing an action.
+   * 
+   * @param id The action ID.
+   */
+  public void stopTiming(Object id) {
+    timemapend.put(id, new Long(System.currentTimeMillis()));
+  }
+
+  /**
+   * Get the duration of an action.
+   * 
+   * @param id The action ID for which to compute the duration.
+   * @return long The duration in milliseconds between calls to
+   * <code>startTiming()</code> and <code>stopTiming()</code>. If
+   * only <code>startTiming()</code> has been called for the action, then
+   * current difference to the system time is returned. If no timing exists for
+   * the action, <code>- 1</code> is returned.
+   */
+  public long duration(Object id) {
+    if (timemapstart.containsKey(id)) {
+      long start = ((Long) timemapstart.get(id)).longValue();
+      if (timemapend.containsKey(id)) {
+        long end = ((Long) timemapend.get(id)).longValue();
+        return end - start;
+      } else {
+        return System.currentTimeMillis() - start;
+      }
+    } else
+      return -1;
+  }
+
+  /**
+   * Get the duration of an action, as a nicely formatted <code>String</code>.
+   * 
+   * @param id The action ID.
+   * @return String The <code>duration()</code> as a <code>String</code>.
+   */
+  public String durationAsString(Object id) {
+    long dur = duration(id);
+    long second = dur / 1000;
+    long mil = (dur) - (second * 1000);
+    return "Duration: " + second + "." + mil + " seconds";
+  }
+
+  /**
+   * Remove a timing.
+   * 
+   * @param id The action ID.
+   */
+  public void clearTiming(String id) {
+    if (timemapstart.containsKey(id))
+      timemapstart.remove(id);
+    if (timemapend.containsKey(id))
+      timemapend.remove(id);
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MessageProvider.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MessageProvider.java
new file mode 100644
index 0000000..1623ff1
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MessageProvider.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.util.Locale;
+
+/**
+ * A singleton wrapper around a <code>Message</code> object.
+ * 
+ * Provides the messages used in the common project.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MessageProvider {
+  /** The location of the default message resources. */
+  private static final String[] DEFAULT_MESSAGE_RESOURCES =
+    { "resources/properties/common_messages" };
+  /** The locale of the default message resources. */
+  private static final Locale[] DEFAULT_MESSAGE_LOCALES =
+    new Locale[] { new Locale("de", "AT") };
+  /** The single instance of this class. */
+  private static MessageProvider instance;
+  
+  /** The messages provided by this <code>MessageProvider</code>. */
+  private Messages messages;
+  
+  /**
+   * Return the single instance of the <code>MessageProvider</code>.
+   * 
+   * Intialilizes the <code>MessageProvider</code> with the default message
+   * locations: <code>/resources/properties/common_messages</code>.
+   * 
+   * @return The single <code>MessageProvider</code>.
+   */
+  public static synchronized MessageProvider getInstance() {
+    if (instance == null) {
+      instance =
+        new MessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+    }
+    return instance;
+  }
+
+  /**
+   * Create a <code>MessageProvider</code>.
+   * 
+   * @param resourceNames The names of the resources containing the messages.
+   * @param locales The corresponding locales.
+   */
+  protected MessageProvider(String[] resourceNames, Locale[] locales) {
+    this.messages = new Messages(resourceNames, locales);
+  }
+
+  /**
+   * Get the message corresponding to a given message ID.
+   *
+   * @param messageId The ID of the message.
+   * @param parameters The parameters to fill in into the message arguments.
+   * @return The formatted message. 
+   */
+  public String getMessage(String messageId, Object[] parameters) {
+    return messages.getMessage(messageId, parameters);
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Messages.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Messages.java
new file mode 100644
index 0000000..20de46b
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Messages.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.text.MessageFormat;
+import java.util.Locale;
+import java.util.MissingResourceException;
+import java.util.PropertyResourceBundle;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Provides access to the system messages resource used for exception handling
+ * and logging messages.
+ * 
+ * Messages must be provided as a resource bundle at the path.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class Messages {
+  /** Error message indicating that no messages are avaiable. */
+  private static final String ERROR_MESSAGES_UNAVAILABLE =
+    "Fehler in der Server-Konfiguration. "
+      + "Die Fehlertexte konnten nicht geladen werden.";
+  /** Error message indicating that the message is not available. */
+  private static final String ERROR_NO_MESSAGE =
+    "No errormesseage for error with number.={0}";
+
+  /** The names of the resources containing the messages. */
+  private String[] resourceNames;
+  /** The corresponding <code>Locale</code>s of the resources. */
+  private Locale[] locales;
+  /** The <code>ResourceBundle</code>s containing the messages. */
+  private ResourceBundleChain messages;
+
+  /**
+   * Create a new <code>Message</code> object containing the messages
+   * in the given resources.
+   * 
+   * @param resourceNames The names of the resources containing the messages.
+   * @param locales The corresponding locales.
+   */
+  public Messages(String[] resourceNames, Locale[] locales) {
+    this.resourceNames = resourceNames;
+    this.locales = locales;
+    this.messages = null;
+  }
+
+  /**
+   * Get the message corresponding to a given message ID.
+   *
+   * @param messageId The ID of the message.
+   * @param parameters The parameters to fill in into the message arguments.
+   * @return The formatted message. 
+   */
+  public String getMessage(String messageId, Object[] parameters) {
+    // initialize messages
+    if (messages == null) {
+      initMessages();
+    }
+
+    // create the message
+    if (messages == null) {
+      return ERROR_MESSAGES_UNAVAILABLE;
+    } else {
+      try {
+        String rawMessage = messages.getString(messageId);
+        return MessageFormat.format(rawMessage, parameters);
+      } catch (MissingResourceException e2) {
+        // couldn't find any message -> set to default error message 
+        return MessageFormat.format(
+          ERROR_NO_MESSAGE,
+          new Object[] { messageId });
+      }
+    }
+  }
+
+  /**
+   * Return the names of the resources containing the messages.
+   * 
+   * @return String[] The names of the resource bundles containing the messages.
+   */
+  private String[] getResourceNames() {
+    return resourceNames;
+  }
+
+  /**
+   * Return the <code>Locale</code>s of the resources containing the messages.
+   * 
+   * @return Locale[] The <code>Locale</code>s of the resource bundles
+   * containing the messages.
+   */
+  private Locale[] getLocales() {
+    return locales;
+  }
+
+  /**
+   * Initialize the <code>messages</code> <code>ResourceBundle</code> containing
+   * the MOA error messages.
+   */
+  private void initMessages() {
+    messages = new ResourceBundleChain();
+    int i;
+
+    // initialize the message resources
+    for (i = 0; i < resourceNames.length; i++) {
+      try {
+        messages.addResourceBundle(
+          PropertyResourceBundle.getBundle(
+            getResourceNames()[i],
+            getLocales()[i]));
+      } catch (MissingResourceException e) {
+        Logger.error(ERROR_MESSAGES_UNAVAILABLE, e);
+      }
+    }
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java
new file mode 100644
index 0000000..2a5e1b8
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java
@@ -0,0 +1,303 @@
+/*
+ * Copyright 2011 Federal Chancellery Austria and
+ * Graz University of Technology
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egovernment.moa.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Collection;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.Iterator;
+import java.util.Properties;
+
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamResult;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.ex.EgovUtilException;
+
+
+
+/**
+ * Class providing several utility methods.
+ * 
+ * @author <a href="mailto:Arne.Tauber@egiz.gv.at">Arne Tauber</a>
+ * 
+ */
+public class MiscUtil {
+
+	public static final String DEFAULT_SLASH = "/";
+
+	private static final int IO_BUFFER_SIZE = 4 * 1024;  
+	
+	public static void copyStream(InputStream is, OutputStream os) throws IOException {
+		byte[] b = new byte[IO_BUFFER_SIZE];  
+		int read;  
+		while ((read = is.read(b)) != -1) {  
+		os.write(b, 0, read);  
+		}  
+	}
+	
+	public static void assertNotNull(Object param, String name) {
+		if (param == null) {
+			throw new NullPointerException(name + " must not be null.");
+		}
+	}
+
+	public static boolean areAllNull(Object... objects) {
+		for (Object o : objects) {
+			if (o != null) {
+				return false;
+			}
+		}
+		return true;
+	}
+
+	public static String extractContentType(String contentTypeString) {
+		if (contentTypeString == null) {
+			return "";
+		}
+		if (contentTypeString.indexOf(";") != -1) {
+			return contentTypeString.substring(0, contentTypeString.indexOf(";"));
+		}
+		return contentTypeString;
+	}
+
+	public static XMLGregorianCalendar getXMLGregorianCalendar(Date date)
+	    throws DatatypeConfigurationException {
+		GregorianCalendar cal = (GregorianCalendar) GregorianCalendar.getInstance();
+		cal.setTime(date);
+		return DatatypeFactory.newInstance().newXMLGregorianCalendar(cal);
+	}
+
+	public static XMLGregorianCalendar getXMLGregorianCalendar(String str)
+	    throws DatatypeConfigurationException {
+		return DatatypeFactory.newInstance().newXMLGregorianCalendar(str);
+	}
+
+	public static X509Certificate readCertificate(InputStream certStream)
+	    throws CertificateException {
+		CertificateFactory cf = CertificateFactory.getInstance("X.509");
+		return (X509Certificate) cf.generateCertificate(certStream);
+	}
+
+	public static boolean isEmpty(String str) {
+		return str == null || "".equals(str);
+	}
+
+	public static boolean isNotEmpty(String str) {
+		return str != null && !"".equals(str);
+	}
+
+	public static byte[] sourceToByteArray(Source result)
+	    throws TransformerException {
+		TransformerFactory factory = TransformerFactory.newInstance();
+		Transformer transformer = factory.newTransformer();
+		transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+		transformer.setOutputProperty(OutputKeys.METHOD, "xml");
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		StreamResult streamResult = new StreamResult();
+		streamResult.setOutputStream(out);
+		transformer.transform(result, streamResult);
+		return out.toByteArray();
+	}
+
+//	public static Document parseDocument(InputStream inputStream)
+//	    throws IOException {
+//		try {
+//			DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory
+//			    .newInstance();
+//			docBuilderFactory.setNamespaceAware(true);
+//			DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
+//			return docBuilder.parse(inputStream);
+//		} catch (ParserConfigurationException e) {
+//			throw new IOException(e);
+//		} catch (SAXException e) {
+//			throw new IOException(e);
+//		}
+//	}
+
+	public static String removePrecedingSlash(String path, String slash) {
+		assertNotEmpty(slash, "Shash");
+		if (!isEmpty(path)) {
+			while (path.startsWith(slash)) {
+				path = path.substring(slash.length(), path.length());
+			}
+		}
+		return path;
+	}
+
+	public static String removePrecedingSlash(String path) {
+		return removePrecedingSlash(path, DEFAULT_SLASH);
+	}
+
+	public static void assertNotEmpty(String param, String name) {
+		if (param == null) {
+			throw new NullPointerException(name + " must not be null.");
+		}
+		if (param.length() == 0) {
+			throw new IllegalArgumentException(name + " must not be empty.");
+		}
+	}
+
+	@SuppressWarnings("rawtypes")
+  public static boolean isEmpty(Properties props) {
+		if (props == null || props.isEmpty()) {
+			return true;
+		}
+		Iterator it = props.values().iterator();
+		while (it.hasNext()) {
+			if (MiscUtil.isNotEmpty((String) it.next())) {
+				return false;
+			}
+		}
+		return true;
+	}
+
+	public static boolean isEmpty(Empty empty) {
+		return empty == null || empty.isEmpty();
+	}
+
+	public static boolean isNotEmpty(Empty empty) {
+		return !isEmpty(empty);
+	}
+
+	public static boolean isEmpty(byte[] data) {
+		return data == null || data.length == 0;
+	}
+
+	public static boolean isNotEmpty(byte[] data) {
+		return !isEmpty(data);
+	}
+
+	public static <T> boolean isEmpty(Collection<T> c) {
+		return c == null || c.isEmpty();
+	}
+
+	public static <T> boolean isNotEmpty(Collection<T> c) {
+		return !isEmpty(c);
+	}
+
+	public static boolean areAllEmpty(String... strings) {
+		for (String s : strings) {
+			if (s != null && s.trim().length() != 0) {
+				return false;
+			}
+		}
+		return true;
+	}
+
+	public static boolean areAllEmpty(Empty... empties) {
+		if (empties != null) {
+			for (Empty e : empties) {
+				if (e != null && !e.isEmpty()) {
+					return false;
+				}
+			}
+		}
+		return true;
+	}
+
+	public static <T> void assertNotEmpty(T[] param, String name) {
+		if (param == null) {
+			throw new NullPointerException(name + " must not be null.");
+		}
+		if (param.length == 0) {
+			throw new IllegalArgumentException(name + " must not be empty.");
+		}
+	}
+
+	public static void assertNotEmpty(Empty empty, String name) {
+		if (empty == null) {
+			throw new NullPointerException(name + " must not be null.");
+		}
+		if (empty.isEmpty()) {
+			throw new IllegalArgumentException(name + " must not be empty.");
+		}
+	}
+
+	public static void assertNotEmpty(byte[] param, String name) {
+		if (param == null) {
+			throw new NullPointerException(name + " must not be null.");
+		}
+		if (param.length == 0) {
+			throw new IllegalArgumentException(name + " must not be empty.");
+		}
+	}
+
+	public static Date parseXMLDate(String xmlDate) throws EgovUtilException {
+		if (xmlDate == null) {
+			return null;
+		}
+		SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
+		try {
+			return sdf.parse(xmlDate);
+		} catch (ParseException e) {
+			throw new EgovUtilException(e);
+		}
+	}
+
+	public static <T> boolean isEmpty(T[] array) {
+		return array == null || array.length == 0;
+	}
+
+	public static <T> boolean isNotEmpty(T[] array) {
+		return !isEmpty(array);
+	}
+
+	public static String convertDateFromStandardToXML(String dateString) {
+		MiscUtil.assertNotNull(dateString, "dateString");
+		Date date = parseDate(dateString);
+		return formatDate(date, "yyyy-MM-dd");
+	}
+	
+	public static Date parseDate(String dateString) {
+		return parseDate(dateString, "dd.MM.yyyy");
+	}
+	
+	public static Date parseDate(String dateString, String pattern) {
+		MiscUtil.assertNotNull(dateString, "dateString");
+		MiscUtil.assertNotNull(pattern, "pattern");
+		SimpleDateFormat sdf = new SimpleDateFormat(pattern);
+		try {
+	    return sdf.parse(dateString);
+    } catch (ParseException e) {
+    	Logger.warn("Error parsing date.", e);
+	    return null;
+    }
+	}	
+	
+	public static String formatDate(Date date, String format) {
+		SimpleDateFormat sdf = new SimpleDateFormat(format);
+		return sdf.format(date);
+	}
+  
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
new file mode 100644
index 0000000..fdc8232
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.util.ListIterator;
+
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Node;
+import org.w3c.dom.traversal.NodeFilter;
+import org.w3c.dom.traversal.NodeIterator;
+
+/**
+ * A <code>NodeIterator</code> implementation based on a
+ * <code>ListIterator</code>.
+ * 
+ * @see java.util.ListIterator
+ * @see org.w3c.dom.traversal.NodeIterator
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class NodeIteratorAdapter implements NodeIterator {
+
+  /** The <code>ListIterator</code> to wrap. */
+  private ListIterator nodeIterator;
+
+  /**
+   * Create a new <code>NodeIteratorAdapter</code>.
+   * @param nodeIterator The <code>ListIterator</code> to iterate over.
+   */
+  public NodeIteratorAdapter(ListIterator nodeIterator) {
+    this.nodeIterator = nodeIterator;
+  }
+
+  /**
+   * @see org.w3c.dom.traversal.NodeIterator#getRoot()
+   */
+  public Node getRoot() {
+    return null;
+  }
+
+  /**
+   * @see org.w3c.dom.traversal.NodeIterator#getWhatToShow()
+   */
+  public int getWhatToShow() {
+    return NodeFilter.SHOW_ALL;
+  }
+
+  /**
+   * @see org.w3c.dom.traversal.NodeIterator#getFilter()
+   */
+  public NodeFilter getFilter() {
+    return null;
+  }
+
+  /**
+   * @see org.w3c.dom.traversal.NodeIterator#getExpandEntityReferences()
+   */
+  public boolean getExpandEntityReferences() {
+    return false;
+  }
+
+  /**
+   * @see org.w3c.dom.traversal.NodeIterator#nextNode()
+   */
+  public Node nextNode() throws DOMException {
+    if (nodeIterator.hasNext()) {
+      return (Node) nodeIterator.next();
+    }
+    return null;
+  }
+
+  /**
+   * @see org.w3c.dom.traversal.NodeIterator#previousNode()
+   */
+  public Node previousNode() throws DOMException {
+    if (nodeIterator.hasPrevious()) {
+      return (Node) nodeIterator.previous();
+    }
+    return null;
+  }
+
+  /**
+   * @see org.w3c.dom.traversal.NodeIterator#detach()
+   */
+  public void detach() {
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
new file mode 100644
index 0000000..e39cc02
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.util.List;
+
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * A <code>NodeList</code> implementation based on a <code>List</code>.
+ * 
+ * @see java.util.List
+ * @see org.w3c.dom.NodeList
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class NodeListAdapter implements NodeList {
+  /** The <code>List</code> to wrap. */
+  private List nodeList;
+  
+  /**
+   * Create a new <code>NodeListAdapter</code>.
+   * 
+   * @param nodeList The <code>List</code> containing the nodes. 
+   */
+  public NodeListAdapter(List nodeList) {
+    this.nodeList = nodeList;
+  }
+
+  /**
+   * @see org.w3c.dom.NodeList#item(int)
+   */
+  public Node item(int index) {
+    return (Node) nodeList.get(index);
+  }
+
+  /**
+   * @see org.w3c.dom.NodeList#getLength()
+   */
+  public int getLength() {
+    return nodeList.size();
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java
new file mode 100644
index 0000000..e3f8f75
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/*
+ * Created on 26.04.2004
+ *
+ * @author rschamberger
+ * $ID$
+ */
+package at.gv.egovernment.moa.util;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * utility functions to write XML data to files
+ * @author rschamberger
+ * @version $Id$
+ */
+public class OutputXML2File {
+
+	/**
+	 * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8)
+	 * 
+	 * @param filename file name
+	 * @param rootElem root element in DOM tree
+	 * @param hierarchy of the Logger
+	 */
+	public static void debugOutputXML2File(String filename, Element rootElem, String hierarchy) {
+		if (Logger.isDebugEnabled(hierarchy)) {
+			outputXML2File(filename, rootElem);
+		}
+	}
+	
+	/**
+	 * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8)
+	 * 
+	 * @param filename file name
+	 * @param xmlString XML string
+	 * @param hierarchy of the Logger 
+	 */
+	public static void debugOutputXML2File(String filename, String xmlString, String hierarchy) {
+		if (Logger.isDebugEnabled(hierarchy)) {
+			outputXML2File(filename, xmlString);
+		}
+	}
+
+	/**
+	 * writes an XML structure to file (Encoding: UTF-8)
+	 * 
+	 * @param filename file name
+	 * @param rootElem root element in DOM tree
+	 */
+	public static void outputXML2File(String filename, Element rootElem) {
+		try {
+			String xmlString = new String(DOMUtils.serializeNode(rootElem));
+			outputXML2File(filename, xmlString);
+		} catch (Exception ex) {
+			ex.printStackTrace();
+		}
+	}
+	
+	/**
+	 * writes an XML structure to file (Encoding: UTF-8)
+	 * 
+	 * @param filename file name
+	 * @param xmlString XML string
+	 */
+	public static void outputXML2File(String filename, String xmlString) {
+		try {
+			java.io.OutputStream fout = new java.io.FileOutputStream(filename);
+			byte[] xmlData = xmlString.getBytes("UTF-8");
+			fout.write(xmlData);
+			fout.close();
+		} catch (Exception ex) {
+			ex.printStackTrace();
+		}
+	}
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/ResourceBundleChain.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/ResourceBundleChain.java
new file mode 100644
index 0000000..234ed89
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/ResourceBundleChain.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+/**
+ * A class to chain <code>ResourceBundle</code>s.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ResourceBundleChain {
+  /** Error message indicating the resource is not available. */
+  private static final String ERROR_MISSING_RESOURCE = "Missing resource";
+  /** The <code>ResourceBundle</code>s contained in this chain. */
+  private List resourceBundles = new ArrayList();
+
+  /**
+   * Add a <code>ResourceBundle</code> to the chain.
+   * 
+   * @param resourceBundle The <code>ResourceBundle</code> to add.
+   */
+  public void addResourceBundle(ResourceBundle resourceBundle) {
+    resourceBundles.add(resourceBundle);
+  }
+
+  /**
+   * Return the value of the resource.
+   * 
+   * @param key The key to access the <code>String</code> resource.
+   * @return The resource value. All the registered <code>ResourceBundle</code>s
+   * are searched in the order in which they have previously been added to this
+   * <code>ResourceBundleChain</code>.
+   * @throws MissingResourceException The resource coult not be found in any of
+   * the bundles.
+   */
+  public String getString(String key) throws MissingResourceException {
+    MissingResourceException lastException = null;
+    Iterator iter;
+
+    // handle case where no resource bundles have been added
+    if (resourceBundles.size() == 0) {
+      throw new MissingResourceException(
+        ERROR_MISSING_RESOURCE,
+        this.getClass().getName(),
+        key);
+    }
+
+    // try to find the resource in one of the bundles; if it cannot be found,
+    // return the exception thrown by the last bundle in the list
+    for (iter = resourceBundles.iterator(); iter.hasNext();) {
+      ResourceBundle resourceBundle = (ResourceBundle) iter.next();
+      try {
+        String value = resourceBundle.getString(key);
+        return value;
+      } catch (MissingResourceException e) {
+        lastException = e;
+      }
+    }
+    throw lastException;
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
new file mode 100644
index 0000000..c2c67ec
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
@@ -0,0 +1,244 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+/**
+ * Utility for connecting to server applications via SSL.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtils {
+	
+	/**
+	 * Creates an <code>SSLSocketFactory</code> which utilizes the given trust store.
+	 * 
+   * @param trustStoreType key store type of trust store
+   * @param trustStoreInputStream input stream for reading JKS trust store containing
+   * 				 trusted server certificates; if <code>null</code>, the default
+   * 				 trust store will be utilized
+   * @param trustStorePassword if provided, it will be used to check 
+   * 				 the integrity of the trust store; if omitted, it will not be checked
+   * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+   * @throws IOException thrown while reading from the input stream
+   * @throws GeneralSecurityException thrown while creating the socket factory
+	 */
+  public static SSLSocketFactory getSSLSocketFactory(
+  	String trustStoreType,
+  	InputStream trustStoreInputStream,
+  	String trustStorePassword)
+ 	  throws IOException, GeneralSecurityException {
+  		
+	  TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword);
+		SSLContext ctx = SSLContext.getInstance("TLS");
+		ctx.init(null, tms, null);
+
+    SSLSocketFactory sf = ctx.getSocketFactory();
+  	return sf;
+  }
+	/**
+	 * Creates an <code>SSLSocketFactory</code> which utilizes the
+	 * given trust store and keystore.
+	 * 
+   * @param trustStore trust store containing trusted server certificates; 
+   * 				 if <code>null</code>, the default trust store will be utilized
+   * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+   * @param clientKeyStoreURL URL of key store containing keys to be used for
+   * 				 client authentication; if <code>null</code>, the default key store will be utilized
+   * @param clientKeyStorePassword if provided, it will be used to check 
+   * 				 the integrity of the client key store; if omitted, it will not be checked
+   * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+   * @throws IOException thrown while reading key store file
+   * @throws GeneralSecurityException thrown while creating the socket factory
+	 */
+  public static SSLSocketFactory getSSLSocketFactory(
+  	KeyStore trustStore,
+  	String clientKeyStoreType,
+  	String clientKeyStoreURL,
+  	String clientKeyStorePassword)
+ 	  throws IOException, GeneralSecurityException {
+  		
+		SSLContext ctx = getSSLContext(
+			trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+    SSLSocketFactory sf = ctx.getSocketFactory();
+  	return sf;
+  }
+	/**
+	 * Creates an <code>SSLContext</code> initialized for the
+	 * given trust store and keystore.
+	 * 
+   * @param trustStore trust store containing trusted server certificates; 
+   * 				 if <code>null</code>, the default trust store will be utilized
+   * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+   * @param clientKeyStoreURL URL of key store containing keys to be used for
+   * 				 client authentication; if <code>null</code>, the default key store will be utilized
+   * @param clientKeyStorePassword if provided, it will be used to check 
+   * 				 the integrity of the client key store; if omitted, it will not be checked
+   * @return <code>SSLContext</code> to be used for creating an <code>SSLSocketFactory</code>
+   * @throws IOException thrown while reading key store file
+   * @throws GeneralSecurityException thrown while creating the SSL context
+	 */
+  public static SSLContext getSSLContext(
+  	KeyStore trustStore,
+  	String clientKeyStoreType,
+  	String clientKeyStoreURL,
+  	String clientKeyStorePassword)
+ 	  throws IOException, GeneralSecurityException {
+  		
+ 	  TrustManager[] tms = getTrustManagers(trustStore);
+		KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+		SSLContext ctx = SSLContext.getInstance("TLS");
+		ctx.init(kms, tms, null);
+		return ctx;
+  }
+  /**
+   * Loads the trust store from an input stream and gets the 
+   * <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
+	 * initialized from the given trust store.
+   * @param trustStoreType key store type of trust store
+   * @param trustStoreInputStream input stream for reading JKS trust store containing
+   * 				 trusted server certificates; if <code>null</code>, the default
+   * 				 trust store will be utilized
+   * @param trustStorePassword if provided, it will be used to check 
+   * 				 the integrity of the trust store; if omitted, it will not be checked
+	 * @return <code>TrustManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given trust store
+   * @throws IOException thrown while reading from the input stream
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>TrustManagerFactory</code>
+   */
+	protected static TrustManager[] getTrustManagers(
+		String trustStoreType,
+		InputStream trustStoreInputStream,
+  	String trustStorePassword)
+	  throws IOException, GeneralSecurityException {
+	  	
+	  if (trustStoreInputStream == null)
+	  	return null;
+
+	  // Set up the TrustStore to use. We need to load the file into
+	  // a KeyStore instance.
+		KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword);
+		return getTrustManagers(trustStore);
+	}
+	/**
+	 * Gets the <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
+	 * initialized from the given trust store.
+	 * 
+	 * @param trustStore the trust store to use
+	 * @return <code>TrustManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given trust store
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>TrustManagerFactory</code>
+	 */
+	protected static TrustManager[] getTrustManagers(KeyStore trustStore)
+	  throws GeneralSecurityException {
+	  	
+	  if (trustStore == null)
+	  	return null;
+
+	  // Initialize the default TrustManagerFactory with this KeyStore
+	  String alg=TrustManagerFactory.getDefaultAlgorithm();
+	  TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
+	  tmFact.init(trustStore);
+	
+	  // And now get the TrustManagers
+	  TrustManager[] tms=tmFact.getTrustManagers();
+	  return tms;
+	}
+  /**
+   * Loads the client key store from file and gets the 
+   * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+	 * initialized from the given client key store.
+   * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+   * @param clientKeyStoreURL URL of key store containing keys to be used for
+   * 				 client authentication; if <code>null</code>, the default key store will be utilized
+   * @param clientKeyStorePassword password used to check the integrity of the client key store; 
+   * 				 if <code>null</code>, it will not be checked
+	 * @return <code>KeyManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store
+   * @throws IOException thrown while reading from the key store file
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>KeyManagerFactory</code>
+   */
+  public static KeyManager[] getKeyManagers (
+		String clientKeyStoreType,
+		String clientKeyStoreURL,
+  	String clientKeyStorePassword)
+	  throws IOException, GeneralSecurityException {
+  
+  	if (clientKeyStoreURL == null)
+  		return null;
+  		
+	  // Set up the KeyStore to use. We need to load the file into
+	  // a KeyStore instance.
+	  KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
+	  	clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+		return getKeyManagers(clientKeyStore, clientKeyStorePassword);
+	}  
+  /**
+   * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+	 * initialized from the given client key store.
+   * @param clientKeyStore client key store
+   * @param clientKeyStorePassword if provided, it will be used to check 
+   * 				 the integrity of the client key store; if omitted, it will not be checked
+	 * @return <code>KeyManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>KeyManagerFactory</code>
+   */
+	public static KeyManager[] getKeyManagers (
+		KeyStore clientKeyStore,
+  	String clientKeyStorePassword)
+	  throws GeneralSecurityException {
+  
+  	if (clientKeyStore == null)
+  		return null;
+  		
+	  // Now we initialize the default KeyManagerFactory with this KeyStore
+	  String alg=KeyManagerFactory.getDefaultAlgorithm();
+	  KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
+  	char[] password = null;
+  	if (clientKeyStorePassword != null)
+  		password = clientKeyStorePassword.toCharArray();
+	  kmFact.init(clientKeyStore, password);
+	
+	  // And now get the KeyManagers
+	  KeyManager[] kms=kmFact.getKeyManagers();
+	  return kms;
+	}  
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/StreamEntityResolver.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/StreamEntityResolver.java
new file mode 100644
index 0000000..b3bc8ae
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/StreamEntityResolver.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map;
+
+import org.xml.sax.EntityResolver;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * An <code>EntityResolver</code> that maps system IDs to 
+ * <code>InputStream</code>s.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class StreamEntityResolver implements EntityResolver {
+  
+  /** A mapping from Public ID or System ID to an <code>InputStream</code>
+   * containing the entity. */
+  private Map mappedEntities;
+  
+  /**
+   * Create a <code>StreamEntityResolver</code>.
+   * 
+   * @param mappedEntities A mapping from public or system IDs 
+   * (<code>String</code> objects) to <code>InputStream</code>s. 
+   */
+  public StreamEntityResolver(Map mappedEntities) {
+    this.mappedEntities = mappedEntities;
+  }
+
+  /**
+   * Resolve an entity by looking it up in the mapped entities.
+   * 
+   * First, the public ID is looked up in the mapping, then the system ID.
+   * 
+   * @param publicId The public ID of the entity.
+   * @param systemId The system ID of the entity.
+   * @return An <code>InputStream</code> containing the entity or 
+   * <code>null</code> if no entity could be found. 
+   * @throws SAXException Signalling a parsing exception.
+   * @throws IOException Error reading the entity.
+   */
+  public InputSource resolveEntity(String publicId, String systemId) 
+    throws SAXException, IOException {
+      
+    InputSource src = null;
+      
+    if (publicId != null && mappedEntities.get(publicId) != null) {
+      src = new InputSource((InputStream) mappedEntities.get(publicId));
+    } else if (systemId != null && mappedEntities.get(systemId) != null) {
+      src = new InputSource((InputStream) mappedEntities.get(systemId));
+    }
+    
+    if (src != null) {
+      src.setPublicId(publicId);
+      src.setSystemId(systemId);
+    }
+    
+    return src;
+  }
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
new file mode 100644
index 0000000..e4ccd12
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
@@ -0,0 +1,197 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+/**
+ * Utility methods for streams.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class StreamUtils {
+  
+  /**
+   * Compare the contents of two <code>InputStream</code>s.
+   * 
+   * @param is1 The 1st <code>InputStream</code> to compare.
+   * @param is2 The 2nd <code>InputStream</code> to compare.
+   * @return boolean <code>true</code>, if both streams contain the exactly the
+   * same content, <code>false</code> otherwise.
+   * @throws IOException An error occurred reading one of the streams.
+   */
+  public static boolean compareStreams(InputStream is1, InputStream is2) 
+    throws IOException {
+      
+    byte[] buf1 = new byte[256];
+    byte[] buf2 = new byte[256];
+    int length1;
+    int length2;
+  
+    try {
+      while (true) {
+        length1 = is1.read(buf1);
+        length2 = is2.read(buf2);
+        
+        if (length1 != length2) {
+          return false;
+        }
+        if (length1 <= 0) {
+          return true;
+        }
+        if (!compareBytes(buf1, buf2, length1)) {
+          return false;
+        }
+      }
+    } catch (IOException e) {
+      throw e;
+    } finally {
+      // close both streams
+      try {
+        is1.close();
+        is2.close();
+      } catch (IOException e) {
+        // ignore this
+      }
+    }
+  }
+  
+  /**
+   * Compare two byte arrays, up to a given maximum length.
+   * 
+   * @param b1 1st byte array to compare.
+   * @param b2 2nd byte array to compare.
+   * @param length The maximum number of bytes to compare.
+   * @return <code>true</code>, if the byte arrays are equal, <code>false</code>
+   * otherwise.
+   */
+  private static boolean compareBytes(byte[] b1, byte[] b2, int length) {
+    if (b1.length != b2.length) {
+      return false;
+    }
+  
+    for (int i = 0; i < b1.length && i < length; i++) {
+      if (b1[i] != b2[i]) {
+        return false;
+      }
+    }
+  
+    return true;
+  }
+
+  /**
+   * Reads a byte array from a stream.
+   * @param in The <code>InputStream</code> to read.
+   * @return The bytes contained in the given <code>InputStream</code>.
+   * @throws IOException on any exception thrown
+   */
+  public static byte[] readStream(InputStream in) throws IOException {
+
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    copyStream(in, out, null);
+		  
+		/*  
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    int b;
+    while ((b = in.read()) >= 0)
+      out.write(b);
+    
+    */
+    in.close();
+    return out.toByteArray();
+  }
+
+  /**
+   * Reads a <code>String</code> from a stream, using given encoding.
+   * @param in The <code>InputStream</code> to read.
+   * @param encoding The character encoding to use for converting the bytes
+   * of the <code>InputStream</code> into a <code>String</code>.
+   * @return The content of the given <code>InputStream</code> converted into
+   * a <code>String</code>.
+   * @throws IOException on any exception thrown
+   */
+  public static String readStream(InputStream in, String encoding) throws IOException {
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    copyStream(in, out, null);
+
+    /*
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    int b;
+    while ((b = in.read()) >= 0)
+      out.write(b);
+      */
+    in.close();
+    return out.toString(encoding);
+  }
+  
+  /**
+   * Reads all data (until EOF is reached) from the given source to the 
+   * destination stream. If the destination stream is null, all data is dropped.
+   * It uses the given buffer to read data and forward it. If the buffer is 
+   * null, this method allocates a buffer.
+   *
+   * @param source The stream providing the data.
+   * @param destination The stream that takes the data. If this is null, all
+   *                    data from source will be read and discarded.
+   * @param buffer The buffer to use for forwarding. If it is null, the method
+   *               allocates a buffer.
+   * @exception IOException If reading from the source or writing to the 
+   *                        destination fails.
+   */
+  private static void copyStream(InputStream source, OutputStream destination, byte[] buffer) throws IOException {
+    if (source == null) {
+      throw new NullPointerException("Argument \"source\" must not be null.");
+    }
+    if (buffer == null) {
+      buffer = new byte[8192];
+    }
+    
+    if (destination != null) {
+      int bytesRead;
+      while ((bytesRead = source.read(buffer)) >= 0) {
+        destination.write(buffer, 0, bytesRead);
+      }
+    } else {
+      while (source.read(buffer) >= 0);
+    }    
+  }
+  
+  /**
+   * Gets the stack trace of the <code>Throwable</code> passed in as a string.
+   * @param t The <code>Throwable</code>.
+   * @return a String representing the stack trace of the <code>Throwable</code>.
+   */
+  public static String getStackTraceAsString(Throwable t)
+  {
+    ByteArrayOutputStream stackTraceBIS = new ByteArrayOutputStream();
+    t.printStackTrace(new PrintStream(stackTraceBIS));
+    return new String(stackTraceBIS.toByteArray());
+  }
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java
new file mode 100644
index 0000000..ad879d2
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.util.StringTokenizer;
+
+/**
+ * Utitility functions for string manipulations.
+ * 
+ * @author Harald Bratko
+ */
+public class StringUtils {
+
+  /**
+   * Removes all blanks and tabs from the given string.
+   * 
+   * @param s The string to remove all blanks and tabs from.
+   * @return  The input string with all blanks and tabs removed from. 
+   */
+  public static String removeBlanks(String s) {
+    StringTokenizer st = new StringTokenizer(s);
+    StringBuffer sb = new StringBuffer(s.length());
+    while (st.hasMoreTokens()) {
+      sb.append(st.nextToken());
+    }
+    return sb.toString();
+  }
+  
+  /**
+   * Removes all occurences of the specified token from the the given string.
+   * 
+   * @param s The string to remove all occurences of the specified token from.
+   * @return  The input string with all occurences of the specified token removed from. 
+   */
+  public static String removeToken(String s, String token) {
+    StringTokenizer st = new StringTokenizer(s, token);
+    StringBuffer sb = new StringBuffer(s.length());
+    while (st.hasMoreTokens()) {
+      sb.append(st.nextToken());
+    }
+    return sb.toString();
+  }
+  
+  /**
+   * Removes all leading zeros from the input string.
+   * 
+   * @param s       The string remove the leading zeros from.
+   * @return        The input string with the leading zeros removed from.
+   */
+  public static String deleteLeadingZeros(String s) {
+    StringBuffer sb = new StringBuffer(s);
+    int l = sb.length();
+    int j = 0;
+    for (int i=0; i<l; i++) {
+      if (sb.charAt(i) == '0') {
+        j++;
+      } else {
+        break;
+      }
+    }
+    return sb.substring(j, l);
+  }
+  
+  /**
+   * Replaces each substring of string <code>s</code> that matches the given
+   * <code>search</code> string by the given <code>replace</code> string.
+   * 
+   * @param s         The string where the replacement should take place.
+   * @param search    The pattern that should be replaced.
+   * @param replace   The string that should replace all each <code>search</code>
+   *                  string within <code>s</code>.
+   * @return          A string where all occurrence of <code>search</code> are
+   *                  replaced with <code>replace</code>.
+   */
+  public static String replaceAll (String s, String search, String replace)
+  {
+     StringBuffer sb = new StringBuffer();
+     int i = 0, j = 0;
+     int len = search.length();
+     while (j > -1)
+     {
+         j = s.indexOf(search, i);
+
+         if (j > -1)
+         {
+           sb.append(s.substring(i,j));
+           sb.append(replace);
+           i = j + len;
+         }
+     }
+     
+     sb.append(s.substring(i, s.length()));
+
+     return sb.toString();
+  }
+  
+  /**
+   * Changes the SecurityLayer version in the given string.
+   * This method usually takes as input an XML structure represented in a string
+   * format and changes the SecurityLayer namespaces prefixes and URIs from
+   * one SecurityLayer version to another.
+   * e.g.: code>sl10</code> to <code>sl</code> and 
+   * <code>http://www.buergerkarte.at/namespaces/securitylayer/20020225#</code>
+   * to
+   * <code>http://www.buergerkarte.at/namespaces/securitylayer/1.2#</code> 
+   * 
+   * @param s             The string (usally an XML structure) where the
+   *                      SecurityLayer version should be changed.
+   * @param slPrefixOld   The SecurityLayer namespace prefix that should be  
+   *                      replaced by the new one.
+   * @param slPrefixNew   The new SecurityLayer namespace prefix that should 
+   *                      replace the old one.
+   * @param slNSUriOld    The SecurityLayer namespace URI that should be  
+   *                      replaced by the new one.
+   * @param slNSUriNew    The new SecurityLayer namespace URI that should 
+   *                      replace the old one.
+   * @return              A string where the SecurityLayer namespace prefixes
+   *                      and URIs are replaced by new ones.
+   */
+  public static String changeSLVersion(String s, String slPrefixOld, String slPrefixNew, String slNSUriOld, String slNSUriNew) {
+    String retString = replaceAll(s, slPrefixOld, slPrefixNew);
+    retString = replaceAll(retString, slNSUriOld, slNSUriNew);
+    return retString ;
+  }
+  
+  /**
+   * Removes the XML declaration from an XML expression.
+   * 
+   * @param xmlString XML expression as String
+   * 
+   * @return XML expression, XML declaration removed
+   */
+  public static String removeXMLDeclaration(String xmlString) {
+    if (xmlString!=null && xmlString.startsWith("<?xml")) {
+      int firstElement = xmlString.indexOf("<", 1);
+      return xmlString.substring(firstElement);
+    } else {
+      return xmlString;
+    }
+  }
+  
+  /**
+   * Checks if String is empty
+   * @param s String to be checked if empty
+   * @return True if String is empty, false otherwise
+   */
+  public static boolean isEmpty(String s) {
+     if (s == null || s.length() == 0)
+        return true;
+     else
+        return false;
+     
+  }
+  
+  
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/URLDecoder.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/URLDecoder.java
new file mode 100644
index 0000000..66739a7
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/URLDecoder.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.UnsupportedEncodingException;
+
+/**
+ * Decodes an URL encoded String using a specified character encoding.
+ * Provides a function missing in JDK 1.3. 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class URLDecoder {
+
+  /**
+   * Decodes an <code>application/x-www-form-urlencoded</code> string using a specific encoding scheme.
+   * @param s the string to decode
+   * @param encoding name of character encoding
+   * @return the newly decoded string
+   * @throws UnsupportedEncodingException if the encoding is not supported
+   */
+  public static String decode(String s, String encoding) throws UnsupportedEncodingException {
+    StringReader in = new StringReader(s);
+    ByteArrayOutputStream bout = new ByteArrayOutputStream();
+    for (int b = read(in); b >= 0; b = read(in))
+      bout.write(b);
+    return bout.toString(encoding);
+  }
+  /**
+   * Decodes the next byte from the string reader.
+   * @param in string reader
+   * @return the next byte decoded; 
+   *          -1 upon end of string, on erroneous data, and on any exception caught
+   * @todo syntax check on string
+   */
+  private static int read(StringReader in) {
+    try { 
+      int b = in.read();
+      if (b == '+')
+        return ' ';
+      if (b == '%') {
+        char[] hex = new char[2];
+        if (in.read(hex, 0, 2) >= 0) {
+          String hexString = new String(hex);
+          return Integer.valueOf(hexString, 16).intValue();
+        }
+        else
+          return -1;
+      }
+      return b;
+    } 
+    catch (IOException ex) { 
+      return -1; 
+    }
+    catch (NumberFormatException ex) { 
+      return -1; 
+    }
+  }
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java
new file mode 100644
index 0000000..e6df1fd
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+
+/**
+ * Translates a string into mime format "x-www-form-urlencoded".
+ * Provides a function missing in JDK 1.3. 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class URLEncoder {
+  
+  /**
+   * Translates a string into x-www-form-urlencoded format.
+   * @param s the string to be translated
+   * @param encoding the encoding to use
+   * @return the translated string
+   * @throws UnsupportedEncodingException when the desired encoding is not supported
+   */
+  public static String encode(String s, String encoding) throws UnsupportedEncodingException {
+//	if (MiscUtil.isEmpty(s))
+//		return null;
+    byte[] barr = s.getBytes(encoding);
+    ByteArrayInputStream bin = new ByteArrayInputStream(barr);
+    StringWriter out = new StringWriter();
+    for (int b = bin.read(); b >= 0; b = bin.read())
+      encode(b, out);
+    return out.toString();
+  }
+  
+  /**
+   * Encode a character.
+   * @param ch The character to encode.
+   * @param out The <code>StringWriter</code> containing the result.
+   */
+  private static void encode(int ch, StringWriter out) {
+    if ((ch >= 'a' && ch <= 'z')
+      || (ch >= 'A' && ch <= 'Z')
+      || (ch >= '0' && ch <= '9')
+      || ch == '.' || ch == '-' || ch == '*' || ch == '_')
+      out.write(ch);
+    else if (ch == ' ')
+      out.write('+');
+    else
+      encodeHex(ch, out);
+  }
+  
+  /**
+   * Encode a character as an escaped hex value. 
+   * @param ch The character to encode.
+   * @param out The <code>StringWriter</code> containing the result.
+   */
+  private static void encodeHex(int ch, StringWriter out) {
+    out.write('%');
+    String hex = Integer.toHexString(ch).toUpperCase();
+    if (hex.length() < 2)
+      out.write('0');
+    else
+      out.write(hex.charAt(hex.length() - 2));
+    out.write(hex.charAt(hex.length() - 1));
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/XPathException.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/XPathException.java
new file mode 100644
index 0000000..0d20752
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/XPathException.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+/**
+ * An exception occurred evaluating an XPath.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPathException extends RuntimeException {
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 1736311265333034392L;
+/** The wrapped exception. */
+  private Throwable wrapped;
+  
+  /**
+   * Create a <code>XPathException</code>.
+   * 
+   * @param message The exception message.
+   * @param wrapped The exception being the likely cause of this exception.
+   */
+  public XPathException(String message, Throwable wrapped) {
+    // TODO: remove wrapped from super cstr. again
+	  super(message, wrapped);
+    this.wrapped = wrapped; 
+  }
+  
+  /**
+   * Return the wrapped exception.
+   * 
+   * @return The wrapped exception being the likely cause of this exception.
+   */
+  public Throwable getWrapped() {
+    return wrapped;
+  }
+
+  /**
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
+   */
+  public void printStackTrace(PrintStream s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+  /**
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
+   */
+  public void printStackTrace(PrintWriter s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+ 
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
new file mode 100644
index 0000000..89aeaf3
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
@@ -0,0 +1,557 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.traversal.NodeIterator;
+
+import org.jaxen.JaxenException;
+import org.jaxen.NamespaceContext;
+import org.jaxen.Navigator;
+import org.jaxen.SimpleNamespaceContext;
+import org.jaxen.dom.DOMXPath;
+import org.jaxen.dom.DocumentNavigator;
+
+/**
+ * Utility methods to evaluate XPath expressions on DOM nodes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPathUtils {
+
+  /**
+   * The XPath expression selecting all nodes under a given root (including the
+   * root node itself).
+   */
+  public static final String ALL_NODES_XPATH =
+    "(.//. | .//@* | .//namespace::*)";
+
+  /** The <code>DocumentNavigator</code> to use for navigating the document. */
+  private static Navigator documentNavigator =
+    DocumentNavigator.getInstance();
+  /** The default namespace prefix to namespace URI mappings. */
+  private static NamespaceContext NS_CONTEXT;
+
+  static {
+    SimpleNamespaceContext ctx = new SimpleNamespaceContext();
+    ctx.addNamespace(Constants.MOA_PREFIX, Constants.MOA_NS_URI);
+    ctx.addNamespace(Constants.MOA_CONFIG_PREFIX, Constants.MOA_CONFIG_NS_URI);
+    ctx.addNamespace(Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+    ctx.addNamespace(Constants.SL10_PREFIX, Constants.SL10_NS_URI);
+    ctx.addNamespace(Constants.SL11_PREFIX, Constants.SL11_NS_URI);
+    ctx.addNamespace(Constants.SL12_PREFIX, Constants.SL12_NS_URI);
+    ctx.addNamespace(Constants.ECDSA_PREFIX, Constants.ECDSA_NS_URI);
+    ctx.addNamespace(Constants.PD_PREFIX, Constants.PD_NS_URI);
+    ctx.addNamespace(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+    ctx.addNamespace(Constants.SAMLP_PREFIX, Constants.SAMLP_NS_URI);
+    ctx.addNamespace(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+    ctx.addNamespace(Constants.XSLT_PREFIX, Constants.XSLT_NS_URI);
+    ctx.addNamespace(Constants.XSI_PREFIX, Constants.XSI_NS_URI);
+    ctx.addNamespace(Constants.DSIG_FILTER2_PREFIX, Constants.DSIG_FILTER2_NS_URI);
+    ctx.addNamespace(Constants.DSIG_EC_PREFIX, Constants.DSIG_EC_NS_URI);
+    ctx.addNamespace(Constants.MD_PREFIX, Constants.MD_NS_URI);
+    ctx.addNamespace(Constants.MDP_PREFIX, Constants.MDP_NS_URI);
+    ctx.addNamespace(Constants.MVV_PREFIX, Constants.MVV_NS_URI);
+    ctx.addNamespace(Constants.STB_PREFIX, Constants.STB_NS_URI);
+    ctx.addNamespace(Constants.WRR_PREFIX, Constants.WRR_NS_URI);
+    ctx.addNamespace(Constants.STORK_PREFIX, Constants.STORK_NS_URI);
+    ctx.addNamespace(Constants.STORKP_PREFIX, Constants.STORKP_NS_URI);
+    ctx.addNamespace(Constants.SAML2_PREFIX, Constants.SAML2_NS_URI);
+    ctx.addNamespace(Constants.SAML2P_PREFIX, Constants.SAML2P_NS_URI);
+    ctx.addNamespace(Constants.XENC_PREFIX, Constants.XENC_NS_URI);
+    ctx.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI);
+    NS_CONTEXT = ctx;
+  }
+
+  /**
+   * Return a <code>NodeIterator</code> over the nodes matching the XPath
+   * expression.
+   * 
+   * All namespace URIs and prefixes declared in the <code>Constants</code>
+   * interface are used for resolving namespaces.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param exp The XPath expression to evaluate.
+   * @return An iterator over the resulting nodes.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static NodeIterator selectNodeIterator(Node contextNode, String exp)
+    throws XPathException {
+
+    return selectNodeIterator(contextNode, NS_CONTEXT, exp);
+  }
+
+  /**
+   * Return a <code>NodeIterator</code> over the nodes matching the XPath
+   * expression.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param namespaceElement An element from which to build the
+   * namespace mapping for evaluating the XPath expression
+   * @param exp The XPath expression to evaluate.
+   * @return An iterator over the resulting nodes.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static NodeIterator selectNodeIterator(
+    Node contextNode,
+    Element namespaceElement,
+    String exp)
+    throws XPathException {
+
+    try {
+      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
+      ctx.addElementNamespaces(documentNavigator, namespaceElement);
+      return selectNodeIterator(contextNode, ctx, exp);
+    } catch (JaxenException e) {
+      MessageProvider msg = MessageProvider.getInstance();
+      String message = msg.getMessage("xpath.00", new Object[] { exp });
+      throw new XPathException(message, e);
+    }
+  }
+
+  /**
+   * Return a <code>NodeIterator</code> over the nodes matching the XPath
+   * expression.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param namespaceMapping A namespace prefix to namespace URI mapping
+   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
+   * expression.
+   * @param exp The XPath expression to evaluate.
+   * @return An iterator over the resulting nodes.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static NodeIterator selectNodeIterator(
+    Node contextNode,
+    Map namespaceMapping,
+    String exp)
+    throws XPathException {
+
+    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
+
+    return selectNodeIterator(contextNode, ctx, exp);
+  }
+
+  /**
+   * Return a <code>NodeIterator</code> over the nodes matching the XPath
+   * expression.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
+   * prefixes to namespace URIs for evaluating the XPath expression.
+   * @param exp The XPath expression to evaluate.
+   * @return An iterator over the resulting nodes.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  private static NodeIterator selectNodeIterator(
+    Node contextNode,
+    NamespaceContext nsContext,
+    String exp)
+    throws XPathException {
+
+    try {
+      DOMXPath xpath = new DOMXPath(exp);
+      List nodes;
+
+      xpath.setNamespaceContext(nsContext);
+      nodes = xpath.selectNodes(contextNode);
+      return new NodeIteratorAdapter(nodes.listIterator());
+    } catch (JaxenException e) {
+      MessageProvider msg = MessageProvider.getInstance();
+      String message = msg.getMessage("xpath.00", new Object[] { exp });
+      throw new XPathException(message, e);
+    }
+  }
+
+  /**
+   * Return a <code>NodeList</code> of all the nodes matching the XPath
+   * expression.
+   * 
+   * All namespace URIs and prefixes declared in the <code>Constants</code>
+   * interface are used for resolving namespaces.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param exp The XPath expression to evaluate.
+   * @return A <code>NodeList</code> containing the matching nodes.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static NodeList selectNodeList(Node contextNode, String exp)
+    throws XPathException {
+
+    return selectNodeList(contextNode, NS_CONTEXT, exp);
+  }
+
+  /**
+   * Return a <code>NodeList</code> of all the nodes matching the XPath
+   * expression.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param namespaceElement An element from which to build the
+   * namespace mapping for evaluating the XPath expression
+   * @param exp The XPath expression to evaluate.
+   * @return A <code>NodeList</code> containing the matching nodes.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static NodeList selectNodeList(
+    Node contextNode,
+    Element namespaceElement,
+    String exp)
+    throws XPathException {
+
+    try {
+      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
+
+      ctx.addElementNamespaces(documentNavigator, namespaceElement);
+      return selectNodeList(contextNode, ctx, exp);
+    } catch (JaxenException e) {
+      MessageProvider msg = MessageProvider.getInstance();
+      String message = msg.getMessage("xpath.00", new Object[] { exp });
+      throw new XPathException(message, e);
+    }
+  }
+
+  /**
+   * Return a <code>NodeList</code> of all the nodes matching the XPath
+   * expression.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param namespaceMapping A namespace prefix to namespace URI mapping
+   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
+   * expression.
+   * @param exp The XPath expression to evaluate.
+   * @return A <code>NodeList</code> containing the matching nodes.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static NodeList selectNodeList(
+    Node contextNode,
+    Map namespaceMapping,
+    String exp)
+    throws XPathException {
+
+    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
+
+    return selectNodeList(contextNode, ctx, exp);
+  }
+
+  /**
+   * Return a <code>NodeList</code> of all the nodes matching the XPath
+   * expression.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
+   * prefixes to namespace URIs for evaluating the XPath expression.
+   * @param exp The XPath expression to evaluate.
+   * @return A <code>NodeList</code> containing the matching nodes.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  private static NodeList selectNodeList(
+    Node contextNode,
+    NamespaceContext nsContext,
+    String exp)
+    throws XPathException {
+
+    try {
+      DOMXPath xpath = new DOMXPath(exp);
+      List nodes;
+
+      xpath.setNamespaceContext(nsContext);
+      nodes = xpath.selectNodes(contextNode);
+      return new NodeListAdapter(nodes);
+    } catch (JaxenException e) {
+      MessageProvider msg = MessageProvider.getInstance();
+      String message = msg.getMessage("xpath.00", new Object[] { exp });
+      throw new XPathException(message, e);
+    }
+  }
+
+  /**
+   * Select the first node matching an XPath expression.
+   * 
+   * All namespace URIs and prefixes declared in the <code>Constants</code>
+   * interface are used for resolving namespaces.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param exp The XPath expression to evaluate.
+   * @return Node The first node matching the XPath expression, or
+   * <code>null</code>, if no node matched.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static Node selectSingleNode(Node contextNode, String exp)
+    throws XPathException {
+
+    return selectSingleNode(contextNode, NS_CONTEXT, exp);
+  }
+
+  /**
+   * Select the first node matching an XPath expression.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param namespaceElement An element from which to build the
+   * namespace mapping for evaluating the XPath expression
+   * @param exp The XPath expression to evaluate.
+   * @return Node The first node matching the XPath expression, or
+   * <code>null</code>, if no node matched.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static Node selectSingleNode(
+    Node contextNode,
+    Element namespaceElement,
+    String exp)
+    throws XPathException {
+
+    try {
+      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
+      ctx.addElementNamespaces(documentNavigator, namespaceElement);
+
+      return selectSingleNode(contextNode, ctx, exp);
+    } catch (JaxenException e) {
+      MessageProvider msg = MessageProvider.getInstance();
+      String message = msg.getMessage("xpath.00", new Object[] { exp });
+      throw new XPathException(message, e);
+    }
+  }
+
+  /**
+   * Select the first node matching an XPath expression.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param namespaceMapping A namespace prefix to namespace URI mapping
+   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
+   * expression.
+   * @param exp The XPath expression to evaluate.
+   * @return Node The first node matching the XPath expression, or
+   * <code>null</code>, if no node matched.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static Node selectSingleNode(
+    Node contextNode,
+    Map namespaceMapping,
+    String exp)
+    throws XPathException {
+
+    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
+
+    return selectSingleNode(contextNode, ctx, exp);
+  }
+
+  /**
+   * Select the first node matching an XPath expression.
+   * 
+   * @param contextNode The root node from which to evaluate the XPath
+   * expression.
+   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
+   * prefixes to namespace URIs for evaluating the XPath expression.
+   * @param exp The XPath expression to evaluate.
+   * @return Node The first node matching the XPath expression, or
+   * <code>null</code>, if no node matched.
+   * @throws XPathException An error occurred evaluating the XPath expression.
+   */
+  public static Node selectSingleNode(
+    Node contextNode,
+    NamespaceContext nsContext,
+    String exp)
+    throws XPathException {
+
+    try {
+      DOMXPath xpath = new DOMXPath(exp);
+      xpath.setNamespaceContext(nsContext);
+      return (Node) xpath.selectSingleNode(contextNode);
+    } catch (JaxenException e) {
+      MessageProvider msg = MessageProvider.getInstance();
+      String message = msg.getMessage("xpath.00", new Object[] { exp });
+      throw new XPathException(message, e);
+    }
+  }
+
+  /**
+   * Return the value of a DOM element whose location is given by an XPath
+   * expression.
+   * 
+   * @param root The root element from which to evaluate the XPath.
+   * @param xpath The XPath expression pointing to the element whose value
+   * to return.
+   * @param def The default value to return, if no element can be found using
+   * the given <code>xpath</code>.
+   * @return The element value, if it can be located using the
+   * <code>xpath</code>. Otherwise, <code>def</code> is returned.
+   */
+  public static String getElementValue(
+    Element root,
+    String xpath,
+    String def) {
+
+    Element elem = (Element) XPathUtils.selectSingleNode(root, xpath);
+    return elem != null ? DOMUtils.getText(elem) : def;
+  }
+
+  /**
+   * Return the value of a DOM attribute whose location is given by an XPath
+   * expression.
+   * 
+   * @param root The root element from which to evaluate the XPath.
+   * @param xpath The XPath expression pointing to the attribute whose value to
+   * return.
+   * @param def The default value to return, if no attribute can be found using
+   * the given <code>xpath</code>.
+   * @return The element value, if it can be located using the
+   * <code>xpath</code>. Otherwise, <code>def</code> is returned.
+   */
+  public static String getAttributeValue(
+    Element root,
+    String xpath,
+    String def) {
+
+    Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath);
+    return attr != null ? attr.getValue() : def;
+  }
+  
+  /**
+   * Returns the namespace prefix used within <code>XPathUtils</code> for referring to
+   * the namespace of the specified (Security Layer command) element.
+   * 
+   * This namespace prefix can be used in various XPath expression evaluation methods 
+   * within <code> XPathUtils</code> without explicitely binding it to the particular
+   * namespace.
+   * 
+   * @param contextElement The (Security Layer command) element. 
+   *            
+   * @return  the namespace prefix used within <code>XPathUtils</code> for referring to
+   *          the namespace of the specified (Security Layer command) element.
+   * 
+   * throws XpathException If the specified element has a namespace other than the ones
+   *        known by this implementation as valid Security Layer namespaces (cf. 
+   *        @link Constants#SL10_NS_URI, @link Constants#SL11_NS_URI, @link Constants#SL12_NS_URI).
+   */
+  public static String getSlPrefix (Element contextElement) throws XPathException 
+  {
+    String sLNamespace = contextElement.getNamespaceURI();
+    String sLPrefix = null;
+
+    if (sLNamespace.equals(Constants.SL10_NS_URI)) 
+    {
+      sLPrefix = Constants.SL10_PREFIX;
+    }  
+    else if (sLNamespace.equals(Constants.SL12_NS_URI)) 
+    {
+      sLPrefix = Constants.SL12_PREFIX;
+    }
+    else if (sLNamespace.equals(Constants.SL11_NS_URI)) 
+    {
+      sLPrefix = Constants.SL11_PREFIX;
+    } 
+    else 
+    {
+      MessageProvider msg = MessageProvider.getInstance();
+      String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger Security Layer Namespace: \"" + sLNamespace + "\"."});
+      throw new XPathException(message, null);
+    }
+    
+    return sLPrefix;
+  }
+  
+  
+  /**
+   * Return the SecurityLayer namespace prefix of the context element.
+   * If the context element is not the element that lies within the 
+   * SecurityLayer namespace. The Securitylayer namespace is derived from
+   * the <code>xmlns:sl10</code>, <code>sl11</code> or <code>sl</code> 
+   * attribute of the context element.
+   * 
+   * The returned prefix is needed for evaluating XPATH expressions.
+   * 
+   * @param contextElement The element to get a prefix for the Securitylayer namespace,
+   *                       that is used within the corresponding document. 
+   *            
+   * @return  The string <code>sl10</code>, <code>sl11</code> or <code>sl</code>,
+   *          depending on the SecurityLayer namespace of the contextElement.
+   * 
+   * throws XPathException If no (vlalid) SecurityLayer namespace prefix or namespace
+   *                       is defined.
+   */
+  public static String getSlPrefixFromNoRoot (Element contextElement) throws XPathException {
+    
+    String slPrefix = checkSLnsDeclaration(contextElement, Constants.SL10_PREFIX, Constants.SL10_NS_URI);
+    if (slPrefix == null) {
+      slPrefix = checkSLnsDeclaration(contextElement, Constants.SL11_PREFIX, Constants.SL11_NS_URI);
+    }
+    if (slPrefix == null) {
+      slPrefix = checkSLnsDeclaration(contextElement, Constants.SL12_PREFIX, Constants.SL12_NS_URI);
+    }       
+     
+    return slPrefix;
+       
+  }
+  
+  /**
+   * Checks if the context element has an attribute <code>xmlns:slPrefix</code> and
+   * if the prefix of that attribute corresponds with a valid SecurityLayer namespace.
+   * 
+   * @param contextElement  The element to be checked.
+   * @param slPrefix        The prefix which should be checked. Must be a valid SecurityLayer
+   *                        namespace prefix.
+   * @param slNameSpace     The SecurityLayer namespace that corresponds to the specified prefix.
+   *  
+   * @return                The valid SecurityLayer prefix or <code>null</code> if this prefix is
+   *                        not used.
+   * @throws XPathException
+   */
+  private static String checkSLnsDeclaration(Element contextElement, String slPrefix, String slNameSpace)
+      throws XPathException 
+  {
+    String nsAtt = "xmlns:" + slPrefix;
+    String nameSpace = contextElement.getAttribute(nsAtt);
+    if (nameSpace == "") {
+      return null;
+    } else {
+      // check if namespace is correct
+      if (nameSpace.equals(slNameSpace)) {
+        return slPrefix;
+      } else {
+        MessageProvider msg = MessageProvider.getInstance();
+        String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger SecurityLayer Namespace: \"" + nameSpace + "\"."});
+        throw new XPathException(message, null);
+      }
+    }
+  }
+
+}
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java
new file mode 100644
index 0000000..733a2a8
--- /dev/null
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2011 Federal Chancellery Austria and
+ * Graz University of Technology
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egovernment.moa.util.ex;
+
+public class EgovUtilException extends Exception {
+
+	/**
+   * 
+   */
+  private static final long serialVersionUID = 1L;
+
+	public EgovUtilException() {
+	}
+
+	public EgovUtilException(String message) {
+		super(message);
+	}
+
+	public EgovUtilException(Throwable cause) {
+		super(cause);
+	}
+
+	public EgovUtilException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+}
diff --git a/moaSig/common/src/main/resources/resources/properties/common_messages_de.properties b/moaSig/common/src/main/resources/resources/properties/common_messages_de.properties
new file mode 100644
index 0000000..a58d076
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/properties/common_messages_de.properties
@@ -0,0 +1,17 @@
+# This file contains exception messages in the standard Java properties
+# format. The messages may contain formatting patterns as definied in the
+# java.text.MessageFormat class.
+
+
+#
+# Messages private to the MOA common subsystem
+#
+
+parser.00=Leichter Fehler beim Parsen: {0}, SystemID={1}, Zeile={2}, Spalte={3}
+parser.01=Fehler beim Parsen: {0}, SystemID={1}, Zeile={2}, Spalte={3}
+parser.02=Schwerer Fehler beim Parsen: {0}, SystemID={1}, Zeile={2}, Spalte={3}
+parser.04=Fehler beim Parsen: {0}
+
+xpath.00=Fehler beim Auswerten des XPath-Ausdruckes: {0}
+
+datetime.00=Fehler beim Parsen der DateTime
\ No newline at end of file
diff --git a/moaSig/common/src/main/resources/resources/schemas/Core-1.2.xsd b/moaSig/common/src/main/resources/resources/schemas/Core-1.2.xsd
new file mode 100644
index 0000000..864fee6
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/Core-1.2.xsd
@@ -0,0 +1,881 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Securitylayer, Schnittstellenspezifikation -->
+
+<!-- XML-Schema fuer Schnittstellenspezifikation Version 1.2.2 -->
+
+<!-- 01. 03. 2005, Bundeskanzleramt, Stabsstelle IKT-Strategie, Technik und Standards -->
+
+<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2.1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.buergerkarte.at/namespaces/securitylayer/1.2#">
+  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+  <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+  <!--###################################################################### -->
+  <!--# Create CMS Signature                                               # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Create CMS Signature Request                                       = -->
+  <!--====================================================================== -->
+  <xsd:element name="CreateCMSSignatureRequest" type="CreateCMSSignatureRequestType"/>
+  <xsd:complexType name="CreateCMSSignatureRequestType">
+    <xsd:sequence>
+      <xsd:element name="KeyboxIdentifier" type="BoxIdentifierType"/>
+      <xsd:element name="DataObject" type="CMSDataObjectRequiredMetaType"/>
+    </xsd:sequence>
+    <xsd:attribute name="Structure" use="required">
+      <xsd:simpleType>
+        <xsd:restriction base="xsd:string">
+          <xsd:enumeration value="detached"/>
+          <xsd:enumeration value="enveloping"/>
+        </xsd:restriction>
+      </xsd:simpleType>
+    </xsd:attribute>
+  </xsd:complexType>
+  <xsd:complexType name="CMSDataObjectRequiredMetaType">
+    <xsd:complexContent>
+      <xsd:restriction base="CMSDataObjectOptionalMetaType">
+        <xsd:sequence>
+          <xsd:element name="MetaInfo" type="MetaInfoType"/>
+          <xsd:element name="Content" type="Base64OptRefContentType"/>
+        </xsd:sequence>
+      </xsd:restriction>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="CMSDataObjectOptionalMetaType">
+    <xsd:sequence>
+      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+      <xsd:element name="Content" type="Base64OptRefContentType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Create CMS Siganture Response                                      = -->
+  <!--====================================================================== -->
+  <xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+  <xsd:complexType name="CreateCMSSignatureResponseType">
+    <xsd:sequence>
+      <xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--###################################################################### -->
+  <!--# Create XML Signature                                               # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Create XML Signature Request                                       = -->
+  <!--====================================================================== -->
+  <xsd:element name="CreateXMLSignatureRequest" type="CreateXMLSignatureRequestType"/>
+  <xsd:complexType name="CreateXMLSignatureRequestType">
+    <xsd:sequence>
+      <xsd:element name="KeyboxIdentifier" type="BoxIdentifierType"/>
+      <xsd:element name="DataObjectInfo" type="DataObjectInfoType" maxOccurs="unbounded"/>
+      <xsd:element name="SignatureInfo" type="SignatureInfoCreationType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="SignatureInfoCreationType">
+    <xsd:sequence>
+      <xsd:element name="SignatureEnvironment" type="Base64XMLOptRefContentType"/>
+      <xsd:element name="SignatureLocation">
+        <xsd:complexType>
+          <xsd:simpleContent>
+            <xsd:extension base="xsd:token">
+              <xsd:attribute name="Index" type="xsd:nonNegativeInteger" use="required"/>
+            </xsd:extension>
+          </xsd:simpleContent>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="Supplement" type="DataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="MetaInfoType">
+    <xsd:sequence>
+      <xsd:element name="MimeType" type="MimeTypeType"/>
+      <xsd:element name="Description" type="xsd:string" minOccurs="0"/>
+      <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="DataObjectInfoType">
+    <xsd:sequence>
+      <xsd:element name="DataObject" type="Base64XMLLocRefOptRefContentType"/>
+      <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+      <xsd:element name="Supplement" type="DataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+    <xsd:attribute name="Structure" use="required">
+      <xsd:simpleType>
+        <xsd:restriction base="xsd:string">
+          <xsd:enumeration value="detached"/>
+          <xsd:enumeration value="enveloping"/>
+        </xsd:restriction>
+      </xsd:simpleType>
+    </xsd:attribute>
+  </xsd:complexType>
+  <xsd:complexType name="TransformsInfoType">
+    <xsd:sequence>
+      <xsd:element ref="dsig:Transforms" minOccurs="0"/>
+      <xsd:element name="FinalDataMetaInfo" type="MetaInfoType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Create XML Signature Response                                      = -->
+  <!--====================================================================== -->
+  <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+  <xsd:complexType name="CreateXMLSignatureResponseType">
+    <xsd:sequence>
+      <xsd:any namespace="##any" processContents="lax"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--###################################################################### -->
+  <!--# Verify CMS Signature                                               # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Verify CMS Signature Request                                       = -->
+  <!--====================================================================== -->
+  <xsd:element name="VerifyCMSSignatureRequest" type="VerifyCMSSignatureRequestType"/>
+  <xsd:complexType name="VerifyCMSSignatureRequestType">
+    <xsd:sequence>
+      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+      <xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+      <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+    </xsd:sequence>
+    <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+  </xsd:complexType>
+  <xsd:simpleType name="SignatoriesType">
+    <xsd:union memberTypes="AllSignatoriesType">
+      <xsd:simpleType>
+        <xsd:list itemType="xsd:positiveInteger"/>
+      </xsd:simpleType>
+    </xsd:union>
+  </xsd:simpleType>
+  <xsd:simpleType name="AllSignatoriesType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="all"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <!--====================================================================== -->
+  <!--= Verify CMS Signature Response                                      = -->
+  <!--====================================================================== -->
+  <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+  <xsd:complexType name="VerifyCMSSignatureResponseType">
+    <xsd:sequence maxOccurs="unbounded">
+      <xsd:element name="SignerInfo" type="dsig:KeyInfoType"/>
+      <xsd:element name="SignatureCheck" type="CheckResultType"/>
+      <xsd:element name="CertificateCheck" type="CheckResultType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:element name="QualifiedCertificate"/>
+  <!--###################################################################### -->
+  <!--# Verify XML Signature                                               # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Verify XML Signature Request                                       = -->
+  <!--====================================================================== -->
+  <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+  <xsd:complexType name="VerifyXMLSignatureRequestType">
+    <xsd:sequence>
+      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+      <xsd:element name="SignatureInfo" type="SignatureInfoVerificationType"/>
+      <xsd:element name="Supplement" type="DataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="SignatureInfoVerificationType">
+    <xsd:sequence>
+      <xsd:element name="SignatureEnvironment" type="Base64XMLOptRefContentType"/>
+      <xsd:element name="SignatureLocation" type="xsd:token"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Verify XML Signature Response                                      = -->
+  <!--====================================================================== -->
+  <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+  <xsd:complexType name="VerifyXMLSignatureResponseType">
+    <xsd:sequence>
+      <xsd:element name="SignerInfo" type="dsig:KeyInfoType"/>
+      <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+      <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType"/>
+      <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+      <xsd:element name="CertificateCheck" type="CheckResultType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ReferencesCheckResultType">
+    <xsd:sequence>
+      <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+      <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+    <xsd:sequence>
+      <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+      <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ManifestRefsCheckResultType">
+    <xsd:sequence>
+      <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+      <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+    <xsd:sequence>
+      <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+      <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+      <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="CheckResultType">
+    <xsd:sequence>
+      <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+      <xsd:element name="Info" type="AnyMixedChildrenType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--###################################################################### -->
+  <!--# Encrypt a CMS message                                              # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Encrypt a CMS message: Request                                     = -->
+  <!--====================================================================== -->
+  <xsd:element name="EncryptCMSRequest" type="EncryptCMSRequestType"/>
+  <xsd:complexType name="EncryptCMSRequestType">
+    <xsd:sequence>
+      <xsd:element name="RecipientPublicKey" type="CMSRecipientPublicKeyType" maxOccurs="unbounded"/>
+      <xsd:element name="ToBeEncrypted" type="CMSToBeEncryptedType"/>
+    </xsd:sequence>
+    <xsd:attribute name="ReturnBinaryResult" type="xsd:boolean" use="optional" default="false"/>
+  </xsd:complexType>
+  <xsd:complexType name="CMSToBeEncryptedType">
+    <xsd:sequence>
+      <xsd:element name="MetaInfo" type="MetaInfoType"/>
+      <xsd:element name="Content" type="Base64OptRefContentType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="CMSRecipientPublicKeyType">
+    <xsd:choice>
+      <xsd:element name="X509Certificate" type="xsd:base64Binary"/>
+    </xsd:choice>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Encrypt a CMS message: Response                                    = -->
+  <!--====================================================================== -->
+  <xsd:element name="EncryptCMSResponse" type="EncryptCMSResponseType"/>
+  <xsd:complexType name="EncryptCMSResponseType">
+    <xsd:sequence>
+      <xsd:element name="CMSMessage" type="xsd:base64Binary"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--###################################################################### -->
+  <!--# Decrypt a CMS message                                              # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Decrypt a CMS message: Request                                     = -->
+  <!--====================================================================== -->
+  <xsd:element name="DecryptCMSRequest" type="DecryptCMSRequestType"/>
+  <xsd:complexType name="DecryptCMSRequestType">
+    <xsd:sequence>
+      <xsd:element name="CMSMessage" type="xsd:base64Binary"/>
+      <xsd:element name="EncryptedContent" type="CMSEncryptedContentType" minOccurs="0"/>
+    </xsd:sequence>
+    <xsd:attribute name="ReturnResult" type="ReturnResultType" use="optional" default="xml"/>
+  </xsd:complexType>
+  <xsd:complexType name="CMSEncryptedContentType">
+    <xsd:sequence>
+      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+      <xsd:element name="Content" type="Base64OptRefContentType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:simpleType name="ReturnResultType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="binary"/>
+      <xsd:enumeration value="xml"/>
+      <xsd:enumeration value="none"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <!--====================================================================== -->
+  <!--= Decrypt a CMS message: Response                                    = -->
+  <!--====================================================================== -->
+  <xsd:element name="DecryptCMSResponse" type="DecryptCMSResponseType"/>
+  <xsd:complexType name="DecryptCMSResponseType">
+    <xsd:sequence>
+      <xsd:element name="DecryptedData" type="xsd:base64Binary"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--###################################################################### -->
+  <!--# Encrypt an XML document                                            # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Encrypt an XML document: Request                                   = -->
+  <!--====================================================================== -->
+  <xsd:element name="EncryptXMLRequest">
+    <xsd:complexType>
+      <xsd:complexContent>
+        <xsd:extension base="EncryptXMLRequestType"/>
+      </xsd:complexContent>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:complexType name="EncryptXMLRequestType">
+    <xsd:sequence>
+      <xsd:element name="RecipientPublicKey" type="XMLRecipientPublicKeyType" maxOccurs="unbounded"/>
+      <xsd:element name="ToBeEncrypted" type="ToBeEncryptedType" maxOccurs="unbounded"/>
+      <xsd:element name="EncryptionInfo" type="EncryptionInfoType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ToBeEncryptedType">
+    <xsd:choice>
+      <xsd:element name="Element">
+        <xsd:complexType>
+          <xsd:attribute name="Selector" type="xsd:token" use="required"/>
+          <xsd:attribute name="EncDataReference" type="xsd:anyURI" use="optional"/>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="ElementContent">
+        <xsd:complexType>
+          <xsd:attribute name="Selector" type="xsd:token" use="required"/>
+          <xsd:attribute name="EncDataReference" type="xsd:anyURI" use="optional"/>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="New" type="XMLToBeEncryptedNewType"/>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:complexType name="XMLToBeEncryptedNewType">
+    <xsd:sequence>
+      <xsd:element name="MetaInfo" type="MetaInfoType"/>
+      <xsd:element name="Content" type="XMLToBeEncryptedNewContentType"/>
+    </xsd:sequence>
+    <xsd:attribute name="ParentSelector" type="xsd:token" use="required"/>
+    <xsd:attribute name="NodeCount" type="xsd:nonNegativeInteger" use="required"/>
+  </xsd:complexType>
+  <xsd:complexType name="XMLToBeEncryptedNewContentType">
+    <xsd:complexContent>
+      <xsd:extension base="Base64XMLLocRefContentType">
+        <xsd:attribute name="EncDataReference" type="xsd:anyURI" use="optional"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="XMLRecipientPublicKeyType">
+    <xsd:choice>
+      <xsd:element ref="dsig:KeyValue"/>
+      <xsd:element name="X509Certificate" type="xsd:base64Binary"/>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:complexType name="EncryptionInfoType">
+    <xsd:sequence>
+      <xsd:element name="EncryptionEnvironment" type="Base64XMLOptRefContentType"/>
+      <xsd:element name="EncryptedKeyLocation" minOccurs="0">
+        <xsd:complexType>
+          <xsd:attribute name="ParentSelector" type="xsd:token" use="required"/>
+          <xsd:attribute name="NodeCount" type="xsd:nonNegativeInteger" use="required"/>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="Supplement" type="DataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Encrypt an XML document: Response                                  = -->
+  <!--====================================================================== -->
+  <xsd:element name="EncryptXMLResponse" type="EncryptXMLResponseType"/>
+  <xsd:complexType name="EncryptXMLResponseType">
+    <xsd:sequence>
+      <xsd:element name="EncryptionEnvironment">
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:any namespace="##any" processContents="lax"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="EncryptedData" type="EncryptedDataType" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="EncryptedDataType">
+    <xsd:simpleContent>
+      <xsd:extension base="xsd:base64Binary">
+        <xsd:attribute name="EncDataReference" type="xsd:anyURI" use="required"/>
+      </xsd:extension>
+    </xsd:simpleContent>
+  </xsd:complexType>
+  <!--###################################################################### -->
+  <!--# Decrypt an XML document                                            # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Decrypt an XML document: Request                                   = -->
+  <!--====================================================================== -->
+  <xsd:element name="DecryptXMLRequest" type="DecryptXMLRequestType"/>
+  <xsd:complexType name="DecryptXMLRequestType">
+    <xsd:sequence>
+      <xsd:element name="EncryptedContent" type="Base64XMLOptRefContentType"/>
+      <xsd:element name="EncrElemsSelector" type="xsd:string"/>
+      <xsd:element name="Supplement" type="DataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+    <xsd:attribute name="ReturnResult" type="ReturnResultType" use="optional" default="xml"/>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Decrypt an XML document: Response                                  = -->
+  <!--====================================================================== -->
+  <xsd:element name="DecryptXMLResponse" type="DecryptXMLResponseType"/>
+  <xsd:complexType name="DecryptXMLResponseType">
+    <xsd:sequence minOccurs="0">
+      <xsd:element name="CandidateDocument" type="XMLContentType"/>
+      <xsd:element name="DecryptedBinaryData" minOccurs="0" maxOccurs="unbounded">
+        <xsd:complexType>
+          <xsd:simpleContent>
+            <xsd:extension base="xsd:base64Binary">
+              <xsd:attribute name="EncrElemSelector" type="xsd:string" use="required"/>
+              <xsd:attribute name="MimeType" type="xsd:string" use="optional"/>
+              <xsd:attribute name="Encoding" type="xsd:anyURI" use="optional"/>
+            </xsd:extension>
+          </xsd:simpleContent>
+        </xsd:complexType>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--###################################################################### -->
+  <!--# Hashing                                                            # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Hash Computation Request                                           = -->
+  <!--====================================================================== -->
+  <xsd:element name="CreateHashRequest" type="CreateHashRequestType"/>
+  <xsd:complexType name="CreateHashRequestType">
+    <xsd:sequence>
+      <xsd:element name="HashInfo" type="CreateHashInfoRequestType" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="CreateHashInfoRequestType">
+    <xsd:sequence>
+      <xsd:element name="HashData" type="HashDataType"/>
+      <xsd:element name="HashAlgorithm" type="xsd:anyURI"/>
+      <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0"/>
+    </xsd:sequence>
+    <xsd:attribute name="RespondHashData" type="xsd:boolean" use="required"/>
+  </xsd:complexType>
+  <xsd:complexType name="HashDataType">
+    <xsd:sequence>
+      <xsd:element name="MetaInfo" type="MetaInfoType"/>
+      <xsd:element name="Content" type="Base64XMLOptRefContentType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Hash Computation Response                                          = -->
+  <!--====================================================================== -->
+  <xsd:element name="CreateHashResponse" type="CreateHashResponseType"/>
+  <xsd:complexType name="CreateHashResponseType">
+    <xsd:sequence>
+      <xsd:element name="HashInfo" type="CreateHashInfoResponseType" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="CreateHashInfoResponseType">
+    <xsd:sequence>
+      <xsd:element name="HashData" type="HashDataType" minOccurs="0"/>
+      <xsd:element name="HashAlgorithm" type="xsd:anyURI"/>
+      <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0"/>
+      <xsd:element name="HashValue" type="xsd:base64Binary"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Hash Verification Request                                          = -->
+  <!--====================================================================== -->
+  <xsd:element name="VerifyHashRequest" type="VerifyHashRequestType"/>
+  <xsd:complexType name="VerifyHashRequestType">
+    <xsd:sequence>
+      <xsd:element name="HashInfo" type="VerifyHashInfoRequestType" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="VerifyHashInfoRequestType">
+    <xsd:sequence>
+      <xsd:element name="HashData" type="HashDataType"/>
+      <xsd:element name="HashAlgorithm" type="xsd:anyURI"/>
+      <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0"/>
+      <xsd:element name="HashValue" type="xsd:base64Binary"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Hash Verification Response                                         = -->
+  <!--====================================================================== -->
+  <xsd:element name="VerifyHashResponse" type="VerifyHashResponseType"/>
+  <xsd:complexType name="VerifyHashResponseType">
+    <xsd:sequence>
+      <xsd:element name="VerificationResult" type="VerificationResultType" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="VerificationResultType">
+    <xsd:sequence>
+      <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0"/>
+      <xsd:element name="Result" type="xsd:boolean"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--###################################################################### -->
+  <!--# Infobox Commands                                                   # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Check Available Infoboxes Request                                  = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxAvailableRequest" type="InfoboxAvailableRequestType"/>
+  <xsd:complexType name="InfoboxAvailableRequestType"/>
+  <!--====================================================================== -->
+  <!--= Check Available Infoboxes Response                                 = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxAvailableResponse" type="InfoboxAvailableResponseType"/>
+  <xsd:complexType name="InfoboxAvailableResponseType">
+    <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+      <xsd:element name="InfoboxIdentifier" type="BoxIdentifierType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Create Infobox Request                                             = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxCreateRequest" type="InfoboxCreateRequestType"/>
+  <xsd:complexType name="InfoboxCreateRequestType">
+    <xsd:sequence>
+      <xsd:element name="InfoboxIdentifier" type="BoxIdentifierType"/>
+      <xsd:element name="InfoboxType" type="InfoboxTypeType"/>
+      <xsd:element name="Creator" type="xsd:string"/>
+      <xsd:element name="Purpose" type="xsd:string"/>
+      <xsd:element name="ReadAccessAuthorization" type="AccessAuthorizationType" minOccurs="0"/>
+      <xsd:element name="UpdateAccessAuthorization" type="AccessAuthorizationType" minOccurs="0"/>
+      <xsd:element name="ReadUserConfirmation" type="UserConfirmationType" minOccurs="0"/>
+      <xsd:element name="UpdateUserConfirmation" type="UserConfirmationType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:simpleType name="InfoboxTypeType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="BinaryFile"/>
+      <xsd:enumeration value="AssocArray"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:complexType name="AccessAuthorizationType">
+    <xsd:sequence>
+      <xsd:element name="RequesterID" type="RequesterIDType" maxOccurs="unbounded"/>
+    </xsd:sequence>
+    <xsd:attribute name="UserMayChange" type="xsd:boolean" use="required"/>
+  </xsd:complexType>
+  <xsd:simpleType name="RequesterIDSimpleType">
+    <xsd:restriction base="xsd:string"/>
+  </xsd:simpleType>
+  <xsd:complexType name="RequesterIDType">
+    <xsd:simpleContent>
+      <xsd:extension base="RequesterIDSimpleType">
+        <xsd:attribute name="AuthenticationClass" type="AuthenticationClassType" use="required"/>
+      </xsd:extension>
+    </xsd:simpleContent>
+  </xsd:complexType>
+  <xsd:complexType name="UserConfirmationType">
+    <xsd:simpleContent>
+      <xsd:extension base="UserConfirmationSimpleType">
+        <xsd:attribute name="UserMayChange" type="xsd:boolean" use="required"/>
+      </xsd:extension>
+    </xsd:simpleContent>
+  </xsd:complexType>
+  <xsd:simpleType name="UserConfirmationSimpleType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="none"/>
+      <xsd:enumeration value="info"/>
+      <xsd:enumeration value="confirm"/>
+      <xsd:enumeration value="confirmWithSecret"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:simpleType name="AuthenticationClassType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="anonym"/>
+      <xsd:enumeration value="pseudoanonym"/>
+      <xsd:enumeration value="certified"/>
+      <xsd:enumeration value="certifiedGovAgency"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <!--====================================================================== -->
+  <!--= Create Infobox Response                                            = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxCreateResponse" type="InfoboxCreateResponseType"/>
+  <xsd:complexType name="InfoboxCreateResponseType"/>
+  <!--====================================================================== -->
+  <!--= Delete Infobox Request                                             = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxDeleteRequest" type="InfoboxDeleteRequestType"/>
+  <xsd:complexType name="InfoboxDeleteRequestType">
+    <xsd:sequence>
+      <xsd:element name="InfoboxIdentifier" type="BoxIdentifierType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Delete Infobox Response                                            = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxDeleteResponse" type="InfoboxDeleteResponseType"/>
+  <xsd:complexType name="InfoboxDeleteResponseType"/>
+  <!--====================================================================== -->
+  <!--= Read Infobox Request                                               = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxReadRequest" type="InfoboxReadRequestType"/>
+  <xsd:complexType name="InfoboxReadRequestType">
+    <xsd:sequence>
+      <xsd:element name="InfoboxIdentifier" type="BoxIdentifierType"/>
+      <xsd:choice>
+        <xsd:element name="BinaryFileParameters" type="InfoboxReadParamsBinaryFileType"/>
+        <xsd:element name="AssocArrayParameters" type="InfoboxReadParamsAssocArrayType"/>
+      </xsd:choice>
+      <xsd:element name="BoxSpecificParameters" type="AnyChildrenType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="InfoboxReadParamsBinaryFileType">
+    <xsd:attribute name="ContentIsXMLEntity" type="xsd:boolean" use="optional" default="false"/>
+  </xsd:complexType>
+  <xsd:complexType name="InfoboxReadParamsAssocArrayType">
+    <xsd:choice>
+      <xsd:element name="ReadKeys">
+        <xsd:complexType>
+          <xsd:attribute name="SearchString" type="WildCardSearchStringType" use="required"/>
+          <xsd:attribute name="UserMakesUnique" type="xsd:boolean" use="optional" default="false"/>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="ReadPairs">
+        <xsd:complexType>
+          <xsd:attribute name="SearchString" type="WildCardSearchStringType" use="required"/>
+          <xsd:attribute name="UserMakesUnique" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="ValuesAreXMLEntities" type="xsd:boolean" use="optional" default="false"/>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="ReadValue">
+        <xsd:complexType>
+          <xsd:attribute name="Key" type="BoxIdentifierType" use="required"/>
+          <xsd:attribute name="ValueIsXMLEntity" type="xsd:boolean" use="optional" default="false"/>
+        </xsd:complexType>
+      </xsd:element>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:element name="IdentityLinkDomainIdentifier" type="xsd:anyURI"/>
+  <!--====================================================================== -->
+  <!--= Read Infobox Response                                              = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxReadResponse" type="InfoboxReadResponseType"/>
+  <xsd:complexType name="InfoboxReadResponseType">
+    <xsd:choice>
+      <xsd:element name="BinaryFileData" type="Base64XMLContentType"/>
+      <xsd:element name="AssocArrayData" type="InfoboxReadDataAssocArrayType"/>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:complexType name="InfoboxReadDataAssocArrayType">
+    <xsd:choice>
+      <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+        <xsd:element name="Key" type="BoxIdentifierType"/>
+      </xsd:sequence>
+      <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+        <xsd:element name="Pair" type="InfoboxAssocArrayPairType"/>
+      </xsd:sequence>
+    </xsd:choice>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Update Infobox Request                                             = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxUpdateRequest" type="InfoboxUpdateRequestType"/>
+  <xsd:complexType name="InfoboxUpdateRequestType">
+    <xsd:sequence>
+      <xsd:element name="InfoboxIdentifier" type="BoxIdentifierType"/>
+      <xsd:choice>
+        <xsd:element name="BinaryFileParameters" type="Base64XMLContentType"/>
+        <xsd:element name="AssocArrayParameters" type="InfoboxUpdateParamsAssocArrayType"/>
+      </xsd:choice>
+      <xsd:element name="BoxSpecificParameters" type="AnyChildrenType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="InfoboxUpdateParamsAssocArrayType">
+    <xsd:choice>
+      <xsd:element name="UpdateKey">
+        <xsd:complexType>
+          <xsd:attribute name="Key" type="xsd:token" use="required"/>
+          <xsd:attribute name="NewKey" type="xsd:token" use="required"/>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="UpdateValue" type="InfoboxAssocArrayPairType"/>
+      <xsd:element name="DeletePair">
+        <xsd:complexType>
+          <xsd:attribute name="Key" type="xsd:token" use="required"/>
+        </xsd:complexType>
+      </xsd:element>
+    </xsd:choice>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Update Infobox Response                                            = -->
+  <!--====================================================================== -->
+  <xsd:element name="InfoboxUpdateResponse" type="InfoboxUpdateResponseType"/>
+  <xsd:complexType name="InfoboxUpdateResponseType"/>
+  <!--###################################################################### -->
+  <!--# Null-Operation                                                     # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Null-Operation ReQuest                                             = -->
+  <!--====================================================================== -->
+  <xsd:element name="NullOperationRequest" type="NullOperationRequestType"/>
+  <xsd:complexType name="NullOperationRequestType"/>
+  <!--====================================================================== -->
+  <!--= Null-Operation Response                                            = -->
+  <!--====================================================================== -->
+  <xsd:element name="NullOperationResponse" type="NullOperationResponseType"/>
+  <xsd:complexType name="NullOperationResponseType"/>
+  <!--###################################################################### -->
+  <!--# Get Properties                                                     # -->
+  <!--###################################################################### -->
+  <xsd:element name="GetPropertiesRequest">
+    <xsd:complexType>
+      <xsd:complexContent>
+        <xsd:extension base="GetPropertiesRequestType"/>
+      </xsd:complexContent>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:complexType name="GetPropertiesRequestType"/>
+  <!--====================================================================== -->
+  <!--= Get Properties Response                                            = -->
+  <!--====================================================================== -->
+  <xsd:element name="GetPropertiesResponse" type="GetPropertiesResponseType"/>
+  <xsd:complexType name="GetPropertiesResponseType">
+    <xsd:sequence>
+      <xsd:element name="ViewerMediaType" type="MimeTypeType" maxOccurs="unbounded"/>
+      <xsd:element name="XMLSignatureTransform" type="xsd:anyURI" maxOccurs="unbounded"/>
+      <xsd:element name="KeyboxIdentifier" type="QualifiedBoxIdentifierType" minOccurs="0" maxOccurs="unbounded"/>
+      <xsd:element name="Binding" type="BindingType" maxOccurs="unbounded"/>
+      <xsd:element name="ProtocolVersion" type="xsd:token" maxOccurs="unbounded"/>
+      <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="BindingType">
+    <xsd:complexContent>
+      <xsd:extension base="AnyChildrenType">
+        <xsd:attribute name="Identifier" type="xsd:token" use="required"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="QualifiedBoxIdentifierType">
+    <xsd:simpleContent>
+      <xsd:extension base="BoxIdentifierType">
+        <xsd:attribute name="Signature" type="xsd:boolean" use="required"/>
+        <xsd:attribute name="Encryption" type="xsd:boolean" use="required"/>
+      </xsd:extension>
+    </xsd:simpleContent>
+  </xsd:complexType>
+  <!--###################################################################### -->
+  <!--# Get Token Status                                                   # -->
+  <!--###################################################################### -->
+  <!--====================================================================== -->
+  <!--= Get Token Status Request                                           = -->
+  <!--====================================================================== -->
+  <xsd:element name="GetStatusRequest" type="GetStatusRequestType"/>
+  <xsd:complexType name="GetStatusRequestType">
+    <xsd:sequence minOccurs="0">
+      <xsd:element name="TokenStatus" type="TokenStatusType"/>
+      <xsd:element name="MaxDelay" type="xsd:nonNegativeInteger"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--====================================================================== -->
+  <!--= Get Token Status Response                                          = -->
+  <!--====================================================================== -->
+  <xsd:element name="GetStatusResponse" type="GetStatusResponseType"/>
+  <xsd:complexType name="GetStatusResponseType">
+    <xsd:sequence>
+      <xsd:element name="TokenStatus" type="TokenStatusType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:simpleType name="TokenStatusType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="ready"/>
+      <xsd:enumeration value="removed"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <!--###################################################################### -->
+  <!--# Error Response                                                     # -->
+  <!--###################################################################### -->
+  <xsd:element name="ErrorResponse" type="ErrorResponseType"/>
+  <xsd:complexType name="ErrorResponseType">
+    <xsd:sequence>
+      <xsd:element name="ErrorCode" type="ErrorCodeType"/>
+      <xsd:element name="Info" type="xsd:string"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:simpleType name="ErrorCodeType">
+    <xsd:restriction base="xsd:integer">
+      <xsd:minInclusive value="1000"/>
+      <xsd:maxInclusive value="99999"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <!--###################################################################### -->
+  <!--# Auxiliary Types                                                    # -->
+  <!--###################################################################### -->
+  <xsd:simpleType name="BoxIdentifierType">
+    <xsd:restriction base="xsd:token"/>
+  </xsd:simpleType>
+  <xsd:simpleType name="MimeTypeType">
+    <xsd:restriction base="xsd:token"/>
+  </xsd:simpleType>
+  <xsd:simpleType name="WildCardSearchStringType">
+    <xsd:restriction base="xsd:string">
+      <xsd:pattern value="[^\*/]*(\*[^\*/]*)?(/[^\*/]*(\*[^\*/]*)?)*"/>
+      <xsd:pattern value="\*\*"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:complexType name="InfoboxAssocArrayPairType">
+    <xsd:complexContent>
+      <xsd:extension base="Base64XMLContentType">
+        <xsd:attribute name="Key" type="xsd:string" use="required"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="AnyChildrenType" mixed="false">
+    <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+      <xsd:any namespace="##any" processContents="lax"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="AnyMixedChildrenType" mixed="true">
+    <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+      <xsd:any namespace="##any" processContents="skip"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="XMLContentType" mixed="true">
+    <xsd:complexContent mixed="true">
+      <xsd:extension base="AnyMixedChildrenType">
+        <xsd:attribute ref="xml:space" use="optional"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="Base64XMLLocRefOptRefContentType">
+    <xsd:complexContent>
+      <xsd:extension base="Base64XMLLocRefContentType">
+        <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="Base64XMLLocRefReqRefContentType">
+    <xsd:complexContent>
+      <xsd:extension base="Base64XMLLocRefContentType">
+        <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="Base64XMLOptRefContentType">
+    <xsd:complexContent>
+      <xsd:extension base="Base64XMLContentType">
+        <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="Base64OptRefContentType">
+    <xsd:complexContent>
+      <xsd:extension base="Base64ContentType">
+        <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="Base64ContentType">
+    <xsd:choice minOccurs="0">
+      <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:complexType name="Base64XMLContentType">
+    <xsd:choice minOccurs="0">
+      <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+      <xsd:element name="XMLContent" type="XMLContentType"/>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:complexType name="Base64XMLLocRefContentType">
+    <xsd:choice minOccurs="0">
+      <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+      <xsd:element name="XMLContent" type="XMLContentType"/>
+      <xsd:element name="LocRefContent" type="xsd:anyURI"/>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:complexType name="DataObjectAssociationType">
+    <xsd:sequence>
+      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+      <xsd:element name="Content" type="Base64XMLLocRefReqRefContentType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+</xsd:schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/Core.20020225.xsd b/moaSig/common/src/main/resources/resources/schemas/Core.20020225.xsd
new file mode 100644
index 0000000..5dd2836
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/Core.20020225.xsd
@@ -0,0 +1,399 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- Securitylayer, Schnittstellenspezifikation -->

+<!-- XML-Schema für Schnittstellenspezifikation Version 1.1.0, Protokollelemente im datierten Namespace 20020225 -->

+<!-- 31. 08. 2002, Operative Unit, CIO, BMOeLS -->

+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.0">

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>

+	<!--########### Create CMS Signature ###-->

+	<!--### Create CMS Signature Request ###-->

+	<xsd:element name="CreateCMSSignatureRequest" type="CreateCMSSignatureRequestType"/>

+	<xsd:complexType name="CreateCMSSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="KeyboxIdentifier" type="BoxIdentifierType"/>

+			<xsd:element name="DataObject" type="CMSDataObjectRequiredMetaType"/>

+		</xsd:sequence>

+		<xsd:attribute name="Structure" use="required">

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="detached"/>

+					<xsd:enumeration value="enveloping"/>

+				</xsd:restriction>

+			</xsd:simpleType>

+		</xsd:attribute>

+	</xsd:complexType>

+	<xsd:complexType name="CMSDataObjectRequiredMetaType">

+		<xsd:complexContent>

+			<xsd:restriction base="CMSDataObjectOptionalMetaType">

+				<xsd:sequence>

+					<xsd:element name="MetaInfo" type="MetaInfoType"/>

+					<xsd:element name="Content" type="CMSContentBaseType"/>

+				</xsd:sequence>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="CMSDataObjectOptionalMetaType">

+		<xsd:sequence>

+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>

+			<xsd:element name="Content" type="CMSContentBaseType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CMSContentBaseType">

+		<xsd:complexContent>

+			<xsd:restriction base="ContentOptionalRefType">

+				<xsd:choice minOccurs="0">

+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+				</xsd:choice>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<!--### Create CMS Siganture Response ###-->

+	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>

+	<xsd:complexType name="CreateCMSSignatureResponseType">

+		<xsd:sequence>

+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Create XML Signature ###-->

+	<!--### Create XML Signature Request ###-->

+	<xsd:element name="CreateXMLSignatureRequest" type="CreateXMLSignatureRequestType"/>

+	<xsd:complexType name="CreateXMLSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="KeyboxIdentifier" type="BoxIdentifierType"/>

+			<xsd:element name="DataObjectInfo" type="DataObjectInfoType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="MetaInfoType">

+		<xsd:sequence>

+			<xsd:element name="MimeType" type="MimeTypeType"/>

+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>

+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="DataObjectInfoType">

+		<xsd:sequence>

+			<xsd:element name="DataObject" type="ContentOptionalRefType"/>

+			<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>

+			<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+		<xsd:attribute name="Structure" use="required">

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="detached"/>

+					<xsd:enumeration value="enveloping"/>

+				</xsd:restriction>

+			</xsd:simpleType>

+		</xsd:attribute>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:sequence>

+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>

+			<xsd:element name="FinalDataMetaInfo" type="MetaInfoType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="XMLDataObjectAssociationType">

+		<xsd:sequence>

+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>

+			<xsd:element name="Content" type="ContentRequiredRefType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Create XML Signature Response ###-->

+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>

+	<xsd:complexType name="CreateXMLSignatureResponseType">

+		<xsd:sequence>

+			<xsd:element ref="dsig:Signature"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Verify CMS Signature ###-->

+	<!--### Verifiy CMS Signature Request ###-->

+	<xsd:element name="VerifyCMSSignatureRequest" type="VerifyCMSSignatureRequestType"/>

+	<xsd:complexType name="VerifyCMSSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>

+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Verify CMS Signature Response ###-->

+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>

+	<xsd:complexType name="VerifyCMSSignatureResponseType">

+		<xsd:sequence>

+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType"/>

+			<xsd:element name="SignatureCheck" type="CheckResultType"/>

+			<xsd:element name="CertificateCheck" type="CheckResultType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Verify XML Signature ###-->

+	<!--### Verify XML Signature Request ###-->

+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>

+	<xsd:complexType name="VerifyXMLSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+			<xsd:element name="SignatureInfo">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="SignatureEnvironment">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:any namespace="##any" processContents="skip"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="SignatureLocation" type="xsd:token"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Verify XML Signature Response ###-->

+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>

+	<xsd:complexType name="VerifyXMLSignatureResponseType">

+		<xsd:sequence>

+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType"/>

+			<xsd:element name="SignatureCheck" type="CheckResultType"/>

+			<xsd:element name="SignatureManifestCheck" type="CheckResultType"/>

+			<xsd:element name="CertificateCheck" type="CheckResultType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CheckResultType">

+		<xsd:sequence>

+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Infobox Commands ###-->

+	<!--### Check Available Infoboxes Request ###-->

+	<xsd:element name="InfoboxAvailableRequest" type="InfoboxAvailableRequestType"/>

+	<xsd:complexType name="InfoboxAvailableRequestType"/>

+	<!--### Check Available Infoboxes Response ###-->

+	<xsd:element name="InfoboxAvailableResponse" type="InfoboxAvailableResponseType"/>

+	<xsd:complexType name="InfoboxAvailableResponseType">

+		<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+			<xsd:element name="InfoboxIdentifier" type="BoxIdentifierType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Read Infobox Request ###-->

+	<xsd:element name="InfoboxReadRequest" type="InfoboxReadRequestType"/>

+	<xsd:complexType name="InfoboxReadRequestType">

+		<xsd:sequence>

+			<xsd:element name="InfoboxIdentifier" type="BoxIdentifierType"/>

+			<xsd:choice>

+				<xsd:element name="BinaryFileParameters" type="InfoboxReadParamsBinaryFileType"/>

+				<xsd:element name="AssocArrayParameters" type="InfoboxReadParamsAssocArrayType"/>

+			</xsd:choice>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxReadParamsBinaryFileType">

+		<xsd:attribute name="ContentIsXMLEntity" type="xsd:boolean" use="optional" default="false"/>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxReadParamsAssocArrayType">

+		<xsd:choice>

+			<xsd:element name="ReadKeys">

+				<xsd:complexType>

+					<xsd:attribute name="SearchString" type="WildCardSearchStringType" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ReadPairs">

+				<xsd:complexType>

+					<xsd:attribute name="SearchString" type="WildCardSearchStringType" use="required"/>

+					<xsd:attribute name="ValuesAreXMLEntities" type="xsd:boolean" use="optional" default="false"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ReadValue">

+				<xsd:complexType>

+					<xsd:attribute name="Key" type="BoxIdentifierType" use="required"/>

+					<xsd:attribute name="ValueIsXMLEntity" type="xsd:boolean" use="optional" default="false"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:choice>

+	</xsd:complexType>

+	<!--### Read Infobox Response ###-->

+	<xsd:element name="InfoboxReadResponse" type="InfoboxReadResponseType"/>

+	<xsd:complexType name="InfoboxReadResponseType">

+		<xsd:choice>

+			<xsd:element name="BinaryFileData" type="ContentBaseType"/>

+			<xsd:element name="AssocArrayData" type="InfoboxReadDataAssocArrayType"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxReadDataAssocArrayType">

+		<xsd:choice>

+			<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+				<xsd:element name="Key" type="BoxIdentifierType"/>

+			</xsd:sequence>

+			<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+				<xsd:element name="Pair" type="InfoboxAssocArrayPairType"/>

+			</xsd:sequence>

+		</xsd:choice>

+	</xsd:complexType>

+	<!--### Update Infobox Request ###-->

+	<xsd:element name="InfoboxUpdateRequest" type="InfoboxUpdateRequestType"/>

+	<xsd:complexType name="InfoboxUpdateRequestType">

+		<xsd:sequence>

+			<xsd:element name="InfoboxIdentifier" type="BoxIdentifierType"/>

+			<xsd:choice>

+				<xsd:element name="BinaryFileParameters" type="ContentBaseType"/>

+				<xsd:element name="AssocArrayParameters" type="InfoboxUpdateParamsAssocArrayType"/>

+			</xsd:choice>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxUpdateParamsAssocArrayType">

+		<xsd:choice>

+			<xsd:element name="UpdateKey">

+				<xsd:complexType>

+					<xsd:attribute name="Key" type="xsd:token" use="required"/>

+					<xsd:attribute name="NewKey" type="xsd:token" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="UpdateValue" type="InfoboxAssocArrayPairType"/>

+			<xsd:element name="DeletePair">

+				<xsd:complexType>

+					<xsd:attribute name="Key" type="xsd:token" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:choice>

+	</xsd:complexType>

+	<!--### Update Infobox Response ###-->

+	<xsd:element name="InfoboxUpdateResponse" type="InfoboxUpdateResponseType"/>

+	<xsd:complexType name="InfoboxUpdateResponseType"/>

+	<!--########## Create Session Certificate ###-->

+	<!--### Create Session Certificate Request ###-->

+	<xsd:element name="CreateSessionKeyRequest" type="CreateSessionKeyRequestType"/>

+	<xsd:complexType name="CreateSessionKeyRequestType">

+		<xsd:sequence>

+			<xsd:element name="KeyboxIdentifier" type="BoxIdentifierType"/>

+			<xsd:element name="Password" type="xsd:string"/>

+			<xsd:element name="Minutes" type="xsd:positiveInteger"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Create Session Certificate Response ###-->

+	<xsd:element name="CreateSessionKeyResponse" type="CreateSessionKeyResponseType"/>

+	<xsd:complexType name="CreateSessionKeyResponseType">

+		<xsd:sequence>

+			<xsd:element name="PKCS12Object" type="xsd:base64Binary"/>

+			<xsd:element name="Certificate" type="xsd:base64Binary"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Create Symmetric Key ###-->

+	<!--### Create SymmetricKey Request ###-->

+	<xsd:element name="CreateSymmetricSecretRequest" type="CreateSymmetricSecretRequestType"/>

+	<xsd:complexType name="CreateSymmetricSecretRequestType" mixed="false">

+		<xsd:sequence>

+			<xsd:element name="KeyboxIdentifier" type="BoxIdentifierType"/>

+			<xsd:element ref="dsig:KeyInfo"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Create SymmetricKey Response ###-->

+	<xsd:element name="CreateSymmetricSecretResponse" type="CreateSymmetricSecretResponseType"/>

+	<xsd:complexType name="CreateSymmetricSecretResponseType" mixed="false">

+		<xsd:sequence>

+			<xsd:element name="SymmetricSecretValue" type="xsd:base64Binary"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Get Properties ###-->

+	<!--### Get Properties Request ###-->

+	<xsd:element name="GetPropertiesRequest" type="GetPropertiesRequestType"/>

+	<xsd:complexType name="GetPropertiesRequestType"/>

+	<!--### Get Properties Response ###-->

+	<xsd:element name="GetPropertiesResponse" type="GetPropertiesResponseType"/>

+	<xsd:complexType name="GetPropertiesResponseType">

+		<xsd:sequence>

+			<xsd:element name="ViewerMediaType" type="MimeTypeType" maxOccurs="unbounded"/>

+			<xsd:element name="XMLSignatureTransform" type="xsd:anyURI" minOccurs="5" maxOccurs="unbounded"/>

+			<xsd:element name="KeyboxIdentifier" type="BoxIdentifierType" minOccurs="2" maxOccurs="unbounded"/>

+			<xsd:element name="Binding" type="BindingType" minOccurs="2" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="BindingType" mixed="true">

+		<xsd:complexContent mixed="true">

+			<xsd:extension base="AnyChildrenType">

+				<xsd:attribute name="Identifier" type="xsd:token" use="required"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<!--########### Get Token Status ###-->

+	<!--### Get Token Status Reqeust ###-->

+	<xsd:element name="GetStatusRequest" type="GetStatusRequestType"/>

+	<xsd:complexType name="GetStatusRequestType">

+		<xsd:sequence minOccurs="0">

+			<xsd:element name="TokenStatus" type="TokenStatusType"/>

+			<xsd:element name="MaxDelay" type="xsd:nonNegativeInteger"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Get Token Status Response ###-->

+	<xsd:element name="GetStatusResponse" type="GetStatusResponseType"/>

+	<xsd:complexType name="GetStatusResponseType">

+		<xsd:sequence>

+			<xsd:element name="TokenStatus" type="TokenStatusType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:simpleType name="TokenStatusType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="ready"/>

+			<xsd:enumeration value="removed"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--########## Error Response ###-->

+	<xsd:element name="ErrorResponse" type="ErrorResponseType"/>

+	<xsd:complexType name="ErrorResponseType">

+		<xsd:sequence>

+			<xsd:element name="ErrorCode" type="xsd:integer"/>

+			<xsd:element name="Info" type="xsd:string"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Auxiliary Types ###-->

+	<xsd:simpleType name="BoxIdentifierType">

+		<xsd:restriction base="xsd:token"/>

+	</xsd:simpleType>

+	<xsd:simpleType name="MimeTypeType">

+		<xsd:restriction base="xsd:token"/>

+	</xsd:simpleType>

+	<xsd:simpleType name="WildCardSearchStringType">

+		<xsd:restriction base="xsd:string">

+			<xsd:pattern value="[^\*/]*(\*[^\*/]*)?(/[^\*/]*(\*[^\*/]*)?)*"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:complexType name="AnyChildrenType" mixed="true">

+		<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+			<xsd:any namespace="##any" processContents="skip"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="XMLContentType" mixed="true">

+		<xsd:complexContent mixed="true">

+			<xsd:extension base="AnyChildrenType">

+				<xsd:attribute ref="xml:space" use="optional"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ContentBaseType">

+		<xsd:choice minOccurs="0">

+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+			<xsd:element name="XMLContent" type="XMLContentType"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:complexType name="ContentOptionalRefType">

+		<xsd:complexContent>

+			<xsd:extension base="ContentBaseType">

+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ContentRequiredRefType">

+		<xsd:complexContent>

+			<xsd:restriction base="ContentOptionalRefType">

+				<xsd:choice>

+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+					<xsd:element name="XMLContent" type="XMLContentType"/>

+				</xsd:choice>

+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxAssocArrayPairType">

+		<xsd:complexContent>

+			<xsd:extension base="ContentBaseType">

+				<xsd:attribute name="Key" type="xsd:string" use="required"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/Core.20020831.xsd b/moaSig/common/src/main/resources/resources/schemas/Core.20020831.xsd
new file mode 100644
index 0000000..6ec40be
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/Core.20020831.xsd
@@ -0,0 +1,153 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- Securitylayer, Schnittstellenspezifikation -->

+<!-- XML-Schema für Schnittstellenspezifikation Version 1.1.0, Protokollelemente im datierten Namespace 20020831 -->

+<!-- 31. 08. 2002, Operative Unit, CIO, BMOeLS -->

+<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.0">

+  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+  <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>

+  <xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="Core.20020225.xsd"/>

+  <!--########## Create XML Signature ###-->

+  <!--### Create XML Signature Request ###-->

+  <xsd:element name="CreateXMLSignatureRequest" type="CreateXMLSignatureRequestType"/>

+  <xsd:complexType name="CreateXMLSignatureRequestType">

+    <xsd:sequence>

+      <xsd:element name="KeyboxIdentifier" type="sl10:BoxIdentifierType"/>

+      <xsd:element name="DataObjectInfo" type="sl10:DataObjectInfoType" maxOccurs="unbounded"/>

+      <xsd:element name="SignatureInfo" type="SignatureInfoCreationType" minOccurs="0"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:complexType name="SignatureInfoCreationType">

+    <xsd:sequence>

+      <xsd:element name="SignatureEnvironment" type="sl10:ContentOptionalRefType"/>

+      <xsd:element name="SignatureLocation">

+        <xsd:complexType>

+          <xsd:simpleContent>

+            <xsd:extension base="xsd:token">

+              <xsd:attribute name="Index" type="xsd:nonNegativeInteger" use="required"/>

+            </xsd:extension>

+          </xsd:simpleContent>

+        </xsd:complexType>

+      </xsd:element>

+      <xsd:element name="Supplement" type="sl10:XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <!--### Create XML Signature Response ###-->

+  <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>

+  <xsd:complexType name="CreateXMLSignatureResponseType">

+    <xsd:sequence>

+      <xsd:any namespace="##any" processContents="lax"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <!--########## Verify CMS Signature ###-->

+  <!--### Verifiy CMS Signature Request ###-->

+  <xsd:element name="VerifyCMSSignatureRequest" type="VerifyCMSSignatureRequestType"/>

+  <xsd:complexType name="VerifyCMSSignatureRequestType">

+    <xsd:sequence>

+      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+      <xsd:element name="CMSSignature" type="xsd:base64Binary"/>

+      <xsd:element name="DataObject" type="sl10:CMSDataObjectOptionalMetaType" minOccurs="0"/>

+    </xsd:sequence>

+    <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>

+  </xsd:complexType>

+  <xsd:simpleType name="SignatoriesType">

+    <xsd:union memberTypes="AllSignatoriesType">

+      <xsd:simpleType>

+        <xsd:list itemType="xsd:positiveInteger"/>

+      </xsd:simpleType>

+    </xsd:union>

+  </xsd:simpleType>

+  <xsd:simpleType name="AllSignatoriesType">

+    <xsd:restriction base="xsd:string">

+      <xsd:enumeration value="all"/>

+    </xsd:restriction>

+  </xsd:simpleType>

+  <!--### Verify CMS Signature Response ###-->

+  <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>

+  <xsd:complexType name="VerifyCMSSignatureResponseType">

+    <xsd:sequence maxOccurs="unbounded">

+      <xsd:element name="SignerInfo" type="dsig:KeyInfoType"/>

+      <xsd:element name="SignatureCheck" type="sl10:CheckResultType"/>

+      <xsd:element name="CertificateCheck" type="sl10:CheckResultType"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:element name="QualifiedCertificate"/>

+  <!--########## Verify XML Signature ###-->

+  <!--### Verify XML Signature Request ###-->

+  <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>

+  <xsd:complexType name="VerifyXMLSignatureRequestType">

+    <xsd:sequence>

+      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+      <xsd:element name="SignatureInfo" type="SignatureInfoVerificationType"/>

+      <xsd:element name="Supplement" type="sl10:XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:complexType name="SignatureInfoVerificationType">

+    <xsd:sequence>

+      <xsd:element name="SignatureEnvironment" type="sl10:ContentOptionalRefType"/>

+      <xsd:element name="SignatureLocation" type="xsd:token"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <!--### Verify XML Signature Response ###-->

+  <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>

+  <xsd:complexType name="VerifyXMLSignatureResponseType">

+    <xsd:sequence>

+      <xsd:element name="SignerInfo" type="dsig:KeyInfoType"/>

+      <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>

+      <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType"/>

+      <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>

+      <xsd:element name="CertificateCheck" type="sl10:CheckResultType"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:complexType name="ReferencesCheckResultType">

+    <xsd:complexContent>

+      <xsd:restriction base="sl10:CheckResultType">

+        <xsd:sequence>

+          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+          <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>

+        </xsd:sequence>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">

+    <xsd:complexContent mixed="true">

+      <xsd:restriction base="sl10:AnyChildrenType">

+        <xsd:sequence>

+          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>

+        </xsd:sequence>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="ManifestRefsCheckResultType">

+    <xsd:complexContent>

+      <xsd:restriction base="sl10:CheckResultType">

+        <xsd:sequence>

+          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+          <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>

+        </xsd:sequence>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">

+    <xsd:complexContent mixed="true">

+      <xsd:extension base="ReferencesCheckResultInfoType">

+        <xsd:sequence>

+          <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>

+        </xsd:sequence>

+      </xsd:extension>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <!--########## Get Properties ###-->

+  <!--### Get Properties Response ###-->

+  <xsd:element name="GetPropertiesResponse" type="GetPropertiesResponseType"/>

+  <xsd:complexType name="GetPropertiesResponseType">

+    <xsd:sequence>

+      <xsd:element name="ViewerMediaType" type="sl10:MimeTypeType" maxOccurs="unbounded"/>

+      <xsd:element name="XMLSignatureTransform" type="xsd:anyURI" maxOccurs="unbounded"/>

+      <xsd:element name="KeyboxIdentifier" type="sl10:BoxIdentifierType" maxOccurs="unbounded"/>

+      <xsd:element name="Binding" type="sl10:BindingType" maxOccurs="unbounded"/>

+      <xsd:element name="ProtocolVersion" type="xsd:anyURI" maxOccurs="unbounded"/>

+      <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>

+    </xsd:sequence>

+  </xsd:complexType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/ECDSAKeyValue.ancient.xsd b/moaSig/common/src/main/resources/resources/schemas/ECDSAKeyValue.ancient.xsd
new file mode 100644
index 0000000..833d327
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/ECDSAKeyValue.ancient.xsd
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema targetNamespace="http://www.buergerkarte.at/namespaces/ecdsa/200206030#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ecdsa="http://www.buergerkarte.at/namespaces/ecdsa/200206030#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.3">
+	<!--ECDSA key value root element-->
+	<xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/>
+	<xs:complexType name="ECDSAKeyValueType">
+		<xs:sequence>
+			<xs:element name="DomainParameters" type="ecdsa:DomainParamsType" minOccurs="0"/>
+			<xs:element name="PublicKey" type="ecdsa:ECPointType"/>
+		</xs:sequence>
+	</xs:complexType>
+	<!--EC domain parameters-->
+	<xs:complexType name="DomainParamsType">
+		<xs:choice>
+			<xs:element name="ExplicitParams" type="ecdsa:ExplicitParamsType"/>
+			<xs:element name="NamedCurve">
+				<xs:complexType>
+					<xs:attribute name="URN" type="xs:anyURI" use="required"/>
+				</xs:complexType>
+			</xs:element>
+		</xs:choice>
+	</xs:complexType>
+	<xs:complexType name="FieldParamsType" abstract="true"/>
+	<xs:complexType name="PrimeFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldParamsType">
+				<xs:sequence>
+					<xs:element name="P" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="CharTwoFieldParamsType" abstract="true">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldParamsType">
+				<xs:sequence>
+					<xs:element name="M" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="OddCharExtensionFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldParamsType">
+				<xs:sequence>
+					<xs:element name="M" type="xs:positiveInteger"/>
+					<xs:element name="W" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="TnBFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:CharTwoFieldParamsType">
+				<xs:sequence>
+					<xs:element name="K" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="PnBFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:CharTwoFieldParamsType">
+				<xs:sequence>
+					<xs:element name="K1" type="xs:positiveInteger"/>
+					<xs:element name="K2" type="xs:positiveInteger"/>
+					<xs:element name="K3" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="ExplicitParamsType">
+		<xs:sequence>
+			<xs:element name="FieldParams" type="ecdsa:FieldParamsType"/>
+			<xs:element name="CurveParams" type="ecdsa:CurveParamsType"/>
+			<xs:element name="BasePointParams" type="ecdsa:BasePointParamsType"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="CurveParamsType">
+		<xs:sequence>
+			<xs:element name="A" type="ecdsa:FieldElemType"/>
+			<xs:element name="B" type="ecdsa:FieldElemType"/>
+			<xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="BasePointParamsType">
+		<xs:sequence>
+			<xs:element name="BasePoint" type="ecdsa:ECPointType"/>
+			<xs:element name="Order" type="xs:positiveInteger"/>
+			<xs:element name="Cofactor" type="xs:positiveInteger" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<!--EC point-->
+	<xs:complexType name="ECPointType">
+		<xs:sequence minOccurs="0">
+			<xs:element name="X" type="ecdsa:FieldElemType"/>
+			<xs:element name="Y" type="ecdsa:FieldElemType"/>
+		</xs:sequence>
+	</xs:complexType>
+	<!--Field element-->
+	<xs:complexType name="FieldElemType" abstract="true"/>
+	<xs:complexType name="PrimeFieldElemType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldElemType">
+				<xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="CharTwoFieldElemType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldElemType">
+				<xs:attribute name="Value" type="xs:hexBinary" use="required"/>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="OddCharExtensionFieldElemType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldElemType">
+				<xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/ECDSAKeyValue.wrong.xsd b/moaSig/common/src/main/resources/resources/schemas/ECDSAKeyValue.wrong.xsd
new file mode 100644
index 0000000..db83c9d
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/ECDSAKeyValue.wrong.xsd
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema targetNamespace="http://www.w3.org/2004/01/xmldsig-more#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ecdsa="http://www.w3.org/2004/01/xmldsig-more#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.3">
+	<!--ECDSA key value root element-->
+	<xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/>
+	<xs:complexType name="ECDSAKeyValueType">
+		<xs:sequence>
+			<xs:element name="DomainParameters" type="ecdsa:DomainParamsType" minOccurs="0"/>
+			<xs:element name="PublicKey" type="ecdsa:ECPointType"/>
+		</xs:sequence>
+	</xs:complexType>
+	<!--EC domain parameters-->
+	<xs:complexType name="DomainParamsType">
+		<xs:choice>
+			<xs:element name="ExplicitParams" type="ecdsa:ExplicitParamsType"/>
+			<xs:element name="NamedCurve">
+				<xs:complexType>
+					<xs:attribute name="URN" type="xs:anyURI" use="required"/>
+				</xs:complexType>
+			</xs:element>
+		</xs:choice>
+	</xs:complexType>
+	<xs:complexType name="FieldParamsType" abstract="true"/>
+	<xs:complexType name="PrimeFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldParamsType">
+				<xs:sequence>
+					<xs:element name="P" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="CharTwoFieldParamsType" abstract="true">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldParamsType">
+				<xs:sequence>
+					<xs:element name="M" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="OddCharExtensionFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldParamsType">
+				<xs:sequence>
+					<xs:element name="M" type="xs:positiveInteger"/>
+					<xs:element name="W" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="TnBFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:CharTwoFieldParamsType">
+				<xs:sequence>
+					<xs:element name="K" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="PnBFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:CharTwoFieldParamsType">
+				<xs:sequence>
+					<xs:element name="K1" type="xs:positiveInteger"/>
+					<xs:element name="K2" type="xs:positiveInteger"/>
+					<xs:element name="K3" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="ExplicitParamsType">
+		<xs:sequence>
+			<xs:element name="FieldParams" type="ecdsa:FieldParamsType"/>
+			<xs:element name="CurveParams" type="ecdsa:CurveParamsType"/>
+			<xs:element name="BasePointParams" type="ecdsa:BasePointParamsType"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="CurveParamsType">
+		<xs:sequence>
+			<xs:element name="A" type="ecdsa:FieldElemType"/>
+			<xs:element name="B" type="ecdsa:FieldElemType"/>
+			<xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="BasePointParamsType">
+		<xs:sequence>
+			<xs:element name="BasePoint" type="ecdsa:ECPointType"/>
+			<xs:element name="Order" type="xs:positiveInteger"/>
+			<xs:element name="Cofactor" type="xs:positiveInteger" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<!--EC point-->
+	<xs:complexType name="ECPointType">
+		<xs:sequence minOccurs="0">
+			<xs:element name="X" type="ecdsa:FieldElemType"/>
+			<xs:element name="Y" type="ecdsa:FieldElemType"/>
+		</xs:sequence>
+	</xs:complexType>
+	<!--Field element-->
+	<xs:complexType name="FieldElemType" abstract="true"/>
+	<xs:complexType name="PrimeFieldElemType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldElemType">
+				<xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="CharTwoFieldElemType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldElemType">
+				<xs:attribute name="Value" type="xs:hexBinary" use="required"/>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="OddCharExtensionFieldElemType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldElemType">
+				<xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/ECDSAKeyValue.xsd b/moaSig/common/src/main/resources/resources/schemas/ECDSAKeyValue.xsd
new file mode 100644
index 0000000..7a01b23
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/ECDSAKeyValue.xsd
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema targetNamespace="http://www.w3.org/2001/04/xmldsig-more#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.3">
+	<!--ECDSA key value root element-->
+	<xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/>
+	<xs:complexType name="ECDSAKeyValueType">
+		<xs:sequence>
+			<xs:element name="DomainParameters" type="ecdsa:DomainParamsType" minOccurs="0"/>
+			<xs:element name="PublicKey" type="ecdsa:ECPointType"/>
+		</xs:sequence>
+	</xs:complexType>
+	<!--EC domain parameters-->
+	<xs:complexType name="DomainParamsType">
+		<xs:choice>
+			<xs:element name="ExplicitParams" type="ecdsa:ExplicitParamsType"/>
+			<xs:element name="NamedCurve">
+				<xs:complexType>
+					<xs:attribute name="URN" type="xs:anyURI" use="required"/>
+				</xs:complexType>
+			</xs:element>
+		</xs:choice>
+	</xs:complexType>
+	<xs:complexType name="FieldParamsType" abstract="true"/>
+	<xs:complexType name="PrimeFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldParamsType">
+				<xs:sequence>
+					<xs:element name="P" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="CharTwoFieldParamsType" abstract="true">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldParamsType">
+				<xs:sequence>
+					<xs:element name="M" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="OddCharExtensionFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldParamsType">
+				<xs:sequence>
+					<xs:element name="M" type="xs:positiveInteger"/>
+					<xs:element name="W" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="TnBFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:CharTwoFieldParamsType">
+				<xs:sequence>
+					<xs:element name="K" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="PnBFieldParamsType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:CharTwoFieldParamsType">
+				<xs:sequence>
+					<xs:element name="K1" type="xs:positiveInteger"/>
+					<xs:element name="K2" type="xs:positiveInteger"/>
+					<xs:element name="K3" type="xs:positiveInteger"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="ExplicitParamsType">
+		<xs:sequence>
+			<xs:element name="FieldParams" type="ecdsa:FieldParamsType"/>
+			<xs:element name="CurveParams" type="ecdsa:CurveParamsType"/>
+			<xs:element name="BasePointParams" type="ecdsa:BasePointParamsType"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="CurveParamsType">
+		<xs:sequence>
+			<xs:element name="A" type="ecdsa:FieldElemType"/>
+			<xs:element name="B" type="ecdsa:FieldElemType"/>
+			<xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="BasePointParamsType">
+		<xs:sequence>
+			<xs:element name="BasePoint" type="ecdsa:ECPointType"/>
+			<xs:element name="Order" type="xs:positiveInteger"/>
+			<xs:element name="Cofactor" type="xs:positiveInteger" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<!--EC point-->
+	<xs:complexType name="ECPointType">
+		<xs:sequence minOccurs="0">
+			<xs:element name="X" type="ecdsa:FieldElemType"/>
+			<xs:element name="Y" type="ecdsa:FieldElemType"/>
+		</xs:sequence>
+	</xs:complexType>
+	<!--Field element-->
+	<xs:complexType name="FieldElemType" abstract="true"/>
+	<xs:complexType name="PrimeFieldElemType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldElemType">
+				<xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="CharTwoFieldElemType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldElemType">
+				<xs:attribute name="Value" type="xs:hexBinary" use="required"/>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="OddCharExtensionFieldElemType">
+		<xs:complexContent>
+			<xs:extension base="ecdsa:FieldElemType">
+				<xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.2.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.2.xsd
new file mode 100644
index 0000000..4b018db
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.2.xsd
@@ -0,0 +1,350 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->

+<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.20020225.xsd"/>

+	<xsd:element name="Configuration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>

+				<xsd:element name="Binding" minOccurs="0" maxOccurs="1">

+				<xsd:simpleType>

+					<xsd:restriction base="xsd:string">

+						<xsd:enumeration value="full"/>

+						<xsd:enumeration value="userName"/>

+						<xsd:enumeration value="none"/>

+					</xsd:restriction>

+				</xsd:simpleType>

+				</xsd:element>

+				<xsd:choice>

+					<xsd:element ref="ParamAuth"/>

+					<xsd:element ref="BasicAuth"/>

+					<xsd:element ref="HeaderAuth"/>

+				</xsd:choice>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="LoginType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="stateless"/>

+			<xsd:enumeration value="stateful"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="ParamAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Parameter">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="BasicAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="UserID" type="MOAAuthDataType"/>

+				<xsd:element name="Password" type="MOAAuthDataType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="HeaderAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Header" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Header">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="MOAAuthDataType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="MOAGivenName"/>

+			<xsd:enumeration value="MOAFamilyName"/>

+			<xsd:enumeration value="MOADateOfBirth"/>

+			<xsd:enumeration value="MOABPK"/>

+			<xsd:enumeration value="MOAPublicAuthority"/>

+			<xsd:enumeration value="MOABKZ"/>

+			<xsd:enumeration value="MOAQualifiedCertificate"/>

+			<xsd:enumeration value="MOAStammzahl"/>

+			<xsd:enumeration value="MOAIdentificationValueType"/>

+			<xsd:enumeration value="MOAIPAddress"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MOAKeyBoxSelector">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="SecureSignatureKeypair"/>

+			<xsd:enumeration value="CertifiedKeypair"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->

+	<xsd:element name="MOA-IDConfiguration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter der 

+							Authentisierungs-Komponente</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="ProxyComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Konfigurationsparameter der 

+							Proxy-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="AuthComponent">

+								<xsd:annotation>

+									<xsd:documentation>enthält Parameter für die Kommunikation zw. 

+										Proxykomponente und Authenttisierungskomponente</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:sequence>

+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+											<xsd:annotation>

+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 

+													Proxy-Komponente zur Auth-Komponente (vgl. 

+													AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>

+											</xsd:annotation>

+										</xsd:element>

+									</xsd:sequence>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="OnlineApplicationType">

+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>

+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ChainingModes" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die 

+							Zertifikatspfadvalidierung</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+							<xsd:element name="TrustAnchor">

+								<xsd:annotation>

+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann 

+										für jeden TrustAnchor gesetzt werden</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:complexContent>

+										<xsd:extension base="dsig:X509IssuerSerialType">

+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>

+										</xsd:extension>

+									</xsd:complexContent>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA 

+							(Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">

+					<xsd:complexType>

+						<xsd:attribute name="name" type="xsd:string" use="required"/>

+						<xsd:attribute name="value" type="xsd:string" use="required"/>

+					</xsd:complexType>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="AuthComponentType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelection" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>

+					</xsd:sequence>

+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="SecurityLayer">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem 

+						Security-Layer</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="TransformsInfo" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem 

+									Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo 

+									werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks 

+									inkludiert</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="MOA-SP">

+				<xsd:annotation>

+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA 

+						SP Modul</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 

+									AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; 

+									wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; 

+									wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben 

+									werden; wird das Element nicht verwendet dann wird MOA-SP über das API 

+									aufgerufen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="VerifyIdentityLink">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung der 

+									Personenbindung</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="VerifyAuthBlock">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung des 

+									AUTH-Blocks</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="IdentityLinkSigners">

+				<xsd:annotation>

+					<xsd:documentation>enthält Informationen über akzeptierte Signers des 

+						IdentityLinks</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per 

+									X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ProxyComponentType"/>

+	<xsd:complexType name="OnlineApplicationType">

+		<xsd:sequence>

+			<xsd:element name="AuthComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die 

+						Authentisierungs-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ProxyComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 

+						betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 

+									betreffen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>

+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>

+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>

+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterServerAuthType">

+		<xsd:sequence>

+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der 

+						TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterClientAuthType">

+		<xsd:complexContent>

+			<xsd:extension base="ConnectionParameterServerAuthType">

+				<xsd:sequence>

+					<xsd:element name="ClientKeyStore" minOccurs="0">

+						<xsd:annotation>

+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für 

+								die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>

+						</xsd:annotation>

+						<xsd:complexType>

+							<xsd:simpleContent>

+								<xsd:extension base="xsd:anyURI">

+									<xsd:attribute name="password" type="xsd:string" use="optional"/>

+								</xsd:extension>

+							</xsd:simpleContent>

+						</xsd:complexType>

+					</xsd:element>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:element name="TrustProfileID" type="xsd:string"/>

+	<xsd:simpleType name="ChainingModeType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="chaining"/>

+			<xsd:enumeration value="pkix"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="BKUSelectionType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="HTMLComplete"/>

+			<xsd:enumeration value="HTMLSelect"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.3.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.3.xsd
new file mode 100644
index 0000000..66c6e18
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.3.xsd
@@ -0,0 +1,424 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->

+<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.20020225.xsd"/>

+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>

+	<xsd:element name="Configuration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>

+				<xsd:element name="Binding" minOccurs="0">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:string">

+							<xsd:enumeration value="full"/>

+							<xsd:enumeration value="userName"/>

+							<xsd:enumeration value="none"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:element>

+				<xsd:choice>

+					<xsd:element ref="ParamAuth"/>

+					<xsd:element ref="BasicAuth"/>

+					<xsd:element ref="HeaderAuth"/>

+				</xsd:choice>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="LoginType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="stateless"/>

+			<xsd:enumeration value="stateful"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="ParamAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Parameter">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="BasicAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="UserID" type="MOAAuthDataType"/>

+				<xsd:element name="Password" type="MOAAuthDataType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="HeaderAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Header" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Header">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="MOAAuthDataType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="MOAGivenName"/>

+			<xsd:enumeration value="MOAFamilyName"/>

+			<xsd:enumeration value="MOADateOfBirth"/>

+			<xsd:enumeration value="MOABPK"/>

+			<xsd:enumeration value="MOAWBPK"/>

+			<xsd:enumeration value="MOAPublicAuthority"/>

+			<xsd:enumeration value="MOABKZ"/>

+			<xsd:enumeration value="MOAQualifiedCertificate"/>

+			<xsd:enumeration value="MOAStammzahl"/>

+			<xsd:enumeration value="MOAIdentificationValueType"/>

+			<xsd:enumeration value="MOAIPAddress"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MOAKeyBoxSelector">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="SecureSignatureKeypair"/>

+			<xsd:enumeration value="CertifiedKeypair"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->

+	<xsd:element name="MOA-IDConfiguration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter der 

+							Authentisierungs-Komponente</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="ProxyComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Konfigurationsparameter der 

+							Proxy-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="AuthComponent">

+								<xsd:annotation>

+									<xsd:documentation>enthält Parameter für die Kommunikation zw. 

+										Proxykomponente und Authenttisierungskomponente</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:sequence>

+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+											<xsd:annotation>

+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 

+													Proxy-Komponente zur Auth-Komponente (vgl. 

+													AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>

+											</xsd:annotation>

+										</xsd:element>

+									</xsd:sequence>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="OnlineApplicationType">

+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>

+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>

+								<xsd:attribute name="type" use="optional" default="publicService">

+									<xsd:simpleType>

+										<xsd:restriction base="xsd:NMTOKEN">

+											<xsd:enumeration value="businessService"/>

+											<xsd:enumeration value="publicService"/>

+										</xsd:restriction>

+									</xsd:simpleType>

+								</xsd:attribute>

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ChainingModes" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die 

+							Zertifikatspfadvalidierung</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+							<xsd:element name="TrustAnchor">

+								<xsd:annotation>

+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann 

+										für jeden TrustAnchor gesetzt werden</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:complexContent>

+										<xsd:extension base="dsig:X509IssuerSerialType">

+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>

+										</xsd:extension>

+									</xsd:complexContent>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA 

+							(Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">

+					<xsd:complexType>

+						<xsd:attribute name="name" use="required">

+							<xsd:simpleType>

+								<xsd:restriction base="xsd:string">

+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>

+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>

+									<xsd:enumeration value="AuthenticationData.TimeOut"/>

+									<xsd:enumeration value="TrustManager.RevocationChecking"/>

+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>

+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>

+								</xsd:restriction>

+							</xsd:simpleType>

+						</xsd:attribute>

+						<xsd:attribute name="value" type="xsd:string" use="required"/>

+					</xsd:complexType>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="AuthComponentType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelection" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>

+					</xsd:sequence>

+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0" maxOccurs="1" />

+			<xsd:element name="SecurityLayer">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem 

+						Security-Layer</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="MOA-SP">

+				<xsd:annotation>

+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA 

+						SP Modul</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 

+									AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; 

+									wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; 

+									wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben 

+									werden; wird das Element nicht verwendet dann wird MOA-SP über das API 

+									aufgerufen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="VerifyIdentityLink">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung der 

+									Personenbindung</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="VerifyAuthBlock">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung des 

+									AUTH-Blocks</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="IdentityLinkSigners">

+				<xsd:annotation>

+					<xsd:documentation>enthält Informationen über akzeptierte Signers des 

+						IdentityLinks</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per 

+									X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem 

+				Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo 

+				werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks 

+				inkludiert</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="TemplatesType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0" maxOccurs="1"/>

+			<xsd:element name="Template" type="TemplateType" minOccurs="0" maxOccurs="1"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TemplateType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ProxyComponentType"/>

+	<xsd:complexType name="OnlineApplicationType">

+		<xsd:sequence>

+			<xsd:element name="AuthComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die 

+						Authentisierungs-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<!--xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="pr:AbstractSimpleIdentification"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element-->						

+						<xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:choice>

+									<xsd:element ref="pr:Firmenbuchnummer"/>

+									<xsd:element ref="pr:ZMRzahl"/>

+									<xsd:element ref="pr:Vereinsnummer"/>

+									<xsd:element ref="pr:ERJPZahl"/>

+									<xsd:element name="AnyNumber">

+										<xsd:complexType>

+											<xsd:simpleContent>

+												<xsd:extension base="xsd:string">

+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+												</xsd:extension>

+											</xsd:simpleContent>

+										</xsd:complexType>

+									</xsd:element>

+								</xsd:choice>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0" maxOccurs="1" />

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>

+					</xsd:sequence>

+					<xsd:attribute name="slVersion" use="optional" default="1.1">

+						<xsd:simpleType>

+							<xsd:restriction base="xsd:string">

+								<xsd:enumeration value="1.1"/>

+								<xsd:enumeration value="1.2"/>

+							</xsd:restriction>

+						</xsd:simpleType>

+					</xsd:attribute>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>

+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ProxyComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 

+						betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 

+									betreffen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>

+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>

+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>

+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>

+				</xsd:complexType>

+			</xsd:element>

+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterServerAuthType">

+		<xsd:sequence>

+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der 

+						TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterClientAuthType">

+		<xsd:complexContent>

+			<xsd:extension base="ConnectionParameterServerAuthType">

+				<xsd:sequence>

+					<xsd:element name="ClientKeyStore" minOccurs="0">

+						<xsd:annotation>

+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für 

+								die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>

+						</xsd:annotation>

+						<xsd:complexType>

+							<xsd:simpleContent>

+								<xsd:extension base="xsd:anyURI">

+									<xsd:attribute name="password" type="xsd:string" use="optional"/>

+								</xsd:extension>

+							</xsd:simpleContent>

+						</xsd:complexType>

+					</xsd:element>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:element name="TrustProfileID" type="xsd:string"/>

+	<xsd:simpleType name="ChainingModeType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="chaining"/>

+			<xsd:enumeration value="pkix"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="BKUSelectionType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="HTMLComplete"/>

+			<xsd:enumeration value="HTMLSelect"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
new file mode 100644
index 0000000..3607898
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
@@ -0,0 +1,616 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.2">

+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>

+	<xsd:element name="Configuration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>

+				<xsd:element name="Binding" minOccurs="0">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:string">

+							<xsd:enumeration value="full"/>

+							<xsd:enumeration value="userName"/>

+							<xsd:enumeration value="none"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:element>

+				<xsd:choice>

+					<xsd:element ref="ParamAuth"/>

+					<xsd:element ref="BasicAuth"/>

+					<xsd:element ref="HeaderAuth"/>

+				</xsd:choice>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="LoginType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="stateless"/>

+			<xsd:enumeration value="stateful"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="ParamAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Parameter">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="BasicAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="UserID" type="MOAAuthDataType"/>

+				<xsd:element name="Password" type="MOAAuthDataType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="HeaderAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Header" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Header">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="MOAAuthDataType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="MOAGivenName"/>

+			<xsd:enumeration value="MOAFamilyName"/>

+			<xsd:enumeration value="MOADateOfBirth"/>

+			<xsd:enumeration value="MOABPK"/>

+			<xsd:enumeration value="MOAWBPK"/>

+			<xsd:enumeration value="MOAPublicAuthority"/>

+			<xsd:enumeration value="MOABKZ"/>

+			<xsd:enumeration value="MOAQualifiedCertificate"/>

+			<xsd:enumeration value="MOAStammzahl"/>

+			<xsd:enumeration value="MOAIdentificationValueType"/>

+			<xsd:enumeration value="MOAIPAddress"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MOAKeyBoxSelector">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="SecureSignatureKeypair"/>

+			<xsd:enumeration value="CertifiedKeypair"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->

+	<xsd:element name="MOA-IDConfiguration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="ProxyComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="AuthComponent">

+								<xsd:annotation>

+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:sequence>

+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+											<xsd:annotation>

+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>

+											</xsd:annotation>

+										</xsd:element>

+									</xsd:sequence>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="OnlineApplicationType">

+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>

+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>

+								<xsd:attribute name="type" use="optional" default="publicService">

+									<xsd:simpleType>

+										<xsd:restriction base="xsd:NMTOKEN">

+											<xsd:enumeration value="businessService"/>

+											<xsd:enumeration value="publicService"/>

+										</xsd:restriction>

+									</xsd:simpleType>

+								</xsd:attribute>

+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ChainingModes" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+							<xsd:element name="TrustAnchor">

+								<xsd:annotation>

+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:complexContent>

+										<xsd:extension base="dsig:X509IssuerSerialType">

+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>

+										</xsd:extension>

+									</xsd:complexContent>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">

+					<xsd:complexType>

+						<xsd:attribute name="name" use="required">

+							<xsd:simpleType>

+								<xsd:restriction base="xsd:string">

+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>

+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>

+									<xsd:enumeration value="AuthenticationData.TimeOut"/>

+									<xsd:enumeration value="TrustManager.RevocationChecking"/>

+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>

+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>

+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>

+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>

+								</xsd:restriction>

+							</xsd:simpleType>

+						</xsd:attribute>

+						<xsd:attribute name="value" type="xsd:string" use="required"/>

+					</xsd:complexType>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="AuthComponentType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelection" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>

+					</xsd:sequence>

+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+			<xsd:element name="SecurityLayer">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="MOA-SP">

+				<xsd:annotation>

+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="VerifyIdentityLink">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="VerifyAuthBlock">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="IdentityLinkSigners" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="TemplatesType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TemplateType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="VerifyInfoboxesType">

+		<xsd:annotation>

+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="DefaultTrustProfile" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="TrustProfileID"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxType">

+		<xsd:annotation>

+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>

+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ParepSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="CompatibilityMode" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Legt fest ob Machtgeber und Machtnehmer in den Anmeldedaten ausgetauscht werden sollen. Lediglich die übermittelte Vollmacht gibt dann Aufschluss darüber, dass eine Vertretung vorliegt. Ziel dieses Schalters ist, dass bisherige Applikationen mit Vollmachten und beruflicher Parteienvertretung nachgerüstet werden können, ohne der Erfordernis Änderungen durchführen zu müssen.</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">

+							<xsd:annotation>

+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+	</xsd:complexType>

+	<xsd:complexType name="SchemaLocationType">

+		<xsd:annotation>

+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="Schema" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>

+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ProxyComponentType"/>

+	<xsd:complexType name="OnlineApplicationType">

+		<xsd:sequence>

+			<xsd:element name="AuthComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<!--xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="pr:AbstractSimpleIdentification"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element-->

+						<xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:choice>

+									<xsd:element ref="pr:Firmenbuchnummer"/>

+									<xsd:element ref="pr:ZMRzahl"/>

+									<xsd:element ref="pr:Vereinsnummer"/>

+									<xsd:element ref="pr:ERJPZahl"/>

+									<xsd:element name="AnyNumber">

+										<xsd:complexType>

+											<xsd:simpleContent>

+												<xsd:extension base="xsd:string">

+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+												</xsd:extension>

+											</xsd:simpleContent>

+										</xsd:complexType>

+									</xsd:element>

+								</xsd:choice>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>

+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>

+					</xsd:sequence>

+					<xsd:attribute name="slVersion" use="optional" default="1.1">

+						<xsd:simpleType>

+							<xsd:restriction base="xsd:string">

+								<xsd:enumeration value="1.1"/>

+								<xsd:enumeration value="1.2"/>

+							</xsd:restriction>

+						</xsd:simpleType>

+					</xsd:attribute>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>

+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ProxyComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>

+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>

+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>

+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>

+				</xsd:complexType>

+			</xsd:element>

+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterServerAuthType">

+		<xsd:sequence>

+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterClientAuthType">

+		<xsd:complexContent>

+			<xsd:extension base="ConnectionParameterServerAuthType">

+				<xsd:sequence>

+					<xsd:element name="ClientKeyStore" minOccurs="0">

+						<xsd:annotation>

+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>

+						</xsd:annotation>

+						<xsd:complexType>

+							<xsd:simpleContent>

+								<xsd:extension base="xsd:anyURI">

+									<xsd:attribute name="password" type="xsd:string" use="optional"/>

+								</xsd:extension>

+							</xsd:simpleContent>

+						</xsd:complexType>

+					</xsd:element>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:element name="TrustProfileID" type="xsd:string"/>

+	<xsd:simpleType name="ChainingModeType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="chaining"/>

+			<xsd:enumeration value="pkix"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="BKUSelectionType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="HTMLComplete"/>

+			<xsd:enumeration value="HTMLSelect"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="CompatibilityMode" default="false">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="EnableInfoboxValidator" default="true">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="AlwaysShowForm" default="false">

+		<xsd:annotation>

+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+		</xsd:annotation>

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:complexType name="InputProcessorType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:string">

+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">

+					<xsd:annotation>

+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>

+					</xsd:annotation>

+				</xsd:attribute>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentationType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentativeType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="oid" use="required">

+			<xsd:annotation>

+				<xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="1.2.40.0.10.3.1"/>

+					<xsd:enumeration value="1.2.40.0.10.3.2"/>

+					<xsd:enumeration value="1.2.40.0.10.3.3"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representCorporateParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representationText" use="optional">

+			<xsd:annotation>

+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>

+					<xsd:enumeration value="Organwalter"/>

+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+	</xsd:complexType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd
new file mode 100644
index 0000000..570bebd
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd
@@ -0,0 +1,612 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">

+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>

+	<xsd:element name="Configuration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>

+				<xsd:element name="Binding" minOccurs="0">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:string">

+							<xsd:enumeration value="full"/>

+							<xsd:enumeration value="userName"/>

+							<xsd:enumeration value="none"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:element>

+				<xsd:choice>

+					<xsd:element ref="ParamAuth"/>

+					<xsd:element ref="BasicAuth"/>

+					<xsd:element ref="HeaderAuth"/>

+				</xsd:choice>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="LoginType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="stateless"/>

+			<xsd:enumeration value="stateful"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="ParamAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Parameter">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="BasicAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="UserID" type="MOAAuthDataType"/>

+				<xsd:element name="Password" type="MOAAuthDataType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="HeaderAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Header" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Header">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="MOAAuthDataType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="MOAGivenName"/>

+			<xsd:enumeration value="MOAFamilyName"/>

+			<xsd:enumeration value="MOADateOfBirth"/>

+			<xsd:enumeration value="MOABPK"/>

+			<xsd:enumeration value="MOAWBPK"/>

+			<xsd:enumeration value="MOAPublicAuthority"/>

+			<xsd:enumeration value="MOABKZ"/>

+			<xsd:enumeration value="MOAQualifiedCertificate"/>

+			<xsd:enumeration value="MOAStammzahl"/>

+			<xsd:enumeration value="MOAIdentificationValueType"/>

+			<xsd:enumeration value="MOAIPAddress"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MOAKeyBoxSelector">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="SecureSignatureKeypair"/>

+			<xsd:enumeration value="CertifiedKeypair"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->

+	<xsd:element name="MOA-IDConfiguration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="ProxyComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="AuthComponent">

+								<xsd:annotation>

+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:sequence>

+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+											<xsd:annotation>

+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>

+											</xsd:annotation>

+										</xsd:element>

+									</xsd:sequence>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="OnlineApplicationType">

+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>

+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>

+								<xsd:attribute name="type" use="optional" default="publicService">

+									<xsd:simpleType>

+										<xsd:restriction base="xsd:NMTOKEN">

+											<xsd:enumeration value="businessService"/>

+											<xsd:enumeration value="publicService"/>

+										</xsd:restriction>

+									</xsd:simpleType>

+								</xsd:attribute>

+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ChainingModes" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+							<xsd:element name="TrustAnchor">

+								<xsd:annotation>

+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:complexContent>

+										<xsd:extension base="dsig:X509IssuerSerialType">

+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>

+										</xsd:extension>

+									</xsd:complexContent>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">

+					<xsd:complexType>

+						<xsd:attribute name="name" use="required">

+							<xsd:simpleType>

+								<xsd:restriction base="xsd:string">

+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>

+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>

+									<xsd:enumeration value="AuthenticationData.TimeOut"/>

+									<xsd:enumeration value="TrustManager.RevocationChecking"/>

+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>

+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>

+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>

+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>

+									<xsd:enumeration value="AuthenticationServer.SourceID"/>

+								</xsd:restriction>

+							</xsd:simpleType>

+						</xsd:attribute>

+						<xsd:attribute name="value" type="xsd:string" use="required"/>

+					</xsd:complexType>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="AuthComponentType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelection" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>

+					</xsd:sequence>

+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+			<xsd:element name="SecurityLayer">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="MOA-SP">

+				<xsd:annotation>

+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="VerifyIdentityLink">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="VerifyAuthBlock">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="IdentityLinkSigners" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="TemplatesType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TemplateType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="VerifyInfoboxesType">

+		<xsd:annotation>

+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="DefaultTrustProfile" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="TrustProfileID"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxType">

+		<xsd:annotation>

+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>

+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ParepSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">

+							<xsd:annotation>

+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+	</xsd:complexType>

+	<xsd:complexType name="SchemaLocationType">

+		<xsd:annotation>

+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="Schema" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>

+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ProxyComponentType"/>

+	<xsd:complexType name="OnlineApplicationType">

+		<xsd:sequence>

+			<xsd:element name="AuthComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<!--xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="pr:AbstractSimpleIdentification"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element-->

+						<xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:choice>

+									<xsd:element ref="pr:Firmenbuchnummer"/>

+									<xsd:element ref="pr:ZMRzahl"/>

+									<xsd:element ref="pr:Vereinsnummer"/>

+									<xsd:element ref="pr:ERJPZahl"/>

+									<xsd:element name="AnyNumber">

+										<xsd:complexType>

+											<xsd:simpleContent>

+												<xsd:extension base="xsd:string">

+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+												</xsd:extension>

+											</xsd:simpleContent>

+										</xsd:complexType>

+									</xsd:element>

+								</xsd:choice>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>

+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>

+					</xsd:sequence>

+					<xsd:attribute name="slVersion" use="optional" default="1.1">

+						<xsd:simpleType>

+							<xsd:restriction base="xsd:string">

+								<xsd:enumeration value="1.1"/>

+								<xsd:enumeration value="1.2"/>

+							</xsd:restriction>

+						</xsd:simpleType>

+					</xsd:attribute>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>

+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ProxyComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>

+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>

+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>

+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>

+				</xsd:complexType>

+			</xsd:element>

+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterServerAuthType">

+		<xsd:sequence>

+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterClientAuthType">

+		<xsd:complexContent>

+			<xsd:extension base="ConnectionParameterServerAuthType">

+				<xsd:sequence>

+					<xsd:element name="ClientKeyStore" minOccurs="0">

+						<xsd:annotation>

+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>

+						</xsd:annotation>

+						<xsd:complexType>

+							<xsd:simpleContent>

+								<xsd:extension base="xsd:anyURI">

+									<xsd:attribute name="password" type="xsd:string" use="optional"/>

+								</xsd:extension>

+							</xsd:simpleContent>

+						</xsd:complexType>

+					</xsd:element>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:element name="TrustProfileID" type="xsd:string"/>

+	<xsd:simpleType name="ChainingModeType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="chaining"/>

+			<xsd:enumeration value="pkix"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="BKUSelectionType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="HTMLComplete"/>

+			<xsd:enumeration value="HTMLSelect"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="CompatibilityMode" default="false">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="EnableInfoboxValidator" default="true">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="AlwaysShowForm" default="false">

+		<xsd:annotation>

+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+		</xsd:annotation>

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:complexType name="InputProcessorType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:string">

+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">

+					<xsd:annotation>

+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>

+					</xsd:annotation>

+				</xsd:attribute>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentationType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentativeType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="oid" use="required">

+			<xsd:annotation>

+				<xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="1.2.40.0.10.3.1"/>

+					<xsd:enumeration value="1.2.40.0.10.3.2"/>

+					<xsd:enumeration value="1.2.40.0.10.3.3"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representCorporateParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representationText" use="optional">

+			<xsd:annotation>

+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>

+					<xsd:enumeration value="Organwalter"/>

+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+	</xsd:complexType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd
new file mode 100644
index 0000000..dffca21
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd
@@ -0,0 +1,625 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XMLSpy v2010 (http://www.altova.com) by ks (ks) -->

+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">

+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>

+	<xsd:element name="Configuration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>

+				<xsd:element name="Binding" minOccurs="0">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:string">

+							<xsd:enumeration value="full"/>

+							<xsd:enumeration value="userName"/>

+							<xsd:enumeration value="none"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:element>

+				<xsd:choice>

+					<xsd:element ref="ParamAuth"/>

+					<xsd:element ref="BasicAuth"/>

+					<xsd:element ref="HeaderAuth"/>

+				</xsd:choice>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="LoginType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="stateless"/>

+			<xsd:enumeration value="stateful"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="ParamAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Parameter">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="BasicAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="UserID" type="MOAAuthDataType"/>

+				<xsd:element name="Password" type="MOAAuthDataType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="HeaderAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Header" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Header">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="MOAAuthDataType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="MOAGivenName"/>

+			<xsd:enumeration value="MOAFamilyName"/>

+			<xsd:enumeration value="MOADateOfBirth"/>

+			<xsd:enumeration value="MOABPK"/>

+			<xsd:enumeration value="MOAWBPK"/>

+			<xsd:enumeration value="MOAPublicAuthority"/>

+			<xsd:enumeration value="MOABKZ"/>

+			<xsd:enumeration value="MOAQualifiedCertificate"/>

+			<xsd:enumeration value="MOAStammzahl"/>

+			<xsd:enumeration value="MOAIdentificationValueType"/>

+			<xsd:enumeration value="MOAIPAddress"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MOAKeyBoxSelector">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="SecureSignatureKeypair"/>

+			<xsd:enumeration value="CertifiedKeypair"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->

+	<xsd:element name="MOA-IDConfiguration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="ProxyComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="AuthComponent">

+								<xsd:annotation>

+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:sequence>

+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+											<xsd:annotation>

+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>

+											</xsd:annotation>

+										</xsd:element>

+									</xsd:sequence>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="OnlineApplicationType">

+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>

+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>

+								<xsd:attribute name="type" use="optional" default="publicService">

+									<xsd:simpleType>

+										<xsd:restriction base="xsd:NMTOKEN">

+											<xsd:enumeration value="businessService"/>

+											<xsd:enumeration value="publicService"/>

+										</xsd:restriction>

+									</xsd:simpleType>

+								</xsd:attribute>

+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>

+								<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ChainingModes" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+							<xsd:element name="TrustAnchor">

+								<xsd:annotation>

+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:complexContent>

+										<xsd:extension base="dsig:X509IssuerSerialType">

+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>

+										</xsd:extension>

+									</xsd:complexContent>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">

+					<xsd:complexType>

+						<xsd:attribute name="name" use="required">

+							<xsd:simpleType>

+								<xsd:restriction base="xsd:string">

+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>

+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>

+									<xsd:enumeration value="AuthenticationData.TimeOut"/>

+									<xsd:enumeration value="TrustManager.RevocationChecking"/>

+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>

+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>

+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>

+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>

+									<xsd:enumeration value="AuthenticationServer.SourceID"/>

+								</xsd:restriction>

+							</xsd:simpleType>

+						</xsd:attribute>

+						<xsd:attribute name="value" type="xsd:string" use="required"/>

+					</xsd:complexType>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="AuthComponentType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelection" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>

+					</xsd:sequence>

+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+			<xsd:element name="SecurityLayer">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="MOA-SP">

+				<xsd:annotation>

+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="VerifyIdentityLink">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="VerifyAuthBlock">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="IdentityLinkSigners" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ForeignIdentities" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="TemplatesType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TemplateType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="VerifyInfoboxesType">

+		<xsd:annotation>

+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="DefaultTrustProfile" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="TrustProfileID"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxType">

+		<xsd:annotation>

+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>

+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ParepSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">

+							<xsd:annotation>

+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+	</xsd:complexType>

+	<xsd:complexType name="SchemaLocationType">

+		<xsd:annotation>

+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="Schema" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>

+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ProxyComponentType"/>

+	<xsd:complexType name="OnlineApplicationType">

+		<xsd:sequence>

+			<xsd:element name="AuthComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<!--xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="pr:AbstractSimpleIdentification"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element-->

+						<xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:choice>

+									<xsd:element ref="pr:Firmenbuchnummer"/>

+									<xsd:element ref="pr:ZMRzahl"/>

+									<xsd:element ref="pr:Vereinsnummer"/>

+									<xsd:element ref="pr:ERJPZahl"/>

+									<xsd:element name="AnyNumber">

+										<xsd:complexType>

+											<xsd:simpleContent>

+												<xsd:extension base="xsd:string">

+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+												</xsd:extension>

+											</xsd:simpleContent>

+										</xsd:complexType>

+									</xsd:element>

+								</xsd:choice>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>

+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>

+					</xsd:sequence>

+					<xsd:attribute name="slVersion" use="optional" default="1.1">

+						<xsd:simpleType>

+							<xsd:restriction base="xsd:string">

+								<xsd:enumeration value="1.1"/>

+								<xsd:enumeration value="1.2"/>

+							</xsd:restriction>

+						</xsd:simpleType>

+					</xsd:attribute>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>

+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ProxyComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>

+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>

+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>

+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>

+				</xsd:complexType>

+			</xsd:element>

+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterServerAuthType">

+		<xsd:sequence>

+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterClientAuthType">

+		<xsd:complexContent>

+			<xsd:extension base="ConnectionParameterServerAuthType">

+				<xsd:sequence>

+					<xsd:element name="ClientKeyStore" minOccurs="0">

+						<xsd:annotation>

+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>

+						</xsd:annotation>

+						<xsd:complexType>

+							<xsd:simpleContent>

+								<xsd:extension base="xsd:anyURI">

+									<xsd:attribute name="password" type="xsd:string" use="optional"/>

+								</xsd:extension>

+							</xsd:simpleContent>

+						</xsd:complexType>

+					</xsd:element>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:element name="TrustProfileID" type="xsd:string"/>

+	<xsd:simpleType name="ChainingModeType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="chaining"/>

+			<xsd:enumeration value="pkix"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="BKUSelectionType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="HTMLComplete"/>

+			<xsd:enumeration value="HTMLSelect"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="CompatibilityMode" default="false">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="EnableInfoboxValidator" default="true">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="AlwaysShowForm" default="false">

+		<xsd:annotation>

+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+		</xsd:annotation>

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:complexType name="InputProcessorType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:string">

+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">

+					<xsd:annotation>

+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>

+					</xsd:annotation>

+				</xsd:attribute>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentationType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentativeType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="oid" use="required">

+			<xsd:annotation>

+				<xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="1.2.40.0.10.3.1"/>

+					<xsd:enumeration value="1.2.40.0.10.3.2"/>

+					<xsd:enumeration value="1.2.40.0.10.3.3"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representCorporateParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representationText" use="optional">

+			<xsd:annotation>

+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>

+					<xsd:enumeration value="Organwalter"/>

+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+	</xsd:complexType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.xsd
new file mode 100644
index 0000000..66a9c0e
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.xsd
@@ -0,0 +1,505 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->

+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>

+	<xsd:element name="Configuration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>

+				<xsd:element name="Binding" minOccurs="0">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:string">

+							<xsd:enumeration value="full"/>

+							<xsd:enumeration value="userName"/>

+							<xsd:enumeration value="none"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:element>

+				<xsd:choice>

+					<xsd:element ref="ParamAuth"/>

+					<xsd:element ref="BasicAuth"/>

+					<xsd:element ref="HeaderAuth"/>

+				</xsd:choice>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="LoginType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="stateless"/>

+			<xsd:enumeration value="stateful"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="ParamAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Parameter">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="BasicAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="UserID" type="MOAAuthDataType"/>

+				<xsd:element name="Password" type="MOAAuthDataType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="HeaderAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Header" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Header">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="MOAAuthDataType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="MOAGivenName"/>

+			<xsd:enumeration value="MOAFamilyName"/>

+			<xsd:enumeration value="MOADateOfBirth"/>

+			<xsd:enumeration value="MOABPK"/>

+			<xsd:enumeration value="MOAWBPK"/>

+			<xsd:enumeration value="MOAPublicAuthority"/>

+			<xsd:enumeration value="MOABKZ"/>

+			<xsd:enumeration value="MOAQualifiedCertificate"/>

+			<xsd:enumeration value="MOAStammzahl"/>

+			<xsd:enumeration value="MOAIdentificationValueType"/>

+			<xsd:enumeration value="MOAIPAddress"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MOAKeyBoxSelector">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="SecureSignatureKeypair"/>

+			<xsd:enumeration value="CertifiedKeypair"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->

+	<xsd:element name="MOA-IDConfiguration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter der 

+							Authentisierungs-Komponente</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="ProxyComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Konfigurationsparameter der 

+							Proxy-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="AuthComponent">

+								<xsd:annotation>

+									<xsd:documentation>enthält Parameter für die Kommunikation zw. 

+										Proxykomponente und Authenttisierungskomponente</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:sequence>

+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+											<xsd:annotation>

+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 

+													Proxy-Komponente zur Auth-Komponente (vgl. 

+													AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>

+											</xsd:annotation>

+										</xsd:element>

+									</xsd:sequence>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="OnlineApplicationType">

+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>

+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>

+								<xsd:attribute name="type" use="optional" default="publicService">

+									<xsd:simpleType>

+										<xsd:restriction base="xsd:NMTOKEN">

+											<xsd:enumeration value="businessService"/>

+											<xsd:enumeration value="publicService"/>

+										</xsd:restriction>

+									</xsd:simpleType>

+								</xsd:attribute>

+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ChainingModes" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die 

+							Zertifikatspfadvalidierung</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+							<xsd:element name="TrustAnchor">

+								<xsd:annotation>

+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann 

+										für jeden TrustAnchor gesetzt werden</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:complexContent>

+										<xsd:extension base="dsig:X509IssuerSerialType">

+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>

+										</xsd:extension>

+									</xsd:complexContent>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA 

+							(Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">

+					<xsd:complexType>

+						<xsd:attribute name="name" use="required">

+							<xsd:simpleType>

+								<xsd:restriction base="xsd:string">

+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>

+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>

+									<xsd:enumeration value="AuthenticationData.TimeOut"/>

+									<xsd:enumeration value="TrustManager.RevocationChecking"/>

+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>

+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>

+								</xsd:restriction>

+							</xsd:simpleType>

+						</xsd:attribute>

+						<xsd:attribute name="value" type="xsd:string" use="required"/>

+					</xsd:complexType>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="AuthComponentType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelection" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>

+					</xsd:sequence>

+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+			<xsd:element name="SecurityLayer">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem 

+						Security-Layer</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="MOA-SP">

+				<xsd:annotation>

+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA 

+						SP Modul</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 

+									AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; 

+									wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; 

+									wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben 

+									werden; wird das Element nicht verwendet dann wird MOA-SP über das API 

+									aufgerufen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="VerifyIdentityLink">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung der 

+									Personenbindung</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="VerifyAuthBlock">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung des 

+									AUTH-Blocks</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="IdentityLinkSigners" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Informationen über akzeptierte Signers des 

+						IdentityLinks</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per 

+									X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem 

+				Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo 

+				werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks 

+				inkludiert</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="TemplatesType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TemplateType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="VerifyInfoboxesType">

+		<xsd:annotation>

+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="DefaultTrustProfile" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="TrustProfileID"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Infobox" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll;

+								z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird

+								das Identifier-Attribut verwendet</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox

+								verwendet werden soll</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox

+								verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname

+								vom Default Package- und Klassennamen abweichen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>

+						<xsd:element name="ApplicationSpecificParameters" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation

+									 übergeben werden</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+					<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="SchemaLocationType">

+		<xsd:annotation>

+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="Schema" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>

+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ProxyComponentType"/>

+	<xsd:complexType name="OnlineApplicationType">

+		<xsd:sequence>

+			<xsd:element name="AuthComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die 

+						Authentisierungs-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<!--xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="pr:AbstractSimpleIdentification"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element-->

+						<xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:choice>

+									<xsd:element ref="pr:Firmenbuchnummer"/>

+									<xsd:element ref="pr:ZMRzahl"/>

+									<xsd:element ref="pr:Vereinsnummer"/>

+									<xsd:element ref="pr:ERJPZahl"/>

+									<xsd:element name="AnyNumber">

+										<xsd:complexType>

+											<xsd:simpleContent>

+												<xsd:extension base="xsd:string">

+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+												</xsd:extension>

+											</xsd:simpleContent>

+										</xsd:complexType>

+									</xsd:element>

+								</xsd:choice>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>

+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>

+					</xsd:sequence>

+					<xsd:attribute name="slVersion" use="optional" default="1.1">

+						<xsd:simpleType>

+							<xsd:restriction base="xsd:string">

+								<xsd:enumeration value="1.1"/>

+								<xsd:enumeration value="1.2"/>

+							</xsd:restriction>

+						</xsd:simpleType>

+					</xsd:attribute>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>

+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ProxyComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 

+						betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 

+									betreffen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>

+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>

+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>

+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>

+				</xsd:complexType>

+			</xsd:element>

+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterServerAuthType">

+		<xsd:sequence>

+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der 

+						TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterClientAuthType">

+		<xsd:complexContent>

+			<xsd:extension base="ConnectionParameterServerAuthType">

+				<xsd:sequence>

+					<xsd:element name="ClientKeyStore" minOccurs="0">

+						<xsd:annotation>

+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für 

+								die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>

+						</xsd:annotation>

+						<xsd:complexType>

+							<xsd:simpleContent>

+								<xsd:extension base="xsd:anyURI">

+									<xsd:attribute name="password" type="xsd:string" use="optional"/>

+								</xsd:extension>

+							</xsd:simpleContent>

+						</xsd:complexType>

+					</xsd:element>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:element name="TrustProfileID" type="xsd:string"/>

+	<xsd:simpleType name="ChainingModeType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="chaining"/>

+			<xsd:enumeration value="pkix"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="BKUSelectionType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="HTMLComplete"/>

+			<xsd:enumeration value="HTMLSelect"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
new file mode 100644
index 0000000..19b793f
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
@@ -0,0 +1,665 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Klaus Stranacher (Technische Universität Graz) -->

+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">

+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>

+	<xsd:element name="Configuration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>

+				<xsd:element name="Binding" minOccurs="0">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:string">

+							<xsd:enumeration value="full"/>

+							<xsd:enumeration value="userName"/>

+							<xsd:enumeration value="none"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:element>

+				<xsd:choice>

+					<xsd:element ref="ParamAuth"/>

+					<xsd:element ref="BasicAuth"/>

+					<xsd:element ref="HeaderAuth"/>

+				</xsd:choice>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="LoginType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="stateless"/>

+			<xsd:enumeration value="stateful"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="ParamAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Parameter">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="BasicAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="UserID" type="MOAAuthDataType"/>

+				<xsd:element name="Password" type="MOAAuthDataType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="HeaderAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Header" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Header">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="MOAAuthDataType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="MOAGivenName"/>

+			<xsd:enumeration value="MOAFamilyName"/>

+			<xsd:enumeration value="MOADateOfBirth"/>

+			<xsd:enumeration value="MOABPK"/>

+			<xsd:enumeration value="MOAWBPK"/>

+			<xsd:enumeration value="MOAPublicAuthority"/>

+			<xsd:enumeration value="MOABKZ"/>

+			<xsd:enumeration value="MOAQualifiedCertificate"/>

+			<xsd:enumeration value="MOAStammzahl"/>

+			<xsd:enumeration value="MOAIdentificationValueType"/>

+			<xsd:enumeration value="MOAIPAddress"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MOAKeyBoxSelector">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="SecureSignatureKeypair"/>

+			<xsd:enumeration value="CertifiedKeypair"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->

+	<xsd:element name="MOA-IDConfiguration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="ProxyComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="AuthComponent">

+								<xsd:annotation>

+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:sequence>

+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+											<xsd:annotation>

+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>

+											</xsd:annotation>

+										</xsd:element>

+									</xsd:sequence>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="OnlineApplicationType">

+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>

+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>

+								<xsd:attribute name="type" use="optional" default="publicService">

+									<xsd:simpleType>

+										<xsd:restriction base="xsd:NMTOKEN">

+											<xsd:enumeration value="businessService"/>

+											<xsd:enumeration value="publicService"/>

+										</xsd:restriction>

+									</xsd:simpleType>

+								</xsd:attribute>

+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>

+								<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ChainingModes" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+							<xsd:element name="TrustAnchor">

+								<xsd:annotation>

+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:complexContent>

+										<xsd:extension base="dsig:X509IssuerSerialType">

+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>

+										</xsd:extension>

+									</xsd:complexContent>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">

+					<xsd:complexType>

+						<xsd:attribute name="name" use="required">

+							<xsd:simpleType>

+								<xsd:restriction base="xsd:string">

+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>

+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>

+									<xsd:enumeration value="AuthenticationData.TimeOut"/>

+									<xsd:enumeration value="TrustManager.RevocationChecking"/>

+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>

+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>

+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>

+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>

+									<xsd:enumeration value="AuthenticationServer.SourceID"/>

+								</xsd:restriction>

+							</xsd:simpleType>

+						</xsd:attribute>

+						<xsd:attribute name="value" type="xsd:string" use="required"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedBKUs" minOccurs="0">

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="BKUURL" type="xsd:anyURI" maxOccurs="unbounded"/>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="AuthComponentType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelection" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>

+					</xsd:sequence>

+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+			<xsd:element name="SecurityLayer">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="MOA-SP">

+				<xsd:annotation>

+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="VerifyIdentityLink">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="VerifyAuthBlock">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="IdentityLinkSigners" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ForeignIdentities" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="OnlineMandates" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>Verbindungsparameter zum Online-Vollmachten-Service</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="TemplatesType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="OnlineMandates" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="BKU" maxOccurs="unbounded">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element name="MOA-ID-Template" type="TemplateType"/>

+									<xsd:element name="MandateTemplate" type="TemplateType"/>

+								</xsd:sequence>

+								<xsd:attribute name="URL" use="required"/>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TemplateType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="VerifyInfoboxesType">

+		<xsd:annotation>

+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="DefaultTrustProfile" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="TrustProfileID"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxType">

+		<xsd:annotation>

+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>

+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ParepSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">

+							<xsd:annotation>

+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+	</xsd:complexType>

+	<xsd:complexType name="SchemaLocationType">

+		<xsd:annotation>

+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="Schema" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>

+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ProxyComponentType"/>

+	<xsd:complexType name="OnlineApplicationType">

+		<xsd:sequence>

+			<xsd:element name="AuthComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<!--xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="pr:AbstractSimpleIdentification"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element-->

+						<xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:choice>

+									<xsd:element ref="pr:Firmenbuchnummer"/>

+									<xsd:element ref="pr:ZMRzahl"/>

+									<xsd:element ref="pr:Vereinsnummer"/>

+									<xsd:element ref="pr:ERJPZahl"/>

+									<xsd:element name="AnyNumber">

+										<xsd:complexType>

+											<xsd:simpleContent>

+												<xsd:extension base="xsd:string">

+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+												</xsd:extension>

+											</xsd:simpleContent>

+										</xsd:complexType>

+									</xsd:element>

+								</xsd:choice>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>

+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>

+						<xsd:element name="Mandates" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element name="Profiles" type="xsd:string"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="slVersion" use="optional" default="1.1">

+						<xsd:simpleType>

+							<xsd:restriction base="xsd:string">

+								<xsd:enumeration value="1.1"/>

+								<xsd:enumeration value="1.2"/>

+							</xsd:restriction>

+						</xsd:simpleType>

+					</xsd:attribute>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>

+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ProxyComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>

+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>

+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>

+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>

+				</xsd:complexType>

+			</xsd:element>

+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterServerAuthType">

+		<xsd:sequence>

+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterClientAuthType">

+		<xsd:complexContent>

+			<xsd:extension base="ConnectionParameterServerAuthType">

+				<xsd:sequence>

+					<xsd:element name="ClientKeyStore" minOccurs="0">

+						<xsd:annotation>

+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>

+						</xsd:annotation>

+						<xsd:complexType>

+							<xsd:simpleContent>

+								<xsd:extension base="xsd:anyURI">

+									<xsd:attribute name="password" type="xsd:string" use="optional"/>

+								</xsd:extension>

+							</xsd:simpleContent>

+						</xsd:complexType>

+					</xsd:element>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:element name="TrustProfileID" type="xsd:string"/>

+	<xsd:simpleType name="ChainingModeType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="chaining"/>

+			<xsd:enumeration value="pkix"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="BKUSelectionType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="HTMLComplete"/>

+			<xsd:enumeration value="HTMLSelect"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="CompatibilityMode" default="false">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="EnableInfoboxValidator" default="true">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="AlwaysShowForm" default="false">

+		<xsd:annotation>

+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+		</xsd:annotation>

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:complexType name="InputProcessorType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:string">

+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">

+					<xsd:annotation>

+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>

+					</xsd:annotation>

+				</xsd:attribute>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentationType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentativeType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="oid" use="required">

+			<xsd:annotation>

+				<xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="1.2.40.0.10.3.1"/>

+					<xsd:enumeration value="1.2.40.0.10.3.2"/>

+					<xsd:enumeration value="1.2.40.0.10.3.3"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representCorporateParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representationText" use="optional">

+			<xsd:annotation>

+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>

+					<xsd:enumeration value="Organwalter"/>

+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+	</xsd:complexType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
new file mode 100644
index 0000000..d16953e
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
@@ -0,0 +1,659 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">

+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>

+	<xsd:element name="Configuration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>

+				<xsd:element name="Binding" minOccurs="0">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:string">

+							<xsd:enumeration value="full"/>

+							<xsd:enumeration value="userName"/>

+							<xsd:enumeration value="none"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:element>

+				<xsd:choice>

+					<xsd:element ref="ParamAuth"/>

+					<xsd:element ref="BasicAuth"/>

+					<xsd:element ref="HeaderAuth"/>

+				</xsd:choice>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="LoginType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="stateless"/>

+			<xsd:enumeration value="stateful"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="ParamAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Parameter">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="BasicAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="UserID" type="MOAAuthDataType"/>

+				<xsd:element name="Password" type="MOAAuthDataType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="HeaderAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Header" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Header">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="MOAAuthDataType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="MOAGivenName"/>

+			<xsd:enumeration value="MOAFamilyName"/>

+			<xsd:enumeration value="MOADateOfBirth"/>

+			<xsd:enumeration value="MOABPK"/>

+			<xsd:enumeration value="MOAWBPK"/>

+			<xsd:enumeration value="MOAPublicAuthority"/>

+			<xsd:enumeration value="MOABKZ"/>

+			<xsd:enumeration value="MOAQualifiedCertificate"/>

+			<xsd:enumeration value="MOAStammzahl"/>

+			<xsd:enumeration value="MOAIdentificationValueType"/>

+			<xsd:enumeration value="MOAIPAddress"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MOAKeyBoxSelector">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="SecureSignatureKeypair"/>

+			<xsd:enumeration value="CertifiedKeypair"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->

+	<xsd:element name="MOA-IDConfiguration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="AuthComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="AuthComponentType">								

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ProxyComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="AuthComponent">

+								<xsd:annotation>

+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:sequence>

+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+											<xsd:annotation>

+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>

+											</xsd:annotation>

+										</xsd:element>

+									</xsd:sequence>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="OnlineApplicationType">

+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>

+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>

+								<xsd:attribute name="type" use="optional" default="publicService">

+									<xsd:simpleType>

+										<xsd:restriction base="xsd:NMTOKEN">

+											<xsd:enumeration value="businessService"/>

+											<xsd:enumeration value="publicService"/>

+										</xsd:restriction>

+									</xsd:simpleType>

+								</xsd:attribute>

+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>

+								<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>

+								<xsd:attribute name="target" type="xsd:string" use="optional"/>

+								<xsd:attribute name="targetFriendlyName" type="xsd:string" use="optional"/>

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ChainingModes" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+							<xsd:element name="TrustAnchor">

+								<xsd:annotation>

+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:complexContent>

+										<xsd:extension base="dsig:X509IssuerSerialType">

+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>

+										</xsd:extension>

+									</xsd:complexContent>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">

+					<xsd:complexType>

+						<xsd:attribute name="name" use="required">

+							<xsd:simpleType>

+								<xsd:restriction base="xsd:string">

+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>

+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>

+									<xsd:enumeration value="AuthenticationData.TimeOut"/>

+									<xsd:enumeration value="TrustManager.RevocationChecking"/>

+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>

+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>

+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>

+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>

+									<xsd:enumeration value="AuthenticationServer.SourceID"/>

+								</xsd:restriction>

+							</xsd:simpleType>

+						</xsd:attribute>

+						<xsd:attribute name="value" type="xsd:string" use="required"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedBKUs" minOccurs="0">

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="BKUURL" type="xsd:anyURI" maxOccurs="unbounded"/>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="AuthComponentType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelection" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>

+					</xsd:sequence>

+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+			<xsd:element name="SecurityLayer">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="MOA-SP">

+				<xsd:annotation>

+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="VerifyIdentityLink">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="VerifyAuthBlock">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="IdentityLinkSigners" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ForeignIdentities" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="OnlineMandates" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>Verbindungsparameter zum Online-Vollmachten-Service</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="TemplatesType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TemplateType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="VerifyInfoboxesType">

+		<xsd:annotation>

+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="DefaultTrustProfile" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="TrustProfileID"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxType">

+		<xsd:annotation>

+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>

+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ParepSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">

+							<xsd:annotation>

+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+	</xsd:complexType>

+	<xsd:complexType name="SchemaLocationType">

+		<xsd:annotation>

+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="Schema" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>

+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ProxyComponentType"/>

+	<xsd:complexType name="OnlineApplicationType">

+		<xsd:sequence>

+			<xsd:element name="AuthComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<!--xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="pr:AbstractSimpleIdentification"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element-->

+						<xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:choice>

+									<xsd:element ref="pr:Firmenbuchnummer"/>

+									<xsd:element ref="pr:ZMRzahl"/>

+									<xsd:element ref="pr:Vereinsnummer"/>

+									<xsd:element ref="pr:ERJPZahl"/>

+									<xsd:element name="AnyNumber">

+										<xsd:complexType>

+											<xsd:simpleContent>

+												<xsd:extension base="xsd:string">

+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+												</xsd:extension>

+											</xsd:simpleContent>

+										</xsd:complexType>

+									</xsd:element>

+								</xsd:choice>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>

+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>

+						<xsd:element name="Mandates" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element name="Profiles" type="xsd:string"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="slVersion" use="optional" default="1.1">

+						<xsd:simpleType>

+							<xsd:restriction base="xsd:string">

+								<xsd:enumeration value="1.1"/>

+								<xsd:enumeration value="1.2"/>

+							</xsd:restriction>

+						</xsd:simpleType>

+					</xsd:attribute>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideFullMandatorData" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="useUTC" type="xsd:boolean" use="optional" default="false"/>

+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ProxyComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>

+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>

+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>

+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>

+				</xsd:complexType>

+			</xsd:element>

+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterServerAuthType">

+		<xsd:sequence>

+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterClientAuthType">

+		<xsd:complexContent>

+			<xsd:extension base="ConnectionParameterServerAuthType">

+				<xsd:sequence>

+					<xsd:element name="ClientKeyStore" minOccurs="0">

+						<xsd:annotation>

+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>

+						</xsd:annotation>

+						<xsd:complexType>

+							<xsd:simpleContent>

+								<xsd:extension base="xsd:anyURI">

+									<xsd:attribute name="password" type="xsd:string" use="optional"/>

+								</xsd:extension>

+							</xsd:simpleContent>

+						</xsd:complexType>

+					</xsd:element>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:element name="TrustProfileID" type="xsd:string"/>

+	<xsd:simpleType name="ChainingModeType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="chaining"/>

+			<xsd:enumeration value="pkix"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="BKUSelectionType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="HTMLComplete"/>

+			<xsd:enumeration value="HTMLSelect"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="CompatibilityMode" default="false">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="EnableInfoboxValidator" default="true">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="AlwaysShowForm" default="false">

+		<xsd:annotation>

+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+		</xsd:annotation>

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:complexType name="InputProcessorType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:string">

+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">

+					<xsd:annotation>

+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>

+					</xsd:annotation>

+				</xsd:attribute>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentationType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentativeType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="oid" use="required">

+			<xsd:annotation>

+				<xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="1.2.40.0.10.3.1"/>

+					<xsd:enumeration value="1.2.40.0.10.3.2"/>

+					<xsd:enumeration value="1.2.40.0.10.3.3"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representCorporateParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representationText" use="optional">

+			<xsd:annotation>

+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>

+					<xsd:enumeration value="Organwalter"/>

+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+	</xsd:complexType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd
new file mode 100644
index 0000000..ed0c83f
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd
@@ -0,0 +1,757 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">

+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>

+	<xsd:import namespace="urn:eu:stork:names:tc:STORK:1.0:assertion" schemaLocation="stork-schema-assertion-1.0.xsd"/>

+	<xsd:import namespace="urn:eu:stork:names:tc:STORK:1.0:protocol" schemaLocation="stork-schema-protocol-1.0.xsd"/>

+	<xsd:element name="Configuration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>

+				<xsd:element name="Binding" minOccurs="0">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:string">

+							<xsd:enumeration value="full"/>

+							<xsd:enumeration value="userName"/>

+							<xsd:enumeration value="none"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:element>

+				<xsd:choice>

+					<xsd:element ref="ParamAuth"/>

+					<xsd:element ref="BasicAuth"/>

+					<xsd:element ref="HeaderAuth"/>

+				</xsd:choice>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="LoginType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="stateless"/>

+			<xsd:enumeration value="stateful"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="ParamAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Parameter">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="BasicAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="UserID" type="MOAAuthDataType"/>

+				<xsd:element name="Password" type="MOAAuthDataType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="HeaderAuth">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="Header" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Header">

+		<xsd:complexType>

+			<xsd:attribute name="Name" type="xsd:token" use="required"/>

+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:simpleType name="MOAAuthDataType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="MOAGivenName"/>

+			<xsd:enumeration value="MOAFamilyName"/>

+			<xsd:enumeration value="MOADateOfBirth"/>

+			<xsd:enumeration value="MOABPK"/>

+			<xsd:enumeration value="MOAWBPK"/>

+			<xsd:enumeration value="MOAPublicAuthority"/>

+			<xsd:enumeration value="MOABKZ"/>

+			<xsd:enumeration value="MOAQualifiedCertificate"/>

+			<xsd:enumeration value="MOAStammzahl"/>

+			<xsd:enumeration value="MOAIdentificationValueType"/>

+			<xsd:enumeration value="MOAIPAddress"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MOAKeyBoxSelector">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="SecureSignatureKeypair"/>

+			<xsd:enumeration value="CertifiedKeypair"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->

+	<xsd:element name="MOA-IDConfiguration">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="AuthComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="AuthComponentType"/>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ProxyComponent" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="AuthComponent">

+								<xsd:annotation>

+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:sequence>

+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+											<xsd:annotation>

+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>

+											</xsd:annotation>

+										</xsd:element>

+									</xsd:sequence>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:complexContent>

+							<xsd:extension base="OnlineApplicationType">

+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>

+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>

+								<xsd:attribute name="type" use="optional" default="publicService">

+									<xsd:simpleType>

+										<xsd:restriction base="xsd:NMTOKEN">

+											<xsd:enumeration value="businessService"/>

+											<xsd:enumeration value="publicService"/>

+										</xsd:restriction>

+									</xsd:simpleType>

+								</xsd:attribute>

+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>

+								<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>

+								<xsd:attribute name="target" type="xsd:string" use="optional"/>

+								<xsd:attribute name="targetFriendlyName" type="xsd:string" use="optional"/>

+							</xsd:extension>

+						</xsd:complexContent>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="ChainingModes" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>

+					</xsd:annotation>

+					<xsd:complexType>

+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+							<xsd:element name="TrustAnchor">

+								<xsd:annotation>

+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>

+								</xsd:annotation>

+								<xsd:complexType>

+									<xsd:complexContent>

+										<xsd:extension base="dsig:X509IssuerSerialType">

+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>

+										</xsd:extension>

+									</xsd:complexContent>

+								</xsd:complexType>

+							</xsd:element>

+						</xsd:sequence>

+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">

+					<xsd:annotation>

+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">

+					<xsd:complexType>

+						<xsd:attribute name="name" use="required">

+							<xsd:simpleType>

+								<xsd:restriction base="xsd:string">

+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>

+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>

+									<xsd:enumeration value="AuthenticationData.TimeOut"/>

+									<xsd:enumeration value="TrustManager.RevocationChecking"/>

+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>

+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>

+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>

+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>

+									<xsd:enumeration value="AuthenticationServer.SourceID"/>

+								</xsd:restriction>

+							</xsd:simpleType>

+						</xsd:attribute>

+						<xsd:attribute name="value" type="xsd:string" use="required"/>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedBKUs" minOccurs="0">

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="BKUURL" type="xsd:anyURI" maxOccurs="unbounded"/>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+				<xsd:element name="TrustedTemplateURLs" minOccurs="0">

+					<xsd:complexType>

+						<xsd:sequence>

+							<xsd:element name="TemplateURL" type="xsd:anyURI" maxOccurs="unbounded"/>

+						</xsd:sequence>

+					</xsd:complexType>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="AuthComponentType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelection" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>

+					</xsd:sequence>

+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+			<xsd:element name="SecurityLayer">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="MOA-SP">

+				<xsd:annotation>

+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="VerifyIdentityLink">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="VerifyAuthBlock">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>

+							</xsd:annotation>

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="TrustProfileID"/>

+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="IdentityLinkSigners" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ForeignIdentities" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element ref="STORK" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Verbindungsparameter zu den Country-PEPS (C-PEPS)</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="OnlineMandates" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>Verbindungsparameter zum Online-Vollmachten-Service</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="TemplatesType">

+		<xsd:sequence>

+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>

+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="TemplateType">

+		<xsd:annotation>

+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>

+		</xsd:annotation>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="VerifyInfoboxesType">

+		<xsd:annotation>

+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="DefaultTrustProfile" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="TrustProfileID"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="InfoboxType">

+		<xsd:annotation>

+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>

+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ParepSpecificParameters" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">

+							<xsd:annotation>

+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">

+							<xsd:annotation>

+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+	</xsd:complexType>

+	<xsd:complexType name="SchemaLocationType">

+		<xsd:annotation>

+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element name="Schema" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>

+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ProxyComponentType"/>

+	<xsd:complexType name="OnlineApplicationType">

+		<xsd:sequence>

+			<xsd:element name="AuthComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<!--xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element ref="pr:AbstractSimpleIdentification"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element-->

+						<xsd:element name="IdentificationNumber" minOccurs="0">

+							<xsd:complexType>

+								<xsd:choice>

+									<xsd:element ref="pr:Firmenbuchnummer"/>

+									<xsd:element ref="pr:ZMRzahl"/>

+									<xsd:element ref="pr:Vereinsnummer"/>

+									<xsd:element ref="pr:ERJPZahl"/>

+									<xsd:element name="AnyNumber">

+										<xsd:complexType>

+											<xsd:simpleContent>

+												<xsd:extension base="xsd:string">

+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>

+												</xsd:extension>

+											</xsd:simpleContent>

+										</xsd:complexType>

+									</xsd:element>

+								</xsd:choice>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>

+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>

+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>

+						<xsd:element name="Mandates" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element name="Profiles" type="xsd:string"/>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element ref="STORK" minOccurs="0"/>

+					</xsd:sequence>

+					<xsd:attribute name="slVersion" use="optional" default="1.1">

+						<xsd:simpleType>

+							<xsd:restriction base="xsd:string">

+								<xsd:enumeration value="1.1"/>

+								<xsd:enumeration value="1.2"/>

+							</xsd:restriction>

+						</xsd:simpleType>

+					</xsd:attribute>

+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="provideFullMandatorData" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="useUTC" type="xsd:boolean" use="optional" default="false"/>

+					<xsd:attribute name="useCondition" type="xsd:boolean" default="false"/>

+					<xsd:attribute name="conditionLength" type="xsd:integer"/>

+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ProxyComponent" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">

+							<xsd:annotation>

+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>

+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>

+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>

+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>

+					<xsd:attribute name="errorRedirectURL" type="xsd:string" use="optional"/>

+				</xsd:complexType>

+			</xsd:element>

+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterServerAuthType">

+		<xsd:sequence>

+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:complexType name="ConnectionParameterClientAuthType">

+		<xsd:complexContent>

+			<xsd:extension base="ConnectionParameterServerAuthType">

+				<xsd:sequence>

+					<xsd:element name="ClientKeyStore" minOccurs="0">

+						<xsd:annotation>

+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>

+						</xsd:annotation>

+						<xsd:complexType>

+							<xsd:simpleContent>

+								<xsd:extension base="xsd:anyURI">

+									<xsd:attribute name="password" type="xsd:string" use="optional"/>

+								</xsd:extension>

+							</xsd:simpleContent>

+						</xsd:complexType>

+					</xsd:element>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:element name="TrustProfileID" type="xsd:string"/>

+	<xsd:simpleType name="ChainingModeType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="chaining"/>

+			<xsd:enumeration value="pkix"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="BKUSelectionType">

+		<xsd:restriction base="xsd:token">

+			<xsd:enumeration value="HTMLComplete"/>

+			<xsd:enumeration value="HTMLSelect"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:element name="CompatibilityMode" default="false">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="EnableInfoboxValidator" default="true">

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:element name="AlwaysShowForm" default="false">

+		<xsd:annotation>

+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+		</xsd:annotation>

+		<xsd:simpleType>

+			<xsd:restriction base="xsd:boolean"/>

+		</xsd:simpleType>

+	</xsd:element>

+	<xsd:complexType name="InputProcessorType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:string">

+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">

+					<xsd:annotation>

+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>

+					</xsd:annotation>

+				</xsd:attribute>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentationType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="PartyRepresentativeType">

+		<xsd:sequence>

+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>

+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">

+				<xsd:annotation>

+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="oid" use="required">

+			<xsd:annotation>

+				<xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="1.2.40.0.10.3.1"/>

+					<xsd:enumeration value="1.2.40.0.10.3.2"/>

+					<xsd:enumeration value="1.2.40.0.10.3.3"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10"/>

+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representCorporateParty" use="optional" default="false">

+			<xsd:annotation>

+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>

+			</xsd:annotation>

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:boolean"/>

+			</xsd:simpleType>

+		</xsd:attribute>

+		<xsd:attribute name="representationText" use="optional">

+			<xsd:annotation>

+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>

+			</xsd:annotation>

+			<!--xsd:simpleType>

+				<xsd:restriction/>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>

+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>

+					<xsd:enumeration value="Organwalter"/>

+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>

+				</xsd:restriction>

+			</xsd:simpleType-->

+		</xsd:attribute>

+	</xsd:complexType>

+	<xsd:complexType name="SignatureCreationParameterType">

+		<xsd:annotation>

+			<xsd:documentation>Enthält Informationen zu einem KeyStore bzw. Key zur STORK SAML AuthnRequest Signaturerstellung</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element ref="KeyStore"/>

+			<xsd:element ref="KeyName"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="SignatureVerificationParameterType">

+		<xsd:annotation>

+			<xsd:documentation>Enthält Informationen zur Verfikation von Signaturen einer STORK SAML Response</xsd:documentation>

+		</xsd:annotation>

+		<xsd:sequence>

+			<xsd:element ref="TrustProfileID"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:element name="SAMLSigningParameter">

+		<xsd:annotation>

+			<xsd:documentation>Enthält Informationen zur Erstellung und Verifikation von STORK SAML Messages</xsd:documentation>

+		</xsd:annotation>

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="SignatureCreationParameter" type="SignatureCreationParameterType"/>

+				<xsd:element name="SignatureVerificationParameter" type="SignatureVerificationParameterType"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="KeyStore">

+		<xsd:annotation>

+			<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel zum Erstellen einer Signatur enthält</xsd:documentation>

+		</xsd:annotation>

+		<xsd:complexType>

+			<xsd:simpleContent>

+				<xsd:extension base="xsd:anyURI">

+					<xsd:attribute name="password" type="xsd:string" use="optional"/>

+				</xsd:extension>

+			</xsd:simpleContent>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="KeyName">

+		<xsd:annotation>

+			<xsd:documentation>Name zum Key eines KeyStores, der den privaten Schlüssel zum Erstellen einer Signatur darstellt</xsd:documentation>

+		</xsd:annotation>

+		<xsd:complexType>

+			<xsd:simpleContent>

+				<xsd:extension base="xsd:string">

+					<xsd:attribute name="password" type="xsd:string" use="optional"/>

+				</xsd:extension>

+			</xsd:simpleContent>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="C-PEPS">

+		<xsd:annotation>

+			<xsd:documentation>Enthält Informationen zu einem Citizen Country  PEPS (C-PEPS)</xsd:documentation>

+		</xsd:annotation>

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="stork:RequestedAttribute" minOccurs="0" maxOccurs="unbounded"/>

+			</xsd:sequence>

+			<xsd:attribute name="countryCode" type="stork:CountryCodeType" use="required"/>

+			<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="STORK">

+		<xsd:annotation>

+			<xsd:documentation>Contains STORK related information</xsd:documentation>

+		</xsd:annotation>

+		<xsd:complexType>

+			<xsd:choice>

+				<xsd:sequence>

+					<xsd:element ref="C-PEPS" maxOccurs="unbounded"/>

+					<xsd:element ref="SAMLSigningParameter"/>

+				</xsd:sequence>

+				<xsd:sequence>

+					<xsd:element ref="stork:QualityAuthenticationAssuranceLevel" minOccurs="0"/>

+					<xsd:element ref="storkp:RequestedAttributes"/>

+				</xsd:sequence>

+			</xsd:choice>

+		</xsd:complexType>

+	</xsd:element>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd
new file mode 100644
index 0000000..756b512
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd
@@ -0,0 +1,469 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!--

+  MOA SP/SS 1.3 Schema

+-->

+<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">

+  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+  <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>

+  <!--########## Create XML Signature ###-->

+  <!--### Create XML Signature Request ###-->

+  <xsd:element name="CreateXMLSignatureRequest">

+    <xsd:complexType>

+      <xsd:complexContent>

+        <xsd:extension base="CreateXMLSignatureRequestType"/>

+      </xsd:complexContent>

+    </xsd:complexType>

+  </xsd:element>

+  <xsd:complexType name="CreateXMLSignatureRequestType">

+    <xsd:sequence>

+      <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>

+      <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">

+        <xsd:annotation>

+          <xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>

+        </xsd:annotation>

+        <xsd:complexType>

+          <xsd:sequence>

+            <xsd:element name="DataObjectInfo" maxOccurs="unbounded">

+              <xsd:complexType>

+                <xsd:complexContent>

+                  <xsd:extension base="DataObjectInfoType">

+                    <xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>

+                  </xsd:extension>

+                </xsd:complexContent>

+              </xsd:complexType>

+            </xsd:element>

+            <xsd:element name="CreateSignatureInfo" minOccurs="0">

+              <xsd:complexType>

+                <xsd:sequence>

+                  <xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>

+                  <xsd:choice>

+                    <xsd:annotation>

+                      <xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>

+                    </xsd:annotation>

+                    <xsd:element ref="CreateSignatureEnvironmentProfile"/>

+                    <xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>

+                  </xsd:choice>

+                </xsd:sequence>

+              </xsd:complexType>

+            </xsd:element>

+          </xsd:sequence>

+          <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>

+        </xsd:complexType>

+      </xsd:element>

+    </xsd:sequence>

+  </xsd:complexType>

+  <!--### Create XML Signature Response ###-->

+  <xsd:complexType name="CreateXMLSignatureResponseType">

+    <xsd:choice maxOccurs="unbounded">

+      <xsd:annotation>

+        <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>

+      </xsd:annotation>

+      <xsd:element name="SignatureEnvironment">

+        <xsd:annotation>

+          <xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>

+        </xsd:annotation>

+        <xsd:complexType>

+          <xsd:sequence>

+            <xsd:any namespace="##any" processContents="lax"/>

+          </xsd:sequence>

+        </xsd:complexType>

+      </xsd:element>

+      <xsd:element ref="ErrorResponse"/>

+    </xsd:choice>

+  </xsd:complexType>

+  <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>

+  <!--########## Verify CMS Signature ###-->

+  <!--### Verifiy CMS Signature Request ###-->

+  <xsd:element name="VerifyCMSSignatureRequest">

+    <xsd:complexType>

+      <xsd:complexContent>

+        <xsd:extension base="VerifyCMSSignatureRequestType">

+          <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>

+        </xsd:extension>

+      </xsd:complexContent>

+    </xsd:complexType>

+  </xsd:element>

+  <xsd:complexType name="VerifyCMSSignatureRequestType">

+    <xsd:sequence>

+      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+      <xsd:element name="CMSSignature" type="xsd:base64Binary"/>

+      <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>

+      <xsd:element name="TrustProfileID" type="xsd:token">

+        <xsd:annotation>

+          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>

+        </xsd:annotation>

+      </xsd:element>

+    </xsd:sequence>

+  </xsd:complexType>

+  <!--### Verify CMS Signature Response ###-->

+  <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>

+  <xsd:complexType name="VerifyCMSSignatureResponseType">

+    <xsd:sequence maxOccurs="unbounded">

+      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">

+        <xsd:annotation>

+          <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>

+        </xsd:annotation>

+      </xsd:element>

+      <xsd:element name="SignatureCheck" type="CheckResultType"/>

+      <xsd:element name="CertificateCheck" type="CheckResultType"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <!--########## Verify XML Signature ###-->

+  <!--### Verify XML Signature Request ###-->

+  <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>

+  <xsd:complexType name="VerifyXMLSignatureRequestType">

+    <xsd:sequence>

+      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+      <xsd:element name="VerifySignatureInfo">

+        <xsd:complexType>

+          <xsd:sequence>

+            <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>

+            <xsd:element name="VerifySignatureLocation" type="xsd:token"/>

+          </xsd:sequence>

+        </xsd:complexType>

+      </xsd:element>

+      <xsd:choice minOccurs="0" maxOccurs="unbounded">

+        <xsd:element ref="SupplementProfile"/>

+        <xsd:element name="SupplementProfileID" type="xsd:string"/>

+      </xsd:choice>

+      <xsd:element name="SignatureManifestCheckParams" minOccurs="0">

+        <xsd:complexType>

+          <xsd:sequence>

+            <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">

+              <xsd:annotation>

+                <xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>

+              </xsd:annotation>

+            </xsd:element>

+          </xsd:sequence>

+          <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>

+        </xsd:complexType>

+      </xsd:element>

+      <xsd:element name="ReturnHashInputData" minOccurs="0"/>

+      <xsd:element name="TrustProfileID" type="xsd:token">

+        <xsd:annotation>

+          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>

+        </xsd:annotation>

+      </xsd:element>

+    </xsd:sequence>

+  </xsd:complexType>

+  <!--### Verify XML Signature Response ###-->

+  <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>

+  <xsd:complexType name="VerifyXMLSignatureResponseType">

+    <xsd:sequence>

+      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">

+        <xsd:annotation>

+          <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>

+        </xsd:annotation>

+      </xsd:element>

+      <xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>

+      <xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>

+      <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>

+      <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>

+      <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>

+      <xsd:element name="CertificateCheck" type="CheckResultType"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:simpleType name="ProfileIdentifierType">

+    <xsd:restriction base="xsd:token"/>

+  </xsd:simpleType>

+  <xsd:complexType name="InputDataType">

+    <xsd:complexContent>

+      <xsd:extension base="ContentExLocRefBaseType">

+        <xsd:attribute name="PartOf" use="optional" default="SignedInfo">

+          <xsd:simpleType>

+            <xsd:restriction base="xsd:token">

+              <xsd:enumeration value="SignedInfo"/>

+              <xsd:enumeration value="XMLDSIGManifest"/>

+            </xsd:restriction>

+          </xsd:simpleType>

+        </xsd:attribute>

+        <xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>

+      </xsd:extension>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="MetaInfoType">

+    <xsd:sequence>

+      <xsd:element name="MimeType" type="MimeTypeType"/>

+      <xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>

+      <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:complexType name="FinalDataMetaInfoType">

+    <xsd:complexContent>

+      <xsd:extension base="MetaInfoType">

+        <xsd:sequence>

+          <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>

+        </xsd:sequence>

+      </xsd:extension>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="DataObjectInfoType">

+    <xsd:sequence>

+      <xsd:element name="DataObject">

+        <xsd:complexType>

+          <xsd:complexContent>

+            <xsd:extension base="ContentOptionalRefType"/>

+          </xsd:complexContent>

+        </xsd:complexType>

+      </xsd:element>

+      <xsd:choice>

+        <xsd:annotation>

+          <xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>

+        </xsd:annotation>

+        <xsd:element ref="CreateTransformsInfoProfile"/>

+        <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>

+      </xsd:choice>

+    </xsd:sequence>

+    <xsd:attribute name="Structure" use="required">

+      <xsd:simpleType>

+        <xsd:restriction base="xsd:string">

+          <xsd:enumeration value="detached"/>

+          <xsd:enumeration value="enveloping"/>

+        </xsd:restriction>

+      </xsd:simpleType>

+    </xsd:attribute>

+  </xsd:complexType>

+  <xsd:complexType name="TransformsInfoType">

+    <xsd:sequence>

+      <xsd:element ref="dsig:Transforms" minOccurs="0"/>

+      <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:complexType name="XMLDataObjectAssociationType">

+    <xsd:sequence>

+      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>

+      <xsd:element name="Content" type="ContentRequiredRefType"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:complexType name="CMSDataObjectOptionalMetaType">

+    <xsd:sequence>

+      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>

+      <xsd:element name="Content" type="CMSContentBaseType"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:complexType name="CMSContentBaseType">

+    <xsd:complexContent>

+      <xsd:restriction base="ContentOptionalRefType">

+        <xsd:choice minOccurs="0">

+          <xsd:element name="Base64Content" type="xsd:base64Binary"/>

+        </xsd:choice>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="CheckResultType">

+    <xsd:sequence>

+      <xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+      <xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:complexType name="ReferencesCheckResultType">

+    <xsd:complexContent>

+      <xsd:restriction base="CheckResultType">

+        <xsd:sequence>

+          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+          <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>

+        </xsd:sequence>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">

+    <xsd:complexContent mixed="true">

+      <xsd:restriction base="AnyChildrenType">

+        <xsd:sequence>

+          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>

+        </xsd:sequence>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="ManifestRefsCheckResultType">

+    <xsd:complexContent>

+      <xsd:restriction base="CheckResultType">

+        <xsd:sequence>

+          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+          <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>

+        </xsd:sequence>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">

+    <xsd:complexContent mixed="true">

+      <xsd:restriction base="AnyChildrenType">

+        <xsd:sequence>

+          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>

+          <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>

+        </xsd:sequence>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <!--########## Error Response ###-->

+  <xsd:element name="ErrorResponse" type="ErrorResponseType">

+    <xsd:annotation>

+      <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>

+    </xsd:annotation>

+  </xsd:element>

+  <xsd:complexType name="ErrorResponseType">

+    <xsd:sequence>

+      <xsd:element name="ErrorCode" type="xsd:integer"/>

+      <xsd:element name="Info" type="xsd:string"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <!--########## Auxiliary Types ###-->

+  <xsd:simpleType name="KeyIdentifierType">

+    <xsd:restriction base="xsd:string"/>

+  </xsd:simpleType>

+  <xsd:simpleType name="KeyStorageType">

+    <xsd:restriction base="xsd:string">

+      <xsd:enumeration value="Software"/>

+      <xsd:enumeration value="Hardware"/>

+    </xsd:restriction>

+  </xsd:simpleType>

+  <xsd:simpleType name="MimeTypeType">

+    <xsd:restriction base="xsd:token"/>

+  </xsd:simpleType>

+  <xsd:complexType name="AnyChildrenType" mixed="true">

+    <xsd:sequence>

+      <xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:complexType name="XMLContentType" mixed="true">

+    <xsd:complexContent mixed="true">

+      <xsd:extension base="AnyChildrenType">

+        <xsd:attribute ref="xml:space" use="optional"/>

+      </xsd:extension>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="ContentBaseType">

+    <xsd:choice minOccurs="0">

+      <xsd:element name="Base64Content" type="xsd:base64Binary"/>

+      <xsd:element name="XMLContent" type="XMLContentType"/>

+      <xsd:element name="LocRefContent" type="xsd:anyURI"/>

+    </xsd:choice>

+  </xsd:complexType>

+  <xsd:complexType name="ContentExLocRefBaseType">

+    <xsd:complexContent>

+      <xsd:restriction base="ContentBaseType">

+        <xsd:choice minOccurs="0">

+          <xsd:element name="Base64Content" type="xsd:base64Binary"/>

+          <xsd:element name="XMLContent" type="XMLContentType"/>

+        </xsd:choice>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="ContentOptionalRefType">

+    <xsd:complexContent>

+      <xsd:extension base="ContentBaseType">

+        <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>

+      </xsd:extension>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="ContentRequiredRefType">

+    <xsd:complexContent>

+      <xsd:restriction base="ContentOptionalRefType">

+        <xsd:choice minOccurs="0">

+          <xsd:element name="Base64Content" type="xsd:base64Binary"/>

+          <xsd:element name="XMLContent" type="XMLContentType"/>

+          <xsd:element name="LocRefContent" type="xsd:anyURI"/>

+        </xsd:choice>

+        <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>

+      </xsd:restriction>

+    </xsd:complexContent>

+  </xsd:complexType>

+  <xsd:complexType name="VerifyTransformsDataType">

+    <xsd:choice maxOccurs="unbounded">

+      <xsd:annotation>

+        <xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>

+      </xsd:annotation>

+      <xsd:element ref="VerifyTransformsInfoProfile"/>

+      <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">

+        <xsd:annotation>

+          <xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>

+        </xsd:annotation>

+      </xsd:element>

+    </xsd:choice>

+  </xsd:complexType>

+  <xsd:element name="QualifiedCertificate"/>

+  <xsd:element name="PublicAuthority" type="PublicAuthorityType"/>

+  <xsd:complexType name="PublicAuthorityType">

+    <xsd:sequence>

+      <xsd:element name="Code" type="xsd:string" minOccurs="0"/>

+    </xsd:sequence>

+  </xsd:complexType>

+  <xsd:simpleType name="SignatoriesType">

+    <xsd:union memberTypes="AllSignatoriesType">

+      <xsd:simpleType>

+        <xsd:list itemType="xsd:positiveInteger"/>

+      </xsd:simpleType>

+    </xsd:union>

+  </xsd:simpleType>

+  <xsd:simpleType name="AllSignatoriesType">

+    <xsd:restriction base="xsd:string">

+      <xsd:enumeration value="all"/>

+    </xsd:restriction>

+  </xsd:simpleType>

+  <xsd:complexType name="CreateSignatureLocationType">

+    <xsd:simpleContent>

+      <xsd:extension base="xsd:token">

+        <xsd:attribute name="Index" type="xsd:integer" use="required"/>

+      </xsd:extension>

+    </xsd:simpleContent>

+  </xsd:complexType>

+  <xsd:complexType name="TransformParameterType">

+    <xsd:choice minOccurs="0">

+      <xsd:annotation>

+        <xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>

+      </xsd:annotation>

+      <xsd:element name="Base64Content" type="xsd:base64Binary">

+        <xsd:annotation>

+          <xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>

+        </xsd:annotation>

+      </xsd:element>

+      <xsd:element name="Hash">

+        <xsd:annotation>

+          <xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>

+        </xsd:annotation>

+        <xsd:complexType>

+          <xsd:sequence>

+            <xsd:element ref="dsig:DigestMethod"/>

+            <xsd:element ref="dsig:DigestValue"/>

+          </xsd:sequence>

+        </xsd:complexType>

+      </xsd:element>

+    </xsd:choice>

+    <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>

+  </xsd:complexType>

+  <xsd:element name="CreateSignatureEnvironmentProfile">

+    <xsd:complexType>

+      <xsd:sequence>

+        <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>

+        <xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>

+      </xsd:sequence>

+    </xsd:complexType>

+  </xsd:element>

+  <xsd:element name="VerifyTransformsInfoProfile">

+    <xsd:annotation>

+      <xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>

+    </xsd:annotation>

+    <xsd:complexType>

+      <xsd:sequence>

+        <xsd:element ref="dsig:Transforms" minOccurs="0"/>

+        <xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">

+          <xsd:annotation>

+            <xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>

+          </xsd:annotation>

+        </xsd:element>

+      </xsd:sequence>

+    </xsd:complexType>

+  </xsd:element>

+  <xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>

+  <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>

+  <xsd:element name="CreateTransformsInfoProfile">

+    <xsd:complexType>

+      <xsd:sequence>

+        <xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>

+        <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>

+      </xsd:sequence>

+    </xsd:complexType>

+  </xsd:element>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd
new file mode 100644
index 0000000..4ae327a
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd
@@ -0,0 +1,471 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->

+<!--

+  MOA SP/SS 1.3 Schema

+-->

+<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>

+	<!--########## Create XML Signature ###-->

+	<!--### Create XML Signature Request ###-->

+	<xsd:element name="CreateXMLSignatureRequest">

+		<xsd:complexType>

+			<xsd:complexContent>

+				<xsd:extension base="CreateXMLSignatureRequestType"/>

+			</xsd:complexContent>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="CreateXMLSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>

+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">

+							<xsd:complexType>

+								<xsd:complexContent>

+									<xsd:extension base="DataObjectInfoType">

+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>

+									</xsd:extension>

+								</xsd:complexContent>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="CreateSignatureInfo" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>

+									<xsd:choice>

+										<xsd:annotation>

+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>

+										</xsd:annotation>

+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>

+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>

+									</xsd:choice>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Create XML Signature Response ###-->

+	<xsd:complexType name="CreateXMLSignatureResponseType">

+		<xsd:choice maxOccurs="unbounded">

+			<xsd:annotation>

+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>

+			</xsd:annotation>

+			<xsd:element name="SignatureEnvironment">

+				<xsd:annotation>

+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:any namespace="##any" processContents="lax"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element ref="ErrorResponse"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>

+	<!--########## Verify CMS Signature ###-->

+	<!--### Verifiy CMS Signature Request ###-->

+	<xsd:element name="VerifyCMSSignatureRequest">

+		<xsd:complexType>

+			<xsd:complexContent>

+				<xsd:extension base="VerifyCMSSignatureRequestType">

+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>

+				</xsd:extension>

+			</xsd:complexContent>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="VerifyCMSSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>

+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>

+			<xsd:element name="TrustProfileID" type="xsd:token">

+				<xsd:annotation>

+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Verify CMS Signature Response ###-->

+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>

+	<xsd:complexType name="VerifyCMSSignatureResponseType">

+		<xsd:sequence maxOccurs="unbounded">

+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">

+				<xsd:annotation>

+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="SignatureCheck" type="CheckResultType"/>

+			<xsd:element name="CertificateCheck" type="CheckResultType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Verify XML Signature ###-->

+	<!--### Verify XML Signature Request ###-->

+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>

+	<xsd:complexType name="VerifyXMLSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+			<xsd:element name="VerifySignatureInfo">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>

+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:choice minOccurs="0" maxOccurs="unbounded">

+				<xsd:element ref="SupplementProfile"/>

+				<xsd:element name="SupplementProfileID" type="xsd:string"/>

+			</xsd:choice>

+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>

+			<xsd:element name="TrustProfileID" type="xsd:token">

+				<xsd:annotation>

+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Verify XML Signature Response ###-->

+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>

+	<xsd:complexType name="VerifyXMLSignatureResponseType">

+		<xsd:sequence>

+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">

+				<xsd:annotation>

+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>

+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>

+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="CertificateCheck" type="CheckResultType"/>			

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:simpleType name="ProfileIdentifierType">

+		<xsd:restriction base="xsd:token"/>

+	</xsd:simpleType>

+	<xsd:complexType name="InputDataType">

+		<xsd:complexContent>

+			<xsd:extension base="ContentExLocRefBaseType">

+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:token">

+							<xsd:enumeration value="SignedInfo"/>

+							<xsd:enumeration value="XMLDSIGManifest"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:attribute>

+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="MetaInfoType">

+		<xsd:sequence>

+			<xsd:element name="MimeType" type="MimeTypeType"/>

+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>

+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="FinalDataMetaInfoType">

+		<xsd:complexContent>

+			<xsd:extension base="MetaInfoType">

+				<xsd:sequence>

+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="DataObjectInfoType">

+		<xsd:sequence>

+			<xsd:element name="DataObject">

+				<xsd:complexType>

+					<xsd:complexContent>

+						<xsd:extension base="ContentOptionalRefType"/>

+					</xsd:complexContent>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:choice>

+				<xsd:annotation>

+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>

+				</xsd:annotation>

+				<xsd:element ref="CreateTransformsInfoProfile"/>

+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>

+			</xsd:choice>

+		</xsd:sequence>

+		<xsd:attribute name="Structure" use="required">

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="detached"/>

+					<xsd:enumeration value="enveloping"/>

+				</xsd:restriction>

+			</xsd:simpleType>

+		</xsd:attribute>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:sequence>

+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>

+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="XMLDataObjectAssociationType">

+		<xsd:sequence>

+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>

+			<xsd:element name="Content" type="ContentRequiredRefType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CMSDataObjectOptionalMetaType">

+		<xsd:sequence>

+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>

+			<xsd:element name="Content" type="CMSContentBaseType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CMSContentBaseType">

+		<xsd:complexContent>

+			<xsd:restriction base="ContentOptionalRefType">

+				<xsd:choice minOccurs="0">

+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+				</xsd:choice>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="CheckResultType">

+		<xsd:sequence>

+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ReferencesCheckResultType">

+		<xsd:complexContent>

+			<xsd:restriction base="CheckResultType">

+				<xsd:sequence>

+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>

+				</xsd:sequence>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">

+		<xsd:complexContent mixed="true">

+			<xsd:restriction base="AnyChildrenType">

+				<xsd:sequence>

+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>

+				</xsd:sequence>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ManifestRefsCheckResultType">

+		<xsd:complexContent>

+			<xsd:restriction base="CheckResultType">

+				<xsd:sequence>

+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>

+				</xsd:sequence>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">

+		<xsd:complexContent mixed="true">

+			<xsd:restriction base="AnyChildrenType">

+				<xsd:sequence>

+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>

+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>

+				</xsd:sequence>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<!--########## Error Response ###-->

+	<xsd:element name="ErrorResponse" type="ErrorResponseType">

+		<xsd:annotation>

+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>

+		</xsd:annotation>

+	</xsd:element>

+	<xsd:complexType name="ErrorResponseType">

+		<xsd:sequence>

+			<xsd:element name="ErrorCode" type="xsd:integer"/>

+			<xsd:element name="Info" type="xsd:string"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Auxiliary Types ###-->

+	<xsd:simpleType name="KeyIdentifierType">

+		<xsd:restriction base="xsd:string"/>

+	</xsd:simpleType>

+	<xsd:simpleType name="KeyStorageType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="Software"/>

+			<xsd:enumeration value="Hardware"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MimeTypeType">

+		<xsd:restriction base="xsd:token"/>

+	</xsd:simpleType>

+	<xsd:complexType name="AnyChildrenType" mixed="true">

+		<xsd:sequence>

+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="XMLContentType" mixed="true">

+		<xsd:complexContent mixed="true">

+			<xsd:extension base="AnyChildrenType">

+				<xsd:attribute ref="xml:space" use="optional"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ContentBaseType">

+		<xsd:choice minOccurs="0">

+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+			<xsd:element name="XMLContent" type="XMLContentType"/>

+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:complexType name="ContentExLocRefBaseType">

+		<xsd:complexContent>

+			<xsd:restriction base="ContentBaseType">

+				<xsd:choice minOccurs="0">

+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+					<xsd:element name="XMLContent" type="XMLContentType"/>

+				</xsd:choice>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ContentOptionalRefType">

+		<xsd:complexContent>

+			<xsd:extension base="ContentBaseType">

+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ContentRequiredRefType">

+		<xsd:complexContent>

+			<xsd:restriction base="ContentOptionalRefType">

+				<xsd:choice minOccurs="0">

+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+					<xsd:element name="XMLContent" type="XMLContentType"/>

+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>

+				</xsd:choice>

+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="VerifyTransformsDataType">

+		<xsd:choice maxOccurs="unbounded">

+			<xsd:annotation>

+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>

+			</xsd:annotation>

+			<xsd:element ref="VerifyTransformsInfoProfile"/>

+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">

+				<xsd:annotation>

+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:element name="QualifiedCertificate"/>

+	<xsd:element name="SecureSignatureCreationDevice"/>

+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>

+	<xsd:complexType name="PublicAuthorityType">

+		<xsd:sequence>

+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:simpleType name="SignatoriesType">

+		<xsd:union memberTypes="AllSignatoriesType">

+			<xsd:simpleType>

+				<xsd:list itemType="xsd:positiveInteger"/>

+			</xsd:simpleType>

+		</xsd:union>

+	</xsd:simpleType>

+	<xsd:simpleType name="AllSignatoriesType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="all"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:complexType name="CreateSignatureLocationType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:token">

+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:complexType name="TransformParameterType">

+		<xsd:choice minOccurs="0">

+			<xsd:annotation>

+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>

+			</xsd:annotation>

+			<xsd:element name="Base64Content" type="xsd:base64Binary">

+				<xsd:annotation>

+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="Hash">

+				<xsd:annotation>

+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="dsig:DigestMethod"/>

+						<xsd:element ref="dsig:DigestValue"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:choice>

+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:element name="CreateSignatureEnvironmentProfile">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>

+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="VerifyTransformsInfoProfile">

+		<xsd:annotation>

+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>

+		</xsd:annotation>

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>

+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>

+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>

+	<xsd:element name="CreateTransformsInfoProfile">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>

+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
new file mode 100644
index 0000000..73d145e
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
@@ -0,0 +1,572 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  MOA SP/SS 2.0.0 Schema
+-->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create CMS Signature ###-->
+	<!--### Create CMS Signature Request ###-->
+	<xsd:element name="CreateCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateCMSSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="CMSDataObjectInfoType"/>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create CMS Signature Response ###-->
+	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+	<xsd:complexType name="CreateCMSSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--########## Create XML Signature ###-->
+	<!--### Create XML Signature Request ###-->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ###-->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Verify CMS Signature ###-->
+	<!--### Verifiy CMS Signature Request ###-->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ###-->
+	<!--### Verify XML Signature Request ###-->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ###-->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+			<xsd:element name="ExcludedByteRange" type="ExcludedByteRangeType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectRequiredMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+			<xsd:element name="ExcludedByteRange" type="ExcludedByteRangeType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ExcludedByteRangeType">
+		<xsd:sequence>
+			<xsd:element name="From" type="xsd:unsignedLong"/>
+			<xsd:element name="To" type="xsd:unsignedLong"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ###-->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ###-->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent>
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="SecureSignatureCreationDevice">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="IssuingCountry" type="xsd:token"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.3.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.3.xsd
new file mode 100644
index 0000000..8ab3d62
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.3.xsd
@@ -0,0 +1,253 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!--

+  MOA SP/SS 1.3 Configuration Schema

+-->

+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">

+  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+  <xs:element name="MOAConfiguration">

+    <xs:complexType>

+      <xs:sequence>

+        <xs:element name="Common" minOccurs="0">

+          <xs:complexType>

+            <xs:sequence>

+              <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">

+                <xs:complexType>

+                  <xs:sequence>

+                    <xs:element name="Name" type="xs:string"/>

+                    <xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+                    <xs:element name="UserPIN" type="xs:string"/>

+                  </xs:sequence>

+                </xs:complexType>

+              </xs:element>

+            </xs:sequence>

+          </xs:complexType>

+        </xs:element>

+        <xs:element name="SignatureCreation" minOccurs="0">

+          <xs:complexType>

+            <xs:sequence>

+              <xs:element name="KeyModules">

+                <xs:complexType>

+                  <xs:choice maxOccurs="unbounded">

+                    <xs:element name="HardwareKeyModule">

+                      <xs:complexType>

+                        <xs:sequence>

+                          <xs:element name="Id" type="xs:token"/>

+                          <xs:element name="Name" type="xs:string"/>

+                          <xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+                          <xs:element name="UserPIN" type="xs:string"/>

+                        </xs:sequence>

+                      </xs:complexType>

+                    </xs:element>

+                    <xs:element name="SoftwareKeyModule">

+                      <xs:complexType>

+                        <xs:sequence>

+                          <xs:element name="Id" type="xs:token"/>

+                          <xs:element name="FileName" type="xs:string"/>

+                          <xs:element name="Password" type="xs:string" minOccurs="0"/>

+                        </xs:sequence>

+                      </xs:complexType>

+                    </xs:element>

+                  </xs:choice>

+                </xs:complexType>

+              </xs:element>

+              <xs:element name="KeyGroup" maxOccurs="unbounded">

+                <xs:complexType>

+                  <xs:sequence>

+                    <xs:element name="Id" type="xs:token"/>

+                    <xs:sequence maxOccurs="unbounded">

+                      <xs:element name="Key">

+                        <xs:complexType>

+                          <xs:sequence>

+                            <xs:element name="KeyModuleId" type="xs:token"/>

+                            <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>

+                          </xs:sequence>

+                        </xs:complexType>

+                      </xs:element>

+                    </xs:sequence>

+                  </xs:sequence>

+                </xs:complexType>

+              </xs:element>

+              <xs:element name="KeyGroupMapping" maxOccurs="unbounded">

+                <xs:complexType>

+                  <xs:sequence>

+                    <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>

+                    <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>

+                  </xs:sequence>

+                </xs:complexType>

+              </xs:element>

+              <xs:element name="XMLDSig">

+                <xs:complexType>

+                  <xs:sequence>

+                    <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>

+                    <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>

+                  </xs:sequence>

+                </xs:complexType>

+              </xs:element>

+              <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+              <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+            </xs:sequence>

+          </xs:complexType>

+        </xs:element>

+        <xs:element name="SignatureVerification" minOccurs="0">

+          <xs:complexType>

+            <xs:sequence>

+              <xs:element name="CertificateValidation">

+                <xs:complexType>

+                  <xs:sequence>

+                    <xs:element name="PathConstruction">

+                      <xs:complexType>

+                        <xs:sequence>

+                          <xs:element name="AutoAddCertificates" type="xs:boolean"/>

+                          <xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>

+                          <xs:element name="CertificateStore">

+                            <xs:complexType>

+                              <xs:choice>

+                                <xs:element name="DirectoryStore">

+                                  <xs:complexType>

+                                    <xs:sequence>

+                                      <xs:element name="Location" type="xs:token"/>

+                                    </xs:sequence>

+                                  </xs:complexType>

+                                </xs:element>

+                              </xs:choice>

+                            </xs:complexType>

+                          </xs:element>

+                        </xs:sequence>

+                      </xs:complexType>

+                    </xs:element>

+                    <xs:element name="PathValidation">

+                      <xs:complexType>

+                        <xs:sequence>

+                          <xs:element name="ChainingMode">

+                            <xs:complexType>

+                              <xs:sequence>

+                                <xs:element name="DefaultMode" type="config:ChainingModeType"/>

+                                <xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">

+                                  <xs:complexType>

+                                    <xs:sequence>

+                                      <xs:element name="Identification" type="dsig:X509IssuerSerialType"/>

+                                      <xs:element name="Mode" type="config:ChainingModeType"/>

+                                    </xs:sequence>

+                                  </xs:complexType>

+                                </xs:element>

+                              </xs:sequence>

+                            </xs:complexType>

+                          </xs:element>

+                          <xs:element name="TrustProfile" maxOccurs="unbounded">

+                            <xs:complexType>

+                              <xs:sequence>

+                                <xs:element name="Id" type="xs:token"/>

+                                <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>

+                                <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>

+                              </xs:sequence>

+                            </xs:complexType>

+                          </xs:element>

+                        </xs:sequence>

+                      </xs:complexType>

+                    </xs:element>

+                    <xs:element name="RevocationChecking">

+                      <xs:complexType>

+                        <xs:sequence>

+                          <xs:element name="EnableChecking" type="xs:boolean"/>

+                          <xs:element name="MaxRevocationAge" type="xs:integer"/>

+                          <xs:element name="ServiceOrder" minOccurs="0">

+                            <xs:complexType>

+                              <xs:sequence minOccurs="2" maxOccurs="2">

+                                <xs:element name="Service">

+                                  <xs:simpleType>

+                                    <xs:restriction base="xs:token">

+                                      <xs:enumeration value="OCSP"/>

+                                      <xs:enumeration value="CRL"/>

+                                    </xs:restriction>

+                                  </xs:simpleType>

+                                </xs:element>

+                              </xs:sequence>

+                            </xs:complexType>

+                          </xs:element>

+                          <xs:element name="Archiving">

+                            <xs:complexType>

+                              <xs:sequence>

+                                <xs:element name="EnableArchiving" type="xs:boolean"/>

+                                <xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>

+                                <xs:element name="Archive" minOccurs="0">

+                                  <xs:complexType>

+                                    <xs:choice>

+                                      <xs:element name="DatabaseArchive">

+                                        <xs:complexType>

+                                          <xs:sequence>

+                                            <xs:element name="JDBCURL" type="xs:anyURI"/>

+                                            <xs:element name="JDBCDriverClassName" type="xs:token"/>

+                                          </xs:sequence>

+                                        </xs:complexType>

+                                      </xs:element>

+                                    </xs:choice>

+                                  </xs:complexType>

+                                </xs:element>

+                              </xs:sequence>

+                            </xs:complexType>

+                          </xs:element>

+                          <xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">

+                            <xs:complexType>

+                              <xs:sequence>

+                                <xs:element name="CAIssuerDN" type="xs:token"/>

+                                <xs:choice maxOccurs="unbounded">

+                                  <xs:element name="CRLDP">

+                                    <xs:complexType>

+                                      <xs:sequence>

+                                        <xs:element name="Location" type="xs:anyURI"/>

+                                        <xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">

+                                          <xs:simpleType>

+                                            <xs:restriction base="xs:token">

+                                              <xs:enumeration value="unused"/>

+                                              <xs:enumeration value="keyCompromise"/>

+                                              <xs:enumeration value="cACompromise"/>

+                                              <xs:enumeration value="affiliationChanged"/>

+                                              <xs:enumeration value="superseded"/>

+                                              <xs:enumeration value="cessationOfOperation"/>

+                                              <xs:enumeration value="certificateHold"/>

+                                              <xs:enumeration value="privilegeWithdrawn"/>

+                                              <xs:enumeration value="aACompromise"/>

+                                            </xs:restriction>

+                                          </xs:simpleType>

+                                        </xs:element>

+                                      </xs:sequence>

+                                    </xs:complexType>

+                                  </xs:element>

+                                  <xs:element name="OCSPDP">

+                                    <xs:complexType>

+                                      <xs:sequence>

+                                        <xs:element name="Location" type="xs:anyURI"/>

+                                      </xs:sequence>

+                                    </xs:complexType>

+                                  </xs:element>

+                                </xs:choice>

+                              </xs:sequence>

+                            </xs:complexType>

+                          </xs:element>

+                        </xs:sequence>

+                      </xs:complexType>

+                    </xs:element>

+                  </xs:sequence>

+                </xs:complexType>

+              </xs:element>

+              <xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+              <xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+            </xs:sequence>

+          </xs:complexType>

+        </xs:element>

+      </xs:sequence>

+    </xs:complexType>

+  </xs:element>

+  <xs:simpleType name="ChainingModeType">

+    <xs:restriction base="xs:string">

+      <xs:enumeration value="chaining"/>

+      <xs:enumeration value="pkix"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:complexType name="ProfileType">

+    <xs:sequence>

+      <xs:element name="Id" type="xs:token"/>

+      <xs:element name="Location" type="xs:anyURI"/>

+    </xs:sequence>

+  </xs:complexType>

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd
new file mode 100644
index 0000000..2b2f1d6
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd
@@ -0,0 +1,312 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!--

+  MOA SP/SS 1.4.3 Configuration Schema

+-->

+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">

+  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+  <xs:element name="MOAConfiguration">

+    <xs:complexType>

+      <xs:sequence>

+        <xs:element name="Common" minOccurs="0">

+          <xs:complexType>

+            <xs:sequence>

+              <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">

+                <xs:complexType>

+                  <xs:sequence>

+                    <xs:element name="Name" type="xs:string"/>

+                    <xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+                    <xs:element name="UserPIN" type="xs:string"/>

+                  </xs:sequence>

+                </xs:complexType>

+              </xs:element>

+            </xs:sequence>

+          </xs:complexType>

+        </xs:element>

+        <xs:element name="SignatureCreation" minOccurs="0">

+          <xs:complexType>

+            <xs:sequence>

+              <xs:element name="KeyModules">

+                <xs:complexType>

+                  <xs:choice maxOccurs="unbounded">

+                    <xs:element name="HardwareKeyModule">

+                      <xs:complexType>

+                        <xs:sequence>

+                          <xs:element name="Id" type="xs:token"/>

+                          <xs:element name="Name" type="xs:string"/>

+                          <xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+                          <xs:element name="UserPIN" type="xs:string"/>

+                        </xs:sequence>

+                      </xs:complexType>

+                    </xs:element>

+                    <xs:element name="SoftwareKeyModule">

+                      <xs:complexType>

+                        <xs:sequence>

+                          <xs:element name="Id" type="xs:token"/>

+                          <xs:element name="FileName" type="xs:string"/>

+                          <xs:element name="Password" type="xs:string" minOccurs="0"/>

+                        </xs:sequence>

+                      </xs:complexType>

+                    </xs:element>

+                  </xs:choice>

+                </xs:complexType>

+              </xs:element>

+              <xs:element name="KeyGroup" maxOccurs="unbounded">

+                <xs:complexType>

+                  <xs:sequence>

+                    <xs:element name="Id" type="xs:token"/>

+                    <xs:sequence maxOccurs="unbounded">

+                      <xs:element name="Key">

+                        <xs:complexType>

+                          <xs:sequence>

+                            <xs:element name="KeyModuleId" type="xs:token"/>

+                            <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>

+                          </xs:sequence>

+                        </xs:complexType>

+                      </xs:element>

+                    </xs:sequence>

+                  </xs:sequence>

+                </xs:complexType>

+              </xs:element>

+              <xs:element name="KeyGroupMapping" maxOccurs="unbounded">

+                <xs:complexType>

+                  <xs:sequence>

+                    <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>

+                    <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>

+                  </xs:sequence>

+                </xs:complexType>

+              </xs:element>

+              <xs:element name="XMLDSig">

+                <xs:complexType>

+                  <xs:sequence>

+                    <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>

+                    <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>

+                  </xs:sequence>

+                </xs:complexType>

+              </xs:element>

+              <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+              <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+            </xs:sequence>

+          </xs:complexType>

+        </xs:element>

+        <xs:element name="SignatureVerification" minOccurs="0">

+          <xs:complexType>

+            <xs:sequence>

+            	<xs:element name="CertificateValidation">

+            		<xs:complexType>

+            			<xs:sequence>

+            				<xs:element name="PathConstruction">

+            					<xs:complexType>

+            						<xs:sequence>

+            							<xs:element

+            								name="AutoAddCertificates" type="xs:boolean" />

+            							<xs:element

+            								name="UseAuthorityInformationAccess"

+            								type="xs:boolean" />

+            							<xs:element

+            								name="CertificateStore">

+            								<xs:complexType>

+            									<xs:choice>

+            										<xs:element

+            											name="DirectoryStore">

+            											<xs:complexType>

+            												<xs:sequence>

+            													<xs:element

+            														name="Location" type="xs:token" />

+            												</xs:sequence>

+            											</xs:complexType>

+            										</xs:element>

+            									</xs:choice>

+            								</xs:complexType>

+            							</xs:element>

+            						</xs:sequence>

+            					</xs:complexType>

+            				</xs:element>

+            				<xs:element name="PathValidation">

+            					<xs:complexType>

+            						<xs:sequence>

+            							<xs:element

+            								name="ChainingMode">

+            								<xs:complexType>

+            									<xs:sequence>

+            										<xs:element

+            											name="DefaultMode"

+            											type="config:ChainingModeType" />

+            										<xs:element

+            											name="TrustAnchor" minOccurs="0"

+            											maxOccurs="unbounded">

+            											<xs:complexType>

+            												<xs:sequence>

+            													<xs:element

+            														name="Identification"

+            														type="dsig:X509IssuerSerialType" />

+            													<xs:element

+            														name="Mode" type="config:ChainingModeType" />

+            												</xs:sequence>

+            											</xs:complexType>

+            										</xs:element>

+            									</xs:sequence>

+            								</xs:complexType>

+            							</xs:element>

+            							<xs:element name="TrustProfile"

+            								maxOccurs="unbounded">

+            								<xs:complexType>

+            									<xs:sequence>

+            										<xs:element

+            											name="Id" type="xs:token" />

+            										<xs:element

+            											name="TrustAnchorsLocation" type="xs:anyURI" />

+            										<xs:element

+            											name="SignerCertsLocation" type="xs:anyURI"

+            											minOccurs="0" />

+            									</xs:sequence>

+            								</xs:complexType>

+            							</xs:element>

+            						</xs:sequence>

+            					</xs:complexType>

+            				</xs:element>

+            				<xs:element name="RevocationChecking">

+            					<xs:complexType>

+            						<xs:sequence>

+            							<xs:element

+            								name="EnableChecking" type="xs:boolean" />

+            							<xs:element

+            								name="MaxRevocationAge" type="xs:integer" />

+            							<xs:element name="ServiceOrder"

+            								minOccurs="0">

+            								<xs:complexType>

+            									<xs:sequence

+            										minOccurs="2" maxOccurs="2">

+            										<xs:element

+            											name="Service">

+            											<xs:simpleType>

+            												<xs:restriction

+            													base="xs:token">

+            													<xs:enumeration

+            														value="OCSP" />

+            													<xs:enumeration

+            														value="CRL" />

+            												</xs:restriction>

+            											</xs:simpleType>

+            										</xs:element>

+            									</xs:sequence>

+            								</xs:complexType>

+            							</xs:element>

+            							<xs:element name="Archiving">

+            								<xs:complexType>

+            									<xs:sequence>

+            										<xs:element

+            											name="EnableArchiving" type="xs:boolean" />

+            										<xs:element

+            											name="ArchiveDuration"

+            											type="xs:nonNegativeInteger" minOccurs="0" />

+            										<xs:element

+            											name="Archive" minOccurs="0">

+            											<xs:complexType>

+            												<xs:choice>

+            													<xs:element

+            														name="DatabaseArchive">

+            														<xs:complexType>

+            															<xs:sequence>

+            																<xs:element

+            																	name="JDBCURL" type="xs:anyURI" />

+            																<xs:element

+            																	name="JDBCDriverClassName" type="xs:token" />

+            															</xs:sequence>

+            														</xs:complexType>

+            													</xs:element>

+            												</xs:choice>

+            											</xs:complexType>

+            										</xs:element>

+            									</xs:sequence>

+            								</xs:complexType>

+            							</xs:element>

+            							<xs:element

+            								name="DistributionPoint" minOccurs="0"

+            								maxOccurs="unbounded">

+            								<xs:complexType>

+            									<xs:sequence>

+            										<xs:element

+            											name="CAIssuerDN" type="xs:token" />

+            										<xs:choice

+            											maxOccurs="unbounded">

+            											<xs:element

+            												name="CRLDP">

+            												<xs:complexType>

+            													<xs:sequence>

+            														<xs:element

+            															name="Location" type="xs:anyURI" />

+            														<xs:element

+            															name="ReasonCode" minOccurs="0"

+            															maxOccurs="unbounded">

+            															<xs:simpleType>

+            																<xs:restriction

+            																	base="xs:token">

+            																	<xs:enumeration

+            																		value="unused" />

+            																	<xs:enumeration

+            																		value="keyCompromise" />

+            																	<xs:enumeration

+            																		value="cACompromise" />

+            																	<xs:enumeration

+            																		value="affiliationChanged" />

+            																	<xs:enumeration

+            																		value="superseded" />

+            																	<xs:enumeration

+            																		value="cessationOfOperation" />

+            																	<xs:enumeration

+            																		value="certificateHold" />

+            																	<xs:enumeration

+            																		value="privilegeWithdrawn" />

+            																	<xs:enumeration

+            																		value="aACompromise" />

+            																</xs:restriction>

+            															</xs:simpleType>

+            														</xs:element>

+            													</xs:sequence>

+            												</xs:complexType>

+            											</xs:element>

+            											<xs:element

+            												name="OCSPDP">

+            												<xs:complexType>

+            													<xs:sequence>

+            														<xs:element

+            															name="Location" type="xs:anyURI" />

+            													</xs:sequence>

+            												</xs:complexType>

+            											</xs:element>

+            										</xs:choice>

+            									</xs:sequence>

+            								</xs:complexType>

+            							</xs:element>

+            						</xs:sequence>

+            					</xs:complexType>

+            				</xs:element>

+            			</xs:sequence>

+            		</xs:complexType>

+            	</xs:element>

+            	<xs:element name="VerifyTransformsInfoProfile"

+            		type="config:ProfileType" minOccurs="0"

+            		maxOccurs="unbounded" />

+            	<xs:element name="SupplementProfile"

+            		type="config:ProfileType" minOccurs="0"

+            		maxOccurs="unbounded" />

+            	<xs:element name="PermitFileURIs" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/>

+            </xs:sequence>

+          </xs:complexType>

+        </xs:element>

+      </xs:sequence>

+    </xs:complexType>

+  </xs:element>

+  <xs:simpleType name="ChainingModeType">

+    <xs:restriction base="xs:string">

+      <xs:enumeration value="chaining"/>

+      <xs:enumeration value="pkix"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:complexType name="ProfileType">

+    <xs:sequence>

+      <xs:element name="Id" type="xs:token"/>

+      <xs:element name="Location" type="xs:anyURI"/>

+    </xs:sequence>

+  </xs:complexType>

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.5.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.5.xsd
new file mode 100644
index 0000000..8da3a72
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.5.xsd
@@ -0,0 +1,268 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!--

+  MOA SP/SS 1.4.5 Configuration Schema

+-->

+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">

+	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xs:element name="MOAConfiguration">

+		<xs:complexType>

+			<xs:sequence>

+				<xs:element name="Common" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="Name" type="xs:string"/>

+										<xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+										<xs:element name="UserPIN" type="xs:string"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+				<xs:element name="SignatureCreation" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="KeyModules">

+								<xs:complexType>

+									<xs:choice maxOccurs="unbounded">

+										<xs:element name="HardwareKeyModule">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="Id" type="xs:token"/>

+													<xs:element name="Name" type="xs:string"/>

+													<xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+													<xs:element name="UserPIN" type="xs:string"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="SoftwareKeyModule">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="Id" type="xs:token"/>

+													<xs:element name="FileName" type="xs:string"/>

+													<xs:element name="Password" type="xs:string" minOccurs="0"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+									</xs:choice>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="KeyGroup" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="Id" type="xs:token"/>

+										<xs:sequence maxOccurs="unbounded">

+											<xs:element name="Key">

+												<xs:complexType>

+													<xs:sequence>

+														<xs:element name="KeyModuleId" type="xs:token"/>

+														<xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>

+													</xs:sequence>

+												</xs:complexType>

+											</xs:element>

+										</xs:sequence>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="KeyGroupMapping" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>

+										<xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="XMLDSig">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>

+										<xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+				<xs:element name="SignatureVerification" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="CertificateValidation">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="PathConstruction">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="AutoAddCertificates" type="xs:boolean"/>

+													<xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>

+													<xs:element name="CertificateStore">

+														<xs:complexType>

+															<xs:choice>

+																<xs:element name="DirectoryStore">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="Location" type="xs:token"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:choice>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="PathValidation">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="ChainingMode">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="DefaultMode" type="config:ChainingModeType"/>

+																<xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="Identification" type="dsig:X509IssuerSerialType"/>

+																			<xs:element name="Mode" type="config:ChainingModeType"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="TrustProfile" maxOccurs="unbounded">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="Id" type="xs:token"/>

+																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>

+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="RevocationChecking">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="EnableChecking" type="xs:boolean"/>

+													<xs:element name="MaxRevocationAge" type="xs:integer"/>

+													<xs:element name="ServiceOrder" minOccurs="0">

+														<xs:complexType>

+															<xs:sequence minOccurs="1" maxOccurs="2">

+																<xs:element name="Service">

+																	<xs:simpleType>

+																		<xs:restriction base="xs:token">

+																			<xs:enumeration value="OCSP"/>

+																			<xs:enumeration value="CRL"/>

+																		</xs:restriction>

+																	</xs:simpleType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="Archiving">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="EnableArchiving" type="xs:boolean"/>

+																<xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>

+																<xs:element name="Archive" minOccurs="0">

+																	<xs:complexType>

+																		<xs:choice>

+																			<xs:element name="DatabaseArchive">

+																				<xs:complexType>

+																					<xs:sequence>

+																						<xs:element name="JDBCURL" type="xs:anyURI"/>

+																						<xs:element name="JDBCDriverClassName" type="xs:token"/>

+																					</xs:sequence>

+																				</xs:complexType>

+																			</xs:element>

+																		</xs:choice>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="CAIssuerDN" type="xs:token"/>

+																<xs:choice maxOccurs="unbounded">

+																	<xs:element name="CRLDP">

+																		<xs:complexType>

+																			<xs:sequence>

+																				<xs:element name="Location" type="xs:anyURI"/>

+																				<xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">

+																					<xs:simpleType>

+																						<xs:restriction base="xs:token">

+																							<xs:enumeration value="unused"/>

+																							<xs:enumeration value="keyCompromise"/>

+																							<xs:enumeration value="cACompromise"/>

+																							<xs:enumeration value="affiliationChanged"/>

+																							<xs:enumeration value="superseded"/>

+																							<xs:enumeration value="cessationOfOperation"/>

+																							<xs:enumeration value="certificateHold"/>

+																							<xs:enumeration value="privilegeWithdrawn"/>

+																							<xs:enumeration value="aACompromise"/>

+																						</xs:restriction>

+																					</xs:simpleType>

+																				</xs:element>

+																			</xs:sequence>

+																		</xs:complexType>

+																	</xs:element>

+																	<xs:element name="OCSPDP">

+																		<xs:complexType>

+																			<xs:sequence>

+																				<xs:element name="Location" type="xs:anyURI"/>

+																			</xs:sequence>

+																		</xs:complexType>

+																	</xs:element>

+																</xs:choice>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="CrlRetentionIntervals" minOccurs="0">

+														<xs:complexType>

+															<xs:sequence maxOccurs="unbounded">

+																<xs:element name="CA">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="X509IssuerName" type="xs:string"/>

+																			<xs:element name="Interval" type="xs:integer"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+			</xs:sequence>

+		</xs:complexType>

+	</xs:element>

+	<xs:simpleType name="ChainingModeType">

+		<xs:restriction base="xs:string">

+			<xs:enumeration value="chaining"/>

+			<xs:enumeration value="pkix"/>

+		</xs:restriction>

+	</xs:simpleType>

+	<xs:complexType name="ProfileType">

+		<xs:sequence>

+			<xs:element name="Id" type="xs:token"/>

+			<xs:element name="Location" type="xs:anyURI"/>

+		</xs:sequence>

+	</xs:complexType>

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd
new file mode 100644
index 0000000..4808f3c
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd
@@ -0,0 +1,268 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!--

+  MOA SP/SS 1.4.7 Configuration Schema

+-->

+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">

+	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xs:element name="MOAConfiguration">

+		<xs:complexType>

+			<xs:sequence>

+				<xs:element name="Common" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="Name" type="xs:string"/>

+										<xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+										<xs:element name="UserPIN" type="xs:string"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+				<xs:element name="SignatureCreation" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="KeyModules">

+								<xs:complexType>

+									<xs:choice maxOccurs="unbounded">

+										<xs:element name="HardwareKeyModule">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="Id" type="xs:token"/>

+													<xs:element name="Name" type="xs:string"/>

+													<xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+													<xs:element name="UserPIN" type="xs:string"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="SoftwareKeyModule">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="Id" type="xs:token"/>

+													<xs:element name="FileName" type="xs:string"/>

+													<xs:element name="Password" type="xs:string" minOccurs="0"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+									</xs:choice>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="KeyGroup" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="Id" type="xs:token"/>

+										<xs:sequence maxOccurs="unbounded">

+											<xs:element name="Key">

+												<xs:complexType>

+													<xs:sequence>

+														<xs:element name="KeyModuleId" type="xs:token"/>

+														<xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>

+													</xs:sequence>

+												</xs:complexType>

+											</xs:element>

+										</xs:sequence>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="KeyGroupMapping" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>

+										<xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="XMLDSig">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>

+										<xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+				<xs:element name="SignatureVerification" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="CertificateValidation">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="PathConstruction">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="AutoAddCertificates" type="xs:boolean"/>

+													<xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>

+													<xs:element name="CertificateStore">

+														<xs:complexType>

+															<xs:choice>

+																<xs:element name="DirectoryStore">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="Location" type="xs:token"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:choice>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="PathValidation">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="ChainingMode">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="DefaultMode" type="config:ChainingModeType"/>

+																<xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="Identification" type="dsig:X509IssuerSerialType"/>

+																			<xs:element name="Mode" type="config:ChainingModeType"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="TrustProfile" maxOccurs="unbounded">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="Id" type="xs:token"/>

+																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>

+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="RevocationChecking">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="EnableChecking" type="xs:boolean"/>

+													<xs:element name="MaxRevocationAge" type="xs:integer"/>

+													<xs:element name="ServiceOrder" minOccurs="0">

+														<xs:complexType>

+															<xs:sequence minOccurs="1" maxOccurs="2">

+																<xs:element name="Service">

+																	<xs:simpleType>

+																		<xs:restriction base="xs:token">

+																			<xs:enumeration value="OCSP"/>

+																			<xs:enumeration value="CRL"/>

+																		</xs:restriction>

+																	</xs:simpleType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="Archiving">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="EnableArchiving" type="xs:boolean"/>

+																<xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>

+																<xs:element name="Archive" minOccurs="0">

+																	<xs:complexType>

+																		<xs:choice>

+																			<xs:element name="DatabaseArchive">

+																				<xs:complexType>

+																					<xs:sequence>

+																						<xs:element name="JDBCURL" type="xs:anyURI"/>

+																						<xs:element name="JDBCDriverClassName" type="xs:token"/>

+																					</xs:sequence>

+																				</xs:complexType>

+																			</xs:element>

+																		</xs:choice>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="CAIssuerDN" type="xs:token"/>

+																<xs:choice maxOccurs="unbounded">

+																	<xs:element name="CRLDP">

+																		<xs:complexType>

+																			<xs:sequence>

+																				<xs:element name="Location" type="xs:anyURI"/>

+																				<xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">

+																					<xs:simpleType>

+																						<xs:restriction base="xs:token">

+																							<xs:enumeration value="unused"/>

+																							<xs:enumeration value="keyCompromise"/>

+																							<xs:enumeration value="cACompromise"/>

+																							<xs:enumeration value="affiliationChanged"/>

+																							<xs:enumeration value="superseded"/>

+																							<xs:enumeration value="cessationOfOperation"/>

+																							<xs:enumeration value="certificateHold"/>

+																							<xs:enumeration value="privilegeWithdrawn"/>

+																							<xs:enumeration value="aACompromise"/>

+																						</xs:restriction>

+																					</xs:simpleType>

+																				</xs:element>

+																			</xs:sequence>

+																		</xs:complexType>

+																	</xs:element>

+																	<xs:element name="OCSPDP">

+																		<xs:complexType>

+																			<xs:sequence>

+																				<xs:element name="Location" type="xs:anyURI"/>

+																			</xs:sequence>

+																		</xs:complexType>

+																	</xs:element>

+																</xs:choice>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="CrlRetentionIntervals" minOccurs="0">

+														<xs:complexType>

+															<xs:sequence maxOccurs="unbounded">

+																<xs:element name="CA">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="X509IssuerName" type="xs:string"/>

+																			<xs:element name="Interval" type="xs:integer"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+			</xs:sequence>

+		</xs:complexType>

+	</xs:element>

+	<xs:simpleType name="ChainingModeType">

+		<xs:restriction base="xs:string">

+			<xs:enumeration value="chaining"/>

+			<xs:enumeration value="pkix"/>

+		</xs:restriction>

+	</xs:simpleType>

+	<xs:complexType name="ProfileType">

+		<xs:sequence>

+			<xs:element name="Id" type="xs:token"/>

+			<xs:element name="Location" type="xs:anyURI"/>

+		</xs:sequence>

+	</xs:complexType>

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd
new file mode 100644
index 0000000..01cd7c4
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd
@@ -0,0 +1,282 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!--

+  MOA SP/SS 1.5.1 Configuration Schema

+-->

+<xs:schema xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified">

+	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xs:element name="MOAConfiguration">

+		<xs:complexType>

+			<xs:sequence>

+				<xs:element name="Common" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="Name" type="xs:string"/>

+										<xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+										<xs:element name="UserPIN" type="xs:string"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="PermitExternalUris" minOccurs="0">

+								<xs:complexType>

+									<xs:sequence minOccurs="0" maxOccurs="unbounded">

+										<xs:element name="BlackListUri">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="IP" type="xs:string"/>

+													<xs:element name="Port" type="xs:int" minOccurs="0"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+				<xs:element name="SignatureCreation" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="KeyModules">

+								<xs:complexType>

+									<xs:choice maxOccurs="unbounded">

+										<xs:element name="HardwareKeyModule">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="Id" type="xs:token"/>

+													<xs:element name="Name" type="xs:string"/>

+													<xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+													<xs:element name="UserPIN" type="xs:string"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="SoftwareKeyModule">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="Id" type="xs:token"/>

+													<xs:element name="FileName" type="xs:string"/>

+													<xs:element name="Password" type="xs:string" minOccurs="0"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+									</xs:choice>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="KeyGroup" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="Id" type="xs:token"/>

+										<xs:sequence maxOccurs="unbounded">

+											<xs:element name="Key">

+												<xs:complexType>

+													<xs:sequence>

+														<xs:element name="KeyModuleId" type="xs:token"/>

+														<xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>

+													</xs:sequence>

+												</xs:complexType>

+											</xs:element>

+										</xs:sequence>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="KeyGroupMapping" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>

+										<xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="XMLDSig">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>

+										<xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+				<xs:element name="SignatureVerification" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="CertificateValidation">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="PathConstruction">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="AutoAddCertificates" type="xs:boolean"/>

+													<xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>

+													<xs:element name="CertificateStore">

+														<xs:complexType>

+															<xs:choice>

+																<xs:element name="DirectoryStore">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="Location" type="xs:token"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:choice>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="PathValidation">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="ChainingMode">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="DefaultMode" type="config:ChainingModeType"/>

+																<xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="Identification" type="dsig:X509IssuerSerialType"/>

+																			<xs:element name="Mode" type="config:ChainingModeType"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="TrustProfile" maxOccurs="unbounded">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="Id" type="xs:token"/>

+																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>

+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="RevocationChecking">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="EnableChecking" type="xs:boolean"/>

+													<xs:element name="MaxRevocationAge" type="xs:integer"/>

+													<xs:element name="ServiceOrder" minOccurs="0">

+														<xs:complexType>

+															<xs:sequence maxOccurs="2">

+																<xs:element name="Service">

+																	<xs:simpleType>

+																		<xs:restriction base="xs:token">

+																			<xs:enumeration value="OCSP"/>

+																			<xs:enumeration value="CRL"/>

+																		</xs:restriction>

+																	</xs:simpleType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="Archiving">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="EnableArchiving" type="xs:boolean"/>

+																<xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>

+																<xs:element name="Archive" minOccurs="0">

+																	<xs:complexType>

+																		<xs:choice>

+																			<xs:element name="DatabaseArchive">

+																				<xs:complexType>

+																					<xs:sequence>

+																						<xs:element name="JDBCURL" type="xs:anyURI"/>

+																						<xs:element name="JDBCDriverClassName" type="xs:token"/>

+																					</xs:sequence>

+																				</xs:complexType>

+																			</xs:element>

+																		</xs:choice>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="CAIssuerDN" type="xs:token"/>

+																<xs:choice maxOccurs="unbounded">

+																	<xs:element name="CRLDP">

+																		<xs:complexType>

+																			<xs:sequence>

+																				<xs:element name="Location" type="xs:anyURI"/>

+																				<xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">

+																					<xs:simpleType>

+																						<xs:restriction base="xs:token">

+																							<xs:enumeration value="unused"/>

+																							<xs:enumeration value="keyCompromise"/>

+																							<xs:enumeration value="cACompromise"/>

+																							<xs:enumeration value="affiliationChanged"/>

+																							<xs:enumeration value="superseded"/>

+																							<xs:enumeration value="cessationOfOperation"/>

+																							<xs:enumeration value="certificateHold"/>

+																							<xs:enumeration value="privilegeWithdrawn"/>

+																							<xs:enumeration value="aACompromise"/>

+																						</xs:restriction>

+																					</xs:simpleType>

+																				</xs:element>

+																			</xs:sequence>

+																		</xs:complexType>

+																	</xs:element>

+																	<xs:element name="OCSPDP">

+																		<xs:complexType>

+																			<xs:sequence>

+																				<xs:element name="Location" type="xs:anyURI"/>

+																			</xs:sequence>

+																		</xs:complexType>

+																	</xs:element>

+																</xs:choice>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="CrlRetentionIntervals" minOccurs="0">

+														<xs:complexType>

+															<xs:sequence maxOccurs="unbounded">

+																<xs:element name="CA">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="X509IssuerName" type="xs:string"/>

+																			<xs:element name="Interval" type="xs:integer"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+			</xs:sequence>

+		</xs:complexType>

+	</xs:element>

+	<xs:simpleType name="ChainingModeType">

+		<xs:restriction base="xs:string">

+			<xs:enumeration value="chaining"/>

+			<xs:enumeration value="pkix"/>

+		</xs:restriction>

+	</xs:simpleType>

+	<xs:complexType name="ProfileType">

+		<xs:sequence>

+			<xs:element name="Id" type="xs:token"/>

+			<xs:element name="Location" type="xs:anyURI"/>

+		</xs:sequence>

+	</xs:complexType>

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.0.xsd
new file mode 100644
index 0000000..91d2811
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.0.xsd
@@ -0,0 +1,353 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!--

+  MOA SP/SS 1.5.1 Configuration Schema

+-->

+<xs:schema xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified">

+	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xs:element name="MOAConfiguration">

+		<xs:complexType>

+			<xs:sequence>

+				<xs:element name="Common" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="Name" type="xs:string"/>

+										<xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+										<xs:element name="UserPIN" type="xs:string"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:choice>

+								<xs:element name="PermitExternalUris" minOccurs="0">

+									<xs:complexType>

+										<xs:sequence minOccurs="0">

+											<xs:element name="BlackListUri" minOccurs="0" maxOccurs="unbounded">

+												<xs:complexType>

+													<xs:sequence>

+														<xs:element name="IP" type="xs:string"/>

+														<xs:element name="Port" type="xs:int" minOccurs="0"/>

+													</xs:sequence>

+												</xs:complexType>

+											</xs:element>

+										</xs:sequence>

+									</xs:complexType>

+								</xs:element>

+								<xs:element name="ForbidExternalUris" minOccurs="0">

+									<xs:complexType>

+										<xs:sequence>

+											<xs:element name="WhiteListUri" minOccurs="0" maxOccurs="unbounded">

+												<xs:complexType>

+													<xs:sequence>

+														<xs:element name="IP" type="xs:string"/>

+														<xs:element name="Port" type="xs:int" minOccurs="0"/>

+													</xs:sequence>

+												</xs:complexType>

+											</xs:element>

+										</xs:sequence>

+									</xs:complexType>

+								</xs:element>

+							</xs:choice>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+				<xs:element name="SignatureCreation" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="KeyModules">

+								<xs:complexType>

+									<xs:choice maxOccurs="unbounded">

+										<xs:element name="HardwareKeyModule">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="Id" type="xs:token"/>

+													<xs:element name="Name" type="xs:string"/>

+													<xs:element name="SlotId" type="xs:string" minOccurs="0"/>

+													<xs:element name="UserPIN" type="xs:string"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="SoftwareKeyModule">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="Id" type="xs:token"/>

+													<xs:element name="FileName" type="xs:string"/>

+													<xs:element name="Password" type="xs:string" minOccurs="0"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+									</xs:choice>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="KeyGroup" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="Id" type="xs:token"/>

+										<xs:sequence maxOccurs="unbounded">

+											<xs:element name="Key">

+												<xs:complexType>

+													<xs:sequence>

+														<xs:element name="KeyModuleId" type="xs:token"/>

+														<xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>

+													</xs:sequence>

+												</xs:complexType>

+											</xs:element>

+										</xs:sequence>

+										<xs:element name="DigestMethodAlgorithm" minOccurs="0"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="KeyGroupMapping" maxOccurs="unbounded">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>

+										<xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="XMLDSig">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>

+										<xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="XAdES" minOccurs="0">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="Version">

+											<xs:simpleType>

+												<xs:restriction base="xs:token">

+													<xs:enumeration value="1.4.2"/>

+												</xs:restriction>

+											</xs:simpleType>

+										</xs:element>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+				<xs:element name="SignatureVerification" minOccurs="0">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="CertificateValidation">

+								<xs:complexType>

+									<xs:sequence>

+										<xs:element name="PathConstruction">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="AutoAddCertificates" type="xs:boolean"/>

+													<xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>

+													<xs:element name="CertificateStore">

+														<xs:complexType>

+															<xs:choice>

+																<xs:element name="DirectoryStore">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="Location" type="xs:token"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:choice>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="PathValidation">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="ChainingMode">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="DefaultMode" type="config:ChainingModeType"/>

+																<xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="Identification" type="dsig:X509IssuerSerialType"/>

+																			<xs:element name="Mode" type="config:ChainingModeType"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="TrustProfile" minOccurs="0" maxOccurs="unbounded">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="Id" type="xs:token"/>

+																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>

+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>

+																<xs:element name="EUTSL" minOccurs="0">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="CountrySelection" type="xs:string" minOccurs="0"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<!-- 

+													<xs:element name="TSLTrustProfile">

+													<xs:complexType>

+															<xs:sequence>

+																<xs:element name="Id" type="xs:token"/>

+																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>

+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>

+																<xs:element name="EUTSL" minOccurs="0">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="CountrySelection" minOccurs="0"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													 -->

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="RevocationChecking">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="EnableChecking" type="xs:boolean"/>

+													<xs:element name="MaxRevocationAge" type="xs:integer"/>

+													<xs:element name="ServiceOrder" minOccurs="0">

+														<xs:complexType>

+															<xs:sequence maxOccurs="2">

+																<xs:element name="Service">

+																	<xs:simpleType>

+																		<xs:restriction base="xs:token">

+																			<xs:enumeration value="OCSP"/>

+																			<xs:enumeration value="CRL"/>

+																		</xs:restriction>

+																	</xs:simpleType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="Archiving">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="EnableArchiving" type="xs:boolean"/>

+																<xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>

+																<xs:element name="Archive" minOccurs="0">

+																	<xs:complexType>

+																		<xs:choice>

+																			<xs:element name="DatabaseArchive">

+																				<xs:complexType>

+																					<xs:sequence>

+																						<xs:element name="JDBCURL" type="xs:anyURI"/>

+																						<xs:element name="JDBCDriverClassName" type="xs:token"/>

+																					</xs:sequence>

+																				</xs:complexType>

+																			</xs:element>

+																		</xs:choice>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="CAIssuerDN" type="xs:token"/>

+																<xs:choice maxOccurs="unbounded">

+																	<xs:element name="CRLDP">

+																		<xs:complexType>

+																			<xs:sequence>

+																				<xs:element name="Location" type="xs:anyURI"/>

+																				<xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">

+																					<xs:simpleType>

+																						<xs:restriction base="xs:token">

+																							<xs:enumeration value="unused"/>

+																							<xs:enumeration value="keyCompromise"/>

+																							<xs:enumeration value="cACompromise"/>

+																							<xs:enumeration value="affiliationChanged"/>

+																							<xs:enumeration value="superseded"/>

+																							<xs:enumeration value="cessationOfOperation"/>

+																							<xs:enumeration value="certificateHold"/>

+																							<xs:enumeration value="privilegeWithdrawn"/>

+																							<xs:enumeration value="aACompromise"/>

+																						</xs:restriction>

+																					</xs:simpleType>

+																				</xs:element>

+																			</xs:sequence>

+																		</xs:complexType>

+																	</xs:element>

+																	<xs:element name="OCSPDP">

+																		<xs:complexType>

+																			<xs:sequence>

+																				<xs:element name="Location" type="xs:anyURI"/>

+																			</xs:sequence>

+																		</xs:complexType>

+																	</xs:element>

+																</xs:choice>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="CrlRetentionIntervals" minOccurs="0">

+														<xs:complexType>

+															<xs:sequence maxOccurs="unbounded">

+																<xs:element name="CA">

+																	<xs:complexType>

+																		<xs:sequence>

+																			<xs:element name="X509IssuerName" type="xs:string"/>

+																			<xs:element name="Interval" type="xs:integer"/>

+																		</xs:sequence>

+																	</xs:complexType>

+																</xs:element>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+										<xs:element name="TSLConfiguration" minOccurs="0">

+											<xs:complexType>

+												<xs:sequence>

+													<xs:element name="EUTSLUrl" type="xs:anyURI" minOccurs="0"/>

+													<xs:element name="UpdateSchedule" minOccurs="0">

+														<xs:complexType>

+															<xs:sequence>

+																<xs:element name="StartTime" type="xs:time"/>

+																<xs:element name="Period" type="xs:unsignedLong"/>

+															</xs:sequence>

+														</xs:complexType>

+													</xs:element>

+													<xs:element name="WorkingDirectory" type="xs:anyURI" minOccurs="0"/>

+												</xs:sequence>

+											</xs:complexType>

+										</xs:element>

+									</xs:sequence>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>

+							<xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+			</xs:sequence>

+		</xs:complexType>

+	</xs:element>

+	<xs:simpleType name="ChainingModeType">

+		<xs:restriction base="xs:string">

+			<xs:enumeration value="chaining"/>

+			<xs:enumeration value="pkix"/>

+		</xs:restriction>

+	</xs:simpleType>

+	<xs:complexType name="ProfileType">

+		<xs:sequence>

+			<xs:element name="Id" type="xs:token"/>

+			<xs:element name="Location" type="xs:anyURI"/>

+		</xs:sequence>

+	</xs:complexType>

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOAIdentities.xsd b/moaSig/common/src/main/resources/resources/schemas/MOAIdentities.xsd
new file mode 100644
index 0000000..de9d9d4
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOAIdentities.xsd
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->

+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" elementFormDefault="qualified" attributeFormDefault="unqualified">

+	<xs:element name="MOAIdentities">

+		<xs:annotation>

+			<xs:documentation>MOAIdentities provides a mapping from identities to parameters used in the XMLLoginParameterResolver of MOA-ID</xs:documentation>

+		</xs:annotation>

+		<xs:complexType>

+			<xs:sequence maxOccurs="unbounded">

+				<xs:element name="Mapping">

+					<xs:complexType>

+						<xs:sequence>

+							<xs:element name="Identity">

+								<xs:complexType>

+									<xs:choice>

+										<xs:element name="NamedIdentity" type="tns:NamedIdentityType"/>

+										<xs:element name="bPKIdentity" type="tns:bPKIdentitiyType"/>

+									</xs:choice>

+								</xs:complexType>

+							</xs:element>

+							<xs:element name="Parameters" type="tns:ParametersType"/>

+						</xs:sequence>

+					</xs:complexType>

+				</xs:element>

+			</xs:sequence>

+		</xs:complexType>

+	</xs:element>

+	<xs:complexType name="bPKIdentitiyType">

+		<xs:simpleContent>

+			<xs:extension base="xs:boolean">

+				<xs:attribute name="bPK" type="xs:string" use="required"/>

+			</xs:extension>

+		</xs:simpleContent>

+	</xs:complexType>

+	<xs:complexType name="NamedIdentityType">

+		<xs:simpleContent>

+			<xs:extension base="xs:boolean">

+				<xs:attribute name="SurName" type="xs:string" use="required"/>

+				<xs:attribute name="GivenName" type="xs:string" use="required"/>

+				<xs:attribute name="BirthDate" type="xs:string" use="optional"/>

+			</xs:extension>

+		</xs:simpleContent>

+	</xs:complexType>

+	<xs:complexType name="ParametersType">

+		<xs:attribute name="UN" type="xs:string" use="optional"/>

+		<xs:attribute name="PW" type="xs:string" use="optional"/>

+		<xs:attribute name="Param1" type="xs:string" use="optional"/>

+		<xs:attribute name="Param2" type="xs:string" use="optional"/>

+		<xs:attribute name="Param3" type="xs:string" use="optional"/>

+	</xs:complexType>

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/PersonData.xsd b/moaSig/common/src/main/resources/resources/schemas/PersonData.xsd
new file mode 100644
index 0000000..0e3bc6b
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/PersonData.xsd
@@ -0,0 +1,426 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- edited with XML Spy v4.1 U (http://www.xmlspy.com) by Peter Reichstädter (CIO) -->
+<!--Generisches Schema zum Speichern und Austauschen von Personendaten
+    (c) 2001-2002 Chief Information Office Austria, Stabsstelle IKT-Strategie des Bundes, BMÖLS
+    Kontakt: Peter Reichstädter (peter.reichstaedter@cio.gv.at), Arno Hollosi (arno.hollosi@cio.gv.at)
+    Die freie Verwendung dieses Schemas in Applikationen (behördenintern, kommerziell, privat) ist erlaubt und erwünscht.
+-->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0.0">
+	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="W3C-XMLDSig.xsd"/>
+	<!-- ### include definitions from hr-xml schemas ###-->
+	<xs:include schemaLocation="PersonName-1_2.xsd"/>
+	<xs:include schemaLocation="PostalAddress-1_2.xsd"/>
+	<xs:include schemaLocation="TelcomNumber-1_0.xsd"/>
+	<!-- ### type definition of Unique Identifier Entities ### -->
+	<xs:complexType name="IdentificationType">
+		<xs:annotation>
+			<xs:documentation>unique identifier</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Value">
+				<xs:annotation>
+					<xs:documentation>actual value of the identifier.</xs:documentation>
+				</xs:annotation>
+				<xs:complexType>
+					<xs:simpleContent>
+						<xs:extension base="xs:string">
+							<xs:attribute name="Id" type="xs:ID" use="optional"/>
+						</xs:extension>
+					</xs:simpleContent>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="Type" type="xs:anyURI">
+				<xs:annotation>
+					<xs:documentation>type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...)</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Authority" type="xs:anyURI" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>authority, which is reponsible for generation of the identifier (eg university in case of 'MatrikelNummer')</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>any additional properties</xs:documentation>
+				</xs:annotation>
+			</xs:any>
+		</xs:sequence>
+		<xs:attribute name="Id" type="xs:ID" use="optional"/>
+		<xs:anyAttribute namespace="##other"/>
+	</xs:complexType>
+	<!-- ### base type for person data ### -->
+	<xs:element name="Person" type="AbstractPersonType">
+		<xs:annotation>
+			<xs:documentation>element of person type</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="AbstractPersonType" abstract="true">
+		<xs:annotation>
+			<xs:documentation>main structure of person data</xs:documentation>
+		</xs:annotation>
+		<xs:sequence minOccurs="0">
+			<xs:element name="Identification" type="IdentificationType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>unique identification entities</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+		<xs:attribute name="Id" type="xs:ID" use="optional"/>
+		<xs:anyAttribute namespace="##other"/>
+	</xs:complexType>
+	<!-- ### physical person and corporate body ### -->
+	<xs:element name="PhysicalPerson" type="PhysicalPersonType">
+		<xs:annotation>
+			<xs:documentation>element of physical person type</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="PhysicalPersonType">
+		<xs:annotation>
+			<xs:documentation>physical person</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="AbstractPersonType">
+				<xs:sequence minOccurs="0">
+					<xs:element name="Name" type="PersonNameType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>data related to the person's name</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="AlternativeName" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>Former name, Artist name, changes of Given name ...</xs:documentation>
+						</xs:annotation>
+						<xs:complexType>
+							<xs:complexContent>
+								<xs:extension base="PersonNameType">
+									<xs:attribute name="Type" type="AlternativeNameTypeType"/>
+								</xs:extension>
+							</xs:complexContent>
+						</xs:complexType>
+					</xs:element>
+					<xs:element name="MaritalStatus" type="MaritalStatusType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>status of a person in the cycle of life</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Sex" type="SexType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>gender</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="DateOfBirth" type="DateOfBirthType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>date of birth</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="PlaceOfBirth" type="xs:token" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>place of birth</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="CountryOfBirth" type="xs:token" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>country of birth</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Nationality" type="xs:token" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>nationality of Person (Staatsbürgerschaft)</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Confession" type="xs:token" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>confession (religion) of Person</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="relatedPerson" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>relatives (parents, ...)</xs:documentation>
+						</xs:annotation>
+						<xs:complexType>
+							<xs:sequence>
+								<xs:element name="TypeOfRelation" type="RelationType" maxOccurs="unbounded">
+									<xs:annotation>
+										<xs:documentation>type of the relationship</xs:documentation>
+									</xs:annotation>
+								</xs:element>
+								<xs:element ref="Person"/>
+							</xs:sequence>
+						</xs:complexType>
+					</xs:element>
+					<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>any additional properties</xs:documentation>
+						</xs:annotation>
+					</xs:any>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:element name="CorporateBody" type="CorporateBodyType">
+		<xs:annotation>
+			<xs:documentation>element of corporate body type</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="CorporateBodyType">
+		<xs:annotation>
+			<xs:documentation>juridical person, organisation</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="AbstractPersonType">
+				<xs:sequence minOccurs="0">
+					<xs:element name="Type" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>category (eg organisation, function, sector, ...)</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="FullName" type="xs:token" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>name of corporate body (whole name)</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="AlternativeName" type="xs:token" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>alternative names of corporate body (abbreviations, short name, synonyms, ...)</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="LegalForm" type="xs:anyURI" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>type of company (eg AG, OHG, ...)</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Organisation" type="xs:token" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>part of an organisation, see also X.500 ou (eg departement, section, branch, ...) </xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>any additional properties</xs:documentation>
+						</xs:annotation>
+					</xs:any>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<!-- ### signed structure of a person  ### -->
+	<xs:element name="PersonData" type="PersonDataType">
+		<xs:annotation>
+			<xs:documentation>element of signed person datastructure type</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="PersonDataType">
+		<xs:annotation>
+			<xs:documentation>signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements).</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="AbstractPersonType">
+				<xs:sequence>
+					<xs:element ref="Person"/>
+					<xs:element ref="Address" minOccurs="0" maxOccurs="unbounded"/>
+					<xs:element ref="dsig:Signature" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>one or more electronic signatures applied on fields above</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="AdditionalData" minOccurs="0">
+						<xs:complexType mixed="true">
+							<xs:sequence minOccurs="0" maxOccurs="unbounded">
+								<xs:any namespace="##any" processContents="lax">
+									<xs:annotation>
+										<xs:documentation>any additional properties</xs:documentation>
+									</xs:annotation>
+								</xs:any>
+							</xs:sequence>
+						</xs:complexType>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<!-- ### auxiliary types ### -->
+	<xs:simpleType name="SexType">
+		<xs:annotation>
+			<xs:documentation>simple type for sex (gender) of person</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:token">
+			<xs:enumeration value="male"/>
+			<xs:enumeration value="female"/>
+			<xs:enumeration value="unknown"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="DateOfBirthType">
+		<xs:annotation>
+			<xs:documentation>simple type for dates (union), which may omit day and/or month</xs:documentation>
+		</xs:annotation>
+		<xs:union memberTypes="xs:date xs:gYearMonth xs:gYear"/>
+	</xs:simpleType>
+	<xs:simpleType name="MaritalStatusType">
+		<xs:annotation>
+			<xs:documentation>simple type for marital status of a person</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:token">
+			<xs:enumeration value="single"/>
+			<xs:enumeration value="married"/>
+			<xs:enumeration value="divorced"/>
+			<xs:enumeration value="widowed"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="xStringPatternExtensionType">
+		<xs:annotation>
+			<xs:documentation>pattern type for enlargement of type definitions</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:pattern value="x:\S.*"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="DefinedRelationType">
+		<xs:annotation>
+			<xs:documentation>known relations (family + functional)</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="family:Parent"/>
+			<xs:enumeration value="family:Child"/>
+			<xs:enumeration value="family:Sibling"/>
+			<xs:enumeration value="family:Grandparent"/>
+			<xs:enumeration value="family:Grandchild"/>
+			<xs:enumeration value="family:Spouse"/>
+			<xs:enumeration value="function:LegalGuardian"/>
+			<xs:enumeration value="function:IsGuardedBy"/>
+			<xs:enumeration value="function:Cohabitant"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="RelationType">
+		<xs:annotation>
+			<xs:documentation>known + any other relation</xs:documentation>
+		</xs:annotation>
+		<xs:union memberTypes="xStringPatternExtensionType DefinedRelationType"/>
+	</xs:simpleType>
+	<xs:simpleType name="DefinedAlternativeNameTypeType">
+		<xs:annotation>
+			<xs:documentation>known types of alternative names</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="ArtistName"/>
+			<xs:enumeration value="NickName"/>
+			<xs:enumeration value="FormerName"/>
+			<xs:enumeration value="Alias"/>
+			<xs:enumeration value="MaidenName"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="AlternativeNameTypeType">
+		<xs:annotation>
+			<xs:documentation>known + any other alternative name types</xs:documentation>
+		</xs:annotation>
+		<xs:union memberTypes="xStringPatternExtensionType DefinedAlternativeNameTypeType"/>
+	</xs:simpleType>
+	<!-- ### adress data for various types of communications ### -->
+	<xs:element name="Address" type="AbstractAddressType">
+		<xs:annotation>
+			<xs:documentation>element of address type</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="AbstractAddressType" abstract="true">
+		<xs:annotation>
+			<xs:documentation>main structure of address data</xs:documentation>
+		</xs:annotation>
+		<xs:sequence minOccurs="0">
+			<xs:element name="Identification" type="IdentificationType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>unique identification entities</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+		<xs:attribute name="Id" type="xs:ID" use="optional"/>
+		<xs:anyAttribute namespace="##other"/>
+	</xs:complexType>
+	<xs:element name="TypedPostalAddress" type="TypedPostalAddressType">
+		<xs:annotation>
+			<xs:documentation>element of postal address type</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="TypedPostalAddressType">
+		<xs:annotation>
+			<xs:documentation>postal address</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="AbstractAddressType">
+				<xs:sequence minOccurs="0">
+					<xs:element name="Type" type="xs:anyURI" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>type of address - category (eg 'Wohnsitz', 'Zentrale', ...)</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element ref="PostalAddress"/>
+					<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>any additional properties</xs:documentation>
+						</xs:annotation>
+					</xs:any>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:element name="TelephoneAddress" type="TelephoneAddressType">
+		<xs:annotation>
+			<xs:documentation>element of telephone address type</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="TelephoneAddressType">
+		<xs:annotation>
+			<xs:documentation>phone numbers</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="AbstractAddressType">
+				<xs:sequence minOccurs="0">
+					<xs:element name="Type" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...)</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Number" type="TelcomNumberType">
+						<xs:annotation>
+							<xs:documentation>phonenumber</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>any additional properties</xs:documentation>
+						</xs:annotation>
+					</xs:any>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:element name="InternetAddress" type="InternetAddressType">
+		<xs:annotation>
+			<xs:documentation>element of internet address type</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="InternetAddressType">
+		<xs:annotation>
+			<xs:documentation>internet based communication</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="AbstractAddressType">
+				<xs:sequence minOccurs="0">
+					<xs:element ref="dsig:KeyInfo" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>certificate for secure communication</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Address" type="xs:anyURI">
+						<xs:annotation>
+							<xs:documentation>email-Address, Web, FTP, LDAP, ...</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>any additional properties</xs:documentation>
+						</xs:annotation>
+					</xs:any>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/PersonData_20_en_moaWID.xsd b/moaSig/common/src/main/resources/resources/schemas/PersonData_20_en_moaWID.xsd
new file mode 100644
index 0000000..cf8f796
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/PersonData_20_en_moaWID.xsd
@@ -0,0 +1,1229 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>

+<!-- edited with XMLSPY v2004 rel. 3 U (http://www.xmlspy.com) by Larissa Naber (Bundeskanzleramt) -->

+<!-- edited with XML Spy v4.1 U (http://www.xmlspy.com) by Peter Reichstädter (CIO) -->

+<!--Generisches Schema zum Speichern und Austauschen von Personendaten

+    (c) 2001-2002 Chief Information Office Austria, Stabsstelle IKT-Strategie des Bundes, BMÖLS

+    Kontakt: Peter Reichstädter (peter.reichstaedter@cio.gv.at), Arno Hollosi (arno.hollosi@cio.gv.at)

+    Die freie Verwendung dieses Schemas in Applikationen (behördenintern, kommerziell, privat) ist erlaubt und erwünscht.

+-->

+<?xml-stylesheet type="text/xsl" href="getelementnames.xslt"?>

+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0.0">

+  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+  <xs:annotation>

+    <xs:documentation>This version of person deploys only global elements. All types derived from abstract types have been replaced by substitution groups</xs:documentation>

+  </xs:annotation>

+  <!-- ### signed structure of a person  ### -->

+  <xs:element name="AbstractPersonData" type="AbstractPersonType">

+    <xs:annotation>

+      <xs:documentation>dummy abstract Peson Data element needed for bi-lingual schema (substitution groups)</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="PersonData" type="PersonDataType" substitutionGroup="AbstractPersonData">

+    <xs:annotation>

+      <xs:documentation>element of signed person datastructure type</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="CompactPersonData">

+    <xs:annotation>

+      <xs:documentation>element of signed person datastructure type</xs:documentation>

+    </xs:annotation>

+    <xs:complexType>

+      <xs:sequence>

+        <xs:choice>

+          <xs:element ref="CompactPhysicalPerson"/>

+          <xs:element ref="CompactCorporateBody"/>

+        </xs:choice>

+        <xs:choice minOccurs="0" maxOccurs="unbounded">

+          <xs:element ref="InternetAddress"/>

+          <xs:element ref="TelephoneAddress"/>

+          <xs:element ref="CompactPostalAddress"/>

+        </xs:choice>

+      </xs:sequence>

+    </xs:complexType>

+  </xs:element>

+  <!-- ### base type for person data ### -->

+  <xs:element name="Person" type="AbstractPersonType">

+    <xs:annotation>

+      <xs:documentation>element of person type, essential abstract, subsitute PhysicalPerson or CorporateBody instead or use with xsi:type="..."</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <!-- ### physical person and corporate body ### -->

+  <xs:element name="PhysicalPerson" type="PhysicalPersonType" substitutionGroup="Person">

+    <xs:annotation>

+      <xs:documentation>element of physical person type, dreived from Person (abstract)</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="CompactPhysicalPerson" type="CompactPhysicalPersonType" substitutionGroup="Person">

+    <xs:annotation>

+      <xs:documentation>element of physical person type, dreived from Person (abstract)</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="CorporateBody" type="CorporateBodyType" substitutionGroup="Person">

+    <xs:annotation>

+      <xs:documentation>element of corporate body type, derived from Person</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="CompactCorporateBody" type="CompactCorporateBodyType" substitutionGroup="Person">

+    <xs:annotation>

+      <xs:documentation>element of corporate body type, derived from Person</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <!--### complex child elements of person, also available as standalone ###-->

+  <xs:element name="Name" type="PersonNameType">

+    <xs:annotation>

+      <xs:documentation>data related to the person's name</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="CompactName" type="CompactPersonNameType">

+    <xs:annotation>

+      <xs:documentation>data related to the person's name</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="AlternativeName">

+    <xs:annotation>

+      <xs:documentation>Former name, Artist name, changes of Given name ..., compare AlternativName</xs:documentation>

+    </xs:annotation>

+    <xs:complexType>

+      <xs:complexContent>

+        <xs:extension base="PersonNameType">

+          <xs:attribute name="Type" type="AlternativeNameTypeType"/>

+        </xs:extension>

+      </xs:complexContent>

+    </xs:complexType>

+  </xs:element>

+  <xs:element name="relatedPerson">

+    <xs:annotation>

+      <xs:documentation>relatives (parents, ...), compare Verwandter</xs:documentation>

+    </xs:annotation>

+    <xs:complexType>

+      <xs:sequence>

+        <xs:element name="TypeOfRelation" type="RelationType" minOccurs="0" maxOccurs="unbounded">

+          <xs:annotation>

+            <xs:documentation>type of the relationship, compare Verwandschftsgrad</xs:documentation>

+          </xs:annotation>

+        </xs:element>

+        <xs:element ref="PhysicalPerson"/>

+      </xs:sequence>

+    </xs:complexType>

+  </xs:element>

+  <!-- ### adress data for various types of communications ### -->

+  <xs:element name="Address" type="AbstractAddressType">

+    <xs:annotation>

+      <xs:documentation>element of address type, essentially abstract. Use InternetAddress, TelephoneAddress, PostalAddress, TypedPostalAddress instead, or use Address with xsi:type Attribute</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="PostalAddress" type="PostalAddressType" substitutionGroup="Address">

+    <xs:annotation>

+      <xs:documentation>Postal or ZMR Address, compare PostAdresse</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="CompactPostalAddress" type="CompactPostalAddressType" substitutionGroup="Address">

+    <xs:annotation>

+      <xs:documentation>Postal or ZMR Address, compare PostAdresse</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="TypedPostalAddress" type="TypedPostalAddressType" substitutionGroup="Address">

+    <xs:annotation>

+      <xs:documentation>Typed Postal or ZMR Address, compare TypisiertePostAdresse</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="InternetAddress" type="InternetAddressType" substitutionGroup="Address">

+    <xs:annotation>

+      <xs:documentation>InternetAdress such as e-mail or website, compare InternetAdresse</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="TelephoneAddress" type="TelephoneAddressType" substitutionGroup="Address">

+    <xs:annotation>

+      <xs:documentation>Typed TelephoneAddress, compare TelefonAdresse</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="BankConnection" type="BankConnectionType">

+    <xs:annotation>

+      <xs:documentation>National or international bank connection, compare Bankverbindung</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <!-- ###  Identification elements ###-->

+  <xs:element name="AbstractSimpleIdentification" type="AbstractSimpleIdentificationType">

+    <xs:annotation>

+      <xs:documentation>possibility to include common austrian primary keys in human readable way, english translation not available</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="ZMRzahl" substitutionGroup="AbstractSimpleIdentification">

+	  <xs:complexType>

+	      <xs:simpleContent>

+	        <xs:extension base="AbstractSimpleIdentificationType">

+	          <xs:attribute name="Identifier" type="xs:string" fixed="ZMR"/>

+	        </xs:extension>

+	      </xs:simpleContent>

+	    </xs:complexType>

+  </xs:element>

+  <xs:element name="Stammzahl" type="AbstractSimpleIdentificationType" substitutionGroup="AbstractSimpleIdentification"/>

+  <xs:element name="Firmenbuchnummer" substitutionGroup="AbstractSimpleIdentification">

+	  <xs:complexType>

+	      <xs:simpleContent>

+	        <xs:extension base="AbstractSimpleIdentificationType">

+	          <xs:attribute name="Identifier" type="xs:string" fixed="FN"/>

+	        </xs:extension>

+	      </xs:simpleContent>

+	    </xs:complexType>

+  </xs:element>

+  <xs:element name="ERJPZahl" substitutionGroup="AbstractSimpleIdentification">

+    <xs:annotation>

+      <xs:documentation>Ergänzungsregister für nicht-natürliche Personen (CorporateBody)</xs:documentation>

+    </xs:annotation>

+    <xs:complexType>

+      <xs:simpleContent>

+        <xs:extension base="AbstractSimpleIdentificationType">

+          <xs:attribute name="Identifier" type="xs:string" fixed="ERJ"/>

+        </xs:extension>

+      </xs:simpleContent>

+    </xs:complexType>

+  </xs:element>

+  <xs:element name="Vereinsnummer" substitutionGroup="AbstractSimpleIdentification">

+	  <xs:complexType>

+	      <xs:simpleContent>

+	        <xs:extension base="AbstractSimpleIdentificationType">

+	          <xs:attribute name="Identifier" type="xs:string" fixed="VR"/>

+	        </xs:extension>

+	      </xs:simpleContent>

+	    </xs:complexType>

+  </xs:element>	   

+  <xs:element name="Sozialversicherungsnummer" type="AbstractSimpleIdentificationType" substitutionGroup="AbstractSimpleIdentification"/>

+  <xs:element name="Steuernummer" type="AbstractSimpleIdentificationType" substitutionGroup="AbstractSimpleIdentification"/>

+  <xs:element name="Matrikelnummer" type="AbstractSimpleIdentificationType" substitutionGroup="AbstractSimpleIdentification"/>

+  <!-- ###  additional telecom elements - not used internally - german translation not available ###-->

+  <xs:element name="Telephone" type="TelcomNumberType"/>

+  <xs:element name="Mobile" type="MobileTelcomNumberType"/>

+  <xs:element name="Fax" type="TelcomNumberType"/>

+  <xs:element name="Pager" type="TelcomNumberType"/>

+  <xs:element name="TTYTDD" type="TelcomNumberType">

+    <xs:annotation>

+      <xs:documentation>teletyper or telephone for the hearing impaired</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <!--### elements of simple type ####-->

+  <xs:element name="MaritalStatus" type="MaritalStatusType">

+    <xs:annotation>

+      <xs:documentation>status of a person in the cycle of life, compare Familienstand</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="Sex" type="SexType">

+    <xs:annotation>

+      <xs:documentation>gender, comapre Geschlecht</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="DateOfBirth" type="DateOfBirthType">

+    <xs:annotation>

+      <xs:documentation>date of birth, compare Geburtsdatum</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="DateOfDeath" type="DateOfDeathType">

+    <xs:annotation>

+      <xs:documentation>date of death, compare Sterbedatum</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="PlaceOfBirth" type="xs:token">

+    <xs:annotation>

+      <xs:documentation>place of birth, compare Geburtsort</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="CountryOfBirth" type="xs:token">

+    <xs:annotation>

+      <xs:documentation>country of birth, compare Geburtsland</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="StateOfBirth" type="xs:token">

+    <xs:annotation>

+      <xs:documentation>state of birth, comapre Geburtsbundesland</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="Nationality" type="NationalityType">

+    <xs:annotation>

+      <xs:documentation>nationality of Person, compare Staatsangehoerigkeit. attention! New Fomrat is complex, string value accepted for compatibility only</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="Confession" type="xs:token">

+    <xs:annotation>

+      <xs:documentation>confession (religion) of Person - xs:token? gibt es wirklich keine Staaten mit Leerzeichen im Namen?</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="Occupation" type="xs:string">

+    <xs:annotation>

+      <xs:documentation>occupation, compare Beruf</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <!--### complex telephone types ###-->

+  <xs:element name="InternationalCountryCode" type="xs:string">

+    <xs:annotation>

+      <xs:documentation>compare InternationalerLaendercode</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="NationalNumber" type="xs:string">

+    <xs:annotation>

+      <xs:documentation>compare NationalNummer</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="AreaCityCode" type="xs:string">

+    <xs:annotation>

+      <xs:documentation>compare Vorwahl</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="SubscriberNumber" type="xs:string">

+    <xs:annotation>

+      <xs:documentation>compare Anschlussnummer</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="FormattedNumber" type="xs:string">

+    <xs:annotation>

+      <xs:documentation>Complete number, ready formated - e.g. +43 1 5131345 4664  compare FormatierteNummer</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="Extension" type="xs:string">

+    <xs:annotation>

+      <xs:documentation>compare Klappe</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <xs:element name="Identification" type ="IdentificationType">

+    <xs:annotation>

+      <xs:documentation>unique identifier</xs:documentation>

+    </xs:annotation>

+  </xs:element>

+  <!--### complex types ###-->

+  <xs:complexType name="PersonDataType">

+    <xs:annotation>

+      <xs:documentation>signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements).</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractPersonType">

+        <xs:sequence>

+          <xs:element ref="Person"/>

+          <xs:element ref="Address" minOccurs="0" maxOccurs="unbounded"/>

+          <xs:element ref="dsig:Signature" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>one or more electronic signatures applied on fields above</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="AdditionalData" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>container for your Information needs. Contained Elements must reside in a different Namespace</xs:documentation>

+            </xs:annotation>

+            <xs:complexType mixed="true">

+              <xs:sequence minOccurs="0" maxOccurs="unbounded">

+                <xs:any namespace="##any" processContents="lax">

+                  <xs:annotation>

+                    <xs:documentation>any additional properties</xs:documentation>

+                  </xs:annotation>

+                </xs:any>

+              </xs:sequence>

+            </xs:complexType>

+          </xs:element>

+        </xs:sequence>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="CompactPersonDataType">

+    <xs:annotation>

+      <xs:documentation>signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements).</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractPersonType">

+        <xs:sequence>

+          <xs:element ref="Person"/>

+          <xs:element ref="Address" minOccurs="0" maxOccurs="unbounded"/>

+          <xs:element ref="dsig:Signature" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>one or more electronic signatures applied on fields above</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="AdditionalData" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>container for your Information needs. Contained Elements must reside in a different Namespace</xs:documentation>

+            </xs:annotation>

+            <xs:complexType mixed="true">

+              <xs:sequence minOccurs="0" maxOccurs="unbounded">

+                <xs:any namespace="##any" processContents="lax">

+                  <xs:annotation>

+                    <xs:documentation>any additional properties</xs:documentation>

+                  </xs:annotation>

+                </xs:any>

+              </xs:sequence>

+            </xs:complexType>

+          </xs:element>

+        </xs:sequence>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="AbstractSimpleIdentificationType">

+    <xs:simpleContent>

+      <xs:extension base="xs:string"/>

+    </xs:simpleContent>

+  </xs:complexType>

+  <xs:complexType name="IdentificationType">

+    <xs:annotation>

+      <xs:documentation>unique identifier</xs:documentation>

+    </xs:annotation>

+    <xs:sequence>

+      <xs:element name="Value">

+        <xs:annotation>

+          <xs:documentation>actual value of the identifier.</xs:documentation>

+        </xs:annotation>

+        <xs:complexType>

+          <xs:simpleContent>

+            <xs:extension base="xs:string">

+              <xs:attribute name="Id" type="xs:ID" use="optional"/>

+            </xs:extension>

+          </xs:simpleContent>

+        </xs:complexType>

+      </xs:element>

+      <xs:element name="Type" type="xs:anyURI">

+        <xs:annotation>

+          <xs:documentation>type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...)</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+      <xs:element name="Authority" type="xs:anyURI" minOccurs="0">

+        <xs:annotation>

+          <xs:documentation>authority, which is reponsible for generation of the identifier (eg university in case of 'MatrikelNummer')</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>any additional properties</xs:documentation>

+        </xs:annotation>

+      </xs:any>

+    </xs:sequence>

+    <xs:attribute name="Id" type="xs:ID" use="optional"/>

+    <xs:anyAttribute namespace="##other"/>

+  </xs:complexType>  

+  <xs:complexType name="AbstractPersonType">

+    <xs:annotation>

+      <xs:documentation>main structure of person data</xs:documentation>

+    </xs:annotation>

+    <xs:choice minOccurs="0">

+      <xs:element ref="Identification" minOccurs="0" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>unique identification entities</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+      <xs:element ref="AbstractSimpleIdentification" minOccurs="0" maxOccurs="unbounded"/>

+    </xs:choice>

+    <xs:attribute name="Id" type="xs:ID" use="optional"/>

+    <xs:anyAttribute namespace="##other"/>

+  </xs:complexType>

+  <xs:complexType name="PhysicalPersonType">

+    <xs:annotation>

+      <xs:documentation>physical person, compare NatuerlichePersonTyp</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractPersonType">

+        <xs:sequence minOccurs="0">

+          <xs:element ref="Name" minOccurs="0"/>

+          <xs:element ref="AlternativeName" minOccurs="0" maxOccurs="unbounded"/>

+          <xs:element ref="MaritalStatus" minOccurs="0"/>

+          <xs:element ref="Sex" minOccurs="0"/>

+          <xs:element ref="DateOfBirth" minOccurs="0"/>

+          <xs:element ref="PlaceOfBirth" minOccurs="0"/>

+          <xs:element ref="StateOfBirth" minOccurs="0"/>

+          <xs:element ref="CountryOfBirth" minOccurs="0"/>

+          <xs:element ref="DateOfDeath" minOccurs="0"/>

+          <xs:element ref="Nationality" minOccurs="0" maxOccurs="unbounded"/>

+          <xs:element ref="Confession" minOccurs="0"/>

+          <xs:element ref="Occupation" minOccurs="0"/>

+          <xs:element ref="relatedPerson" minOccurs="0" maxOccurs="unbounded"/>

+          <xs:element ref="BankConnection" minOccurs="0" maxOccurs="unbounded"/>

+          <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>any additional properties</xs:documentation>

+            </xs:annotation>

+          </xs:any>

+        </xs:sequence>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="CompactPhysicalPersonType">

+    <xs:annotation>

+      <xs:documentation>physical person, compare NatuerlichePersonTyp</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractPersonType">

+        <xs:sequence minOccurs="0">

+          <xs:element ref="CompactName"/>

+          <xs:element ref="MaritalStatus" minOccurs="0"/>

+          <xs:element ref="Sex" minOccurs="0"/>

+          <xs:element ref="DateOfBirth" minOccurs="0"/>

+          <xs:element ref="PlaceOfBirth" minOccurs="0"/>

+          <xs:element ref="Nationality" minOccurs="0" maxOccurs="unbounded"/>

+          <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>any additional properties</xs:documentation>

+            </xs:annotation>

+          </xs:any>

+        </xs:sequence>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="CorporateBodyType">

+    <xs:annotation>

+      <xs:documentation>juridical person, organisation, compare NichtNatuerlichePersonTyp</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractPersonType">

+        <xs:sequence minOccurs="0">

+          <xs:element name="Type" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>URI pointing to a predefined Class of CorporateBodies, compare Typ</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="FullName" type="xs:token" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>name of corporate body (whole name), compare VollerName</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="AlternativeName" type="xs:token" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>alternative names of corporate body (abbreviations, short name, synonyms, ...), comapre AlternativName</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="LegalForm" type="xs:anyURI" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>type of company (eg AG, OHG, ...), URI pointing to predefined LegalForm, compare Rechtsform</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="Organization" type="xs:token" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>part of an organisation, see also X.500 ou (eg departement, section, branch, ...) , compare Organisation</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element ref="BankConnection" minOccurs="0" maxOccurs="unbounded"/>

+          <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>any additional properties</xs:documentation>

+            </xs:annotation>

+          </xs:any>

+        </xs:sequence>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="CompactCorporateBodyType">

+    <xs:annotation>

+      <xs:documentation>juridical person, organisation, compare NichtNatuerlichePersonTyp</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractPersonType">

+        <xs:sequence minOccurs="0">

+          <xs:element name="Type" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>URI pointing to a predefined Class of CorporateBodies, compare Typ</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="FullName" type="xs:token">

+            <xs:annotation>

+              <xs:documentation>name of corporate body (whole name), compare VollerName</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="LegalForm" type="xs:anyURI" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>type of company (eg AG, OHG, ...), URI pointing to predefined LegalForm, compare Rechtsform</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="Organization" type="xs:token" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>part of an organisation, see also X.500 ou (eg departement, section, branch, ...) , compare Organisation</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>any additional properties</xs:documentation>

+            </xs:annotation>

+          </xs:any>

+        </xs:sequence>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="PersonNameType">

+    <xs:annotation>

+      <xs:documentation>container for parts of a name, comapre PersonenNameTyp</xs:documentation>

+    </xs:annotation>

+    <xs:sequence>

+      <xs:element name="FormattedName" minOccurs="0" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>Complete Name (including Affixes) of the Person, especially useful for names from different cultural environments</xs:documentation>

+        </xs:annotation>

+        <xs:complexType>

+          <xs:simpleContent>

+            <xs:extension base="xs:string">

+              <xs:attribute name="type" default="presentation">

+                <xs:simpleType>

+                  <xs:restriction base="xs:string">

+                    <xs:enumeration value="presentation"/>

+                    <xs:enumeration value="legal"/>

+                    <xs:enumeration value="sortOrder"/>

+                  </xs:restriction>

+                </xs:simpleType>

+              </xs:attribute>

+            </xs:extension>

+          </xs:simpleContent>

+        </xs:complexType>

+      </xs:element>

+      <xs:element name="LegalName" type="xs:string" minOccurs="0"/>

+      <xs:element name="GivenName" type="xs:string" minOccurs="0" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>Every given name should be  contained inside a GivenName Tag. If that is not possible due to dabase contraints, ... putting several given names inside one GivenName Element is acceptable</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+      <xs:element name="PreferredGivenName" type="xs:string" minOccurs="0">

+        <xs:annotation>

+          <xs:documentation>A Person in possesion of more than one GivenName frequently preferrs the use of a Name other than the first GivenName</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+      <xs:element name="MiddleName" type="xs:string" minOccurs="0">

+        <xs:annotation>

+          <xs:documentation>MiddleNames are not commonly found in central Europe. The field is mainly for compatibility reasons</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+      <xs:element name="FamilyName" minOccurs="0" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>Every family name should be  contained inside a FamilyName Tag. If that is not possible due to dabase contraints, ... putting several family names inside one FamilyName Element is acceptable</xs:documentation>

+        </xs:annotation>

+        <xs:complexType>

+          <xs:simpleContent>

+            <xs:extension base="xs:string">

+              <xs:attribute name="primary" default="undefined">

+                <xs:simpleType>

+                  <xs:restriction base="xs:string">

+                    <xs:enumeration value="true"/>

+                    <xs:enumeration value="false"/>

+                    <xs:enumeration value="undefined"/>

+                  </xs:restriction>

+                </xs:simpleType>

+              </xs:attribute>

+              <xs:attribute name="prefix" type="xs:string"/>

+            </xs:extension>

+          </xs:simpleContent>

+        </xs:complexType>

+      </xs:element>

+      <xs:element name="Affix" minOccurs="0" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>Inlcudes all Information that is not exactly a name: academic or aristocratic titles, ... the new position attribute can contain a suffx or prefix value</xs:documentation>

+        </xs:annotation>

+        <xs:complexType>

+          <xs:simpleContent>

+            <xs:extension base="xs:string">

+              <xs:attribute name="type" use="optional">

+                <xs:simpleType>

+                  <xs:restriction base="xs:string">

+                    <xs:enumeration value="academicGrade"/>

+                    <xs:enumeration value="aristocraticPrefix"/>

+                    <xs:enumeration value="aristocraticTitle"/>

+                    <xs:enumeration value="familyNamePrefix"/>

+                    <xs:enumeration value="familyNameSuffix"/>

+                    <xs:enumeration value="formOfAddress"/>

+                    <xs:enumeration value="generation"/>

+                    <xs:enumeration value="qualification"/>

+                  </xs:restriction>

+                </xs:simpleType>

+              </xs:attribute>

+              <xs:attribute name="position" use="optional">

+                <xs:simpleType>

+                  <xs:restriction base="xs:string">

+                    <xs:enumeration value="prefix"/>

+                    <xs:enumeration value="suffix"/>

+                  </xs:restriction>

+                </xs:simpleType>

+              </xs:attribute>

+            </xs:extension>

+          </xs:simpleContent>

+        </xs:complexType>

+      </xs:element>

+    </xs:sequence>

+  </xs:complexType>

+  <xs:complexType name="CompactPersonNameType">

+    <xs:annotation>

+      <xs:documentation>container for parts of a name, comapre PersonenNameTyp</xs:documentation>

+    </xs:annotation>

+    <xs:sequence>

+      <xs:element name="GivenName" type="xs:string" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>Every given name should be  contained inside a GivenName Tag. If that is not possible due to dabase contraints, ... putting several given names inside one GivenName Element is acceptable</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+      <xs:element name="FamilyName" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>Every family name should be  contained inside a FamilyName Tag. If that is not possible due to dabase contraints, ... putting several family names inside one FamilyName Element is acceptable</xs:documentation>

+        </xs:annotation>

+        <xs:complexType>

+          <xs:simpleContent>

+            <xs:extension base="xs:string">

+              <xs:attribute name="primary" default="undefined">

+                <xs:simpleType>

+                  <xs:restriction base="xs:string">

+                    <xs:enumeration value="true"/>

+                    <xs:enumeration value="false"/>

+                    <xs:enumeration value="undefined"/>

+                  </xs:restriction>

+                </xs:simpleType>

+              </xs:attribute>

+              <xs:attribute name="prefix" type="xs:string"/>

+            </xs:extension>

+          </xs:simpleContent>

+        </xs:complexType>

+      </xs:element>

+      <xs:element name="Affix" minOccurs="0" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>Inlcudes all Information that is not exactly a name: academic or aristocratic titles, ... the new position attribute can contain a suffx or prefix value</xs:documentation>

+        </xs:annotation>

+        <xs:complexType>

+          <xs:simpleContent>

+            <xs:extension base="xs:string">

+              <xs:attribute name="type" use="optional">

+                <xs:simpleType>

+                  <xs:restriction base="xs:string">

+                    <xs:enumeration value="academicGrade"/>

+                    <xs:enumeration value="aristocraticPrefix"/>

+                    <xs:enumeration value="aristocraticTitle"/>

+                    <xs:enumeration value="familyNamePrefix"/>

+                    <xs:enumeration value="familyNameSuffix"/>

+                    <xs:enumeration value="formOfAddress"/>

+                    <xs:enumeration value="generation"/>

+                    <xs:enumeration value="qualification"/>

+                  </xs:restriction>

+                </xs:simpleType>

+              </xs:attribute>

+              <xs:attribute name="position" use="optional">

+                <xs:simpleType>

+                  <xs:restriction base="xs:string">

+                    <xs:enumeration value="prefix"/>

+                    <xs:enumeration value="suffix"/>

+                  </xs:restriction>

+                </xs:simpleType>

+              </xs:attribute>

+            </xs:extension>

+          </xs:simpleContent>

+        </xs:complexType>

+      </xs:element>

+    </xs:sequence>

+  </xs:complexType>

+  <xs:complexType name="NationalityType" mixed="true">

+    <xs:annotation>

+      <xs:documentation>comapre, StaatsangehoerigkeitTyp</xs:documentation>

+    </xs:annotation>

+    <xs:sequence>

+      <xs:element name="ISOCode3" minOccurs="0">

+        <xs:simpleType>

+          <xs:restriction base="xs:string">

+            <xs:length value="3"/>

+          </xs:restriction>

+        </xs:simpleType>

+      </xs:element>

+      <xs:element name="CountryNameDE" type="xs:string" minOccurs="0"/>

+      <xs:element name="CountryNameEN" type="xs:string" minOccurs="0"/>

+      <xs:element name="CountryNameFR" type="xs:string" minOccurs="0"/>

+      <xs:any namespace="##other" processContents="lax"/>

+    </xs:sequence>

+  </xs:complexType>

+  <xs:complexType name="BankConnectionType">

+    <xs:annotation>

+      <xs:documentation>compare BankverbindungTyp</xs:documentation>

+    </xs:annotation>

+    <xs:sequence>

+      <xs:element name="Holder" type="xs:string">

+        <xs:annotation>

+          <xs:documentation>Account holder, compare Inhaber</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+      <xs:element name="BankName" type="xs:string">

+        <xs:annotation>

+          <xs:documentation>compare BankName</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+      <xs:choice>

+        <xs:element name="NationalBankConnection">

+          <xs:annotation>

+            <xs:documentation>compare NationaleBankverbindung</xs:documentation>

+          </xs:annotation>

+          <xs:complexType>

+            <xs:sequence>

+              <xs:element name="AccountNumber" type="xs:integer">

+                <xs:annotation>

+                  <xs:documentation>compare Kontonummer</xs:documentation>

+                </xs:annotation>

+              </xs:element>

+              <xs:element name="BankCode" type="xs:integer">

+                <xs:annotation>

+                  <xs:documentation>compare BLZ</xs:documentation>

+                </xs:annotation>

+              </xs:element>

+            </xs:sequence>

+          </xs:complexType>

+        </xs:element>

+        <xs:element name="InternationalBankConnection">

+          <xs:annotation>

+            <xs:documentation>compare InternationaleBankverbindung</xs:documentation>

+          </xs:annotation>

+          <xs:complexType>

+            <xs:sequence>

+              <xs:element name="IBAN" type="xs:string">

+                <xs:annotation>

+                  <xs:documentation>compare IBAN</xs:documentation>

+                </xs:annotation>

+              </xs:element>

+              <xs:element name="BIC" type="xs:string">

+                <xs:annotation>

+                  <xs:documentation>comapre BIC</xs:documentation>

+                </xs:annotation>

+              </xs:element>

+            </xs:sequence>

+          </xs:complexType>

+        </xs:element>

+      </xs:choice>

+    </xs:sequence>

+  </xs:complexType>

+  <xs:complexType name="AbstractAddressType">

+    <xs:annotation>

+      <xs:documentation>main structure of address data</xs:documentation>

+    </xs:annotation>

+    <xs:sequence minOccurs="0">

+      <xs:element ref="Identification" minOccurs="0" maxOccurs="unbounded">

+        <xs:annotation>

+          <xs:documentation>unique identification entities</xs:documentation>

+        </xs:annotation>

+      </xs:element>

+    </xs:sequence>

+    <xs:attribute name="Id" type="xs:ID" use="optional"/>

+    <xs:anyAttribute namespace="##other"/>

+  </xs:complexType>

+  <xs:complexType name="TypedPostalAddressType">

+    <xs:annotation>

+      <xs:documentation>postal address with type information, compare TypisiertePostAdresseTyp</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractAddressType">

+        <xs:sequence minOccurs="0">

+          <xs:element name="Type" type="xs:anyURI" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>type of address - category (eg 'Wohnsitz', 'Zentrale', ...)</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element ref="PostalAddress"/>

+          <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>any additional properties</xs:documentation>

+            </xs:annotation>

+          </xs:any>

+        </xs:sequence>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="PostalAddressType">

+    <xs:annotation>

+      <xs:documentation>compare PostAdresseTyp</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractAddressType">

+        <xs:sequence>

+          <xs:element name="CountryCode" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>Code for the country, use ISO or internatinal Postalstandard, compare Staatscode</xs:documentation>

+            </xs:annotation>

+            <xs:simpleType>

+              <xs:restriction base="xs:string">

+                <xs:pattern value="[A-Z]{2}"/>

+              </xs:restriction>

+            </xs:simpleType>

+          </xs:element>

+          <xs:element name="CountryName" type="xs:string" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>Name of the country, use ISO Name, or international Postal Standard, compare Staatsname</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="PostalCode" type="xs:string" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>ZIP, compare Postleitzahl</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="Region" type="xs:string" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>compare Region</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="State" type="xs:string" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>compare Bundesland</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="Municipality" type="xs:string" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>compare Gemeinde</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="MunicipalityNumber" type="xs:string" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>compare Gemeindekennzahl</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="Hamlet" type="xs:string" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>ZMR use, compare Ortschaft</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="HamletBilingual" type="xs:string" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>ZMR use, comapre OrtschaftZweisprachig</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="DeliveryAddress" minOccurs="0">

+            <xs:complexType>

+              <xs:sequence>

+                <xs:element name="AddressLine" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>

+                <xs:element name="StreetName" type="xs:string" minOccurs="0"/>

+                <xs:element name="BuildingNumber" type="xs:string" minOccurs="0"/>

+                <xs:element name="Unit" type="xs:string" minOccurs="0"/>

+                <xs:element name="DoorNumber" type="xs:string" minOccurs="0"/>

+                <xs:element name="PostOfficeBox" type="xs:string" minOccurs="0"/>

+                <xs:element name="LivingQuality" type="xs:string" minOccurs="0">

+                  <xs:annotation>

+                    <xs:documentation>zmr use only</xs:documentation>

+                  </xs:annotation>

+                </xs:element>

+                <xs:element name="DropOffPoint" type="xs:boolean" minOccurs="0">

+                  <xs:annotation>

+                    <xs:documentation>zmr use only</xs:documentation>

+                  </xs:annotation>

+                </xs:element>

+                <xs:element name="AreaNumber" type="xs:string" minOccurs="0"/>

+                <xs:element name="AddressRegisterEntry" minOccurs="0">

+                  <xs:annotation>

+                    <xs:documentation>Addressregister database keys used to identify Addresses</xs:documentation>

+                  </xs:annotation>

+                  <xs:complexType>

+                    <xs:sequence>

+                      <xs:element name="AddressCode" type="string7"/>

+                      <xs:element name="SubCode" type="string3" minOccurs="0"/>

+                      <xs:element name="ObjectNumber" type="string7" minOccurs="0"/>

+                    </xs:sequence>

+                  </xs:complexType>

+                </xs:element>

+              </xs:sequence>

+            </xs:complexType>

+          </xs:element>

+          <xs:element name="Recipient" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>If Addressis used outside of PersonData a recipient can be specified</xs:documentation>

+            </xs:annotation>

+            <xs:complexType>

+              <xs:sequence>

+                <xs:element name="PersonName" type="PersonNameType" minOccurs="0"/>

+                <xs:element name="AdditionalText" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>

+                <xs:element name="Organization" type="xs:string" minOccurs="0">

+                  <xs:annotation>

+                    <xs:documentation>rather OrganizationUnit e.G Sales Departement</xs:documentation>

+                  </xs:annotation>

+                </xs:element>

+                <xs:element name="OrganizationName" type="xs:string" minOccurs="0">

+                  <xs:annotation>

+                    <xs:documentation>e.g. Smith Ltd</xs:documentation>

+                  </xs:annotation>

+                </xs:element>

+              </xs:sequence>

+            </xs:complexType>

+          </xs:element>

+        </xs:sequence>

+        <xs:attribute name="type" default="undefined">

+          <xs:simpleType>

+            <xs:restriction base="xs:string">

+              <xs:enumeration value="postOfficeBoxAddress"/>

+              <xs:enumeration value="streetAddress"/>

+              <xs:enumeration value="militaryAddress"/>

+              <xs:enumeration value="undefined"/>

+            </xs:restriction>

+          </xs:simpleType>

+        </xs:attribute>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="CompactPostalAddressType">

+    <xs:annotation>

+      <xs:documentation>compare PostAdresseTyp</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractAddressType">

+        <xs:sequence>

+          <xs:element name="CountryCode" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>Code for the country, use ISO or internatinal Postalstandard, compare Staatscode</xs:documentation>

+            </xs:annotation>

+            <xs:simpleType>

+              <xs:restriction base="xs:string">

+                <xs:pattern value="[A-Z]{2}"/>

+              </xs:restriction>

+            </xs:simpleType>

+          </xs:element>

+          <xs:element name="CountryName" type="xs:string" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>Name of the country, use ISO Name, or international Postal Standard, compare Staatsname</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="PostalCode" type="xs:string">

+            <xs:annotation>

+              <xs:documentation>ZIP, compare Postleitzahl</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="Municipality" type="xs:string">

+            <xs:annotation>

+              <xs:documentation>compare Gemeinde</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="DeliveryAddress">

+            <xs:complexType>

+              <xs:sequence>

+                <xs:element name="StreetName" type="xs:string">

+                  <xs:annotation>

+                    <xs:documentation>if streetname not available use name of Ortschaft</xs:documentation>

+                  </xs:annotation>

+                </xs:element>

+                <xs:element name="BuildingNumber" type="xs:string"/>

+                <xs:element name="Unit" type="xs:string" minOccurs="0"/>

+                <xs:element name="DoorNumber" type="xs:string" minOccurs="0"/>

+              </xs:sequence>

+            </xs:complexType>

+          </xs:element>

+        </xs:sequence>

+        <xs:attribute name="type" default="undefined">

+          <xs:simpleType>

+            <xs:restriction base="xs:string">

+              <xs:enumeration value="postOfficeBoxAddress"/>

+              <xs:enumeration value="streetAddress"/>

+              <xs:enumeration value="militaryAddress"/>

+              <xs:enumeration value="undefined"/>

+            </xs:restriction>

+          </xs:simpleType>

+        </xs:attribute>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="InternetAddressType">

+    <xs:annotation>

+      <xs:documentation>e.g. e-mail, webiste, compare InternetAdresseTyp</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractAddressType">

+        <xs:sequence minOccurs="0">

+          <xs:element ref="dsig:KeyInfo" minOccurs="0">

+            <xs:annotation>

+              <xs:documentation>certificate for secure communication</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="Address" type="xs:anyURI">

+            <xs:annotation>

+              <xs:documentation>URI: email-Address, Web, FTP, LDAP, ..., comapre Adress</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>any additional properties</xs:documentation>

+            </xs:annotation>

+          </xs:any>

+        </xs:sequence>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="TelephoneAddressType">

+    <xs:annotation>

+      <xs:documentation>phone numbers, conmpare TelephoneAdresseTyp</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="AbstractAddressType">

+        <xs:sequence minOccurs="0">

+          <xs:element name="Type" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...)</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:element name="Number" type="TelcomNumberType">

+            <xs:annotation>

+              <xs:documentation>phonenumber</xs:documentation>

+            </xs:annotation>

+          </xs:element>

+          <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">

+            <xs:annotation>

+              <xs:documentation>any additional properties</xs:documentation>

+            </xs:annotation>

+          </xs:any>

+        </xs:sequence>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="MobileTelcomNumberType">

+    <xs:annotation>

+      <xs:documentation>like TelephoneAddresseType but with additional smsEnabled attribute</xs:documentation>

+    </xs:annotation>

+    <xs:complexContent>

+      <xs:extension base="TelcomNumberType">

+        <xs:attribute name="smsEnabled" type="xs:boolean" use="optional"/>

+      </xs:extension>

+    </xs:complexContent>

+  </xs:complexType>

+  <xs:complexType name="TelcomNumberType">

+    <xs:annotation>

+      <xs:documentation>formated number or set of telephone number parts</xs:documentation>

+    </xs:annotation>

+    <xs:choice>

+      <xs:element ref="FormattedNumber"/>

+      <xs:group ref="TelcomNumberGroup"/>

+    </xs:choice>

+  </xs:complexType>

+  <xs:group name="TelcomNumberGroup">

+    <xs:annotation>

+      <xs:documentation>set of telephone number parts</xs:documentation>

+    </xs:annotation>

+    <xs:sequence>

+      <xs:element ref="InternationalCountryCode" minOccurs="0"/>

+      <xs:element ref="NationalNumber" minOccurs="0"/>

+      <xs:element ref="AreaCityCode" minOccurs="0"/>

+      <xs:element ref="SubscriberNumber"/>

+      <xs:element ref="Extension" minOccurs="0"/>

+    </xs:sequence>

+  </xs:group>

+  <!-- ### auxiliary types ### -->

+  <xs:simpleType name="SexType">

+    <xs:annotation>

+      <xs:documentation>simple type for sex (gender) of person</xs:documentation>

+    </xs:annotation>

+    <xs:restriction base="xs:token">

+      <xs:enumeration value="male"/>

+      <xs:enumeration value="female"/>

+      <xs:enumeration value="unknown"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="DateOfBirthType">

+    <xs:annotation>

+      <xs:documentation>simple type for dates (union), which may omit day and/or month</xs:documentation>

+    </xs:annotation>

+    <xs:union memberTypes="xs:date xs:gYearMonth xs:gYear"/>

+  </xs:simpleType>

+  <xs:simpleType name="DateOfDeathType">

+    <xs:annotation>

+      <xs:documentation>simple type for dates (union), which may omit day and/or month</xs:documentation>

+    </xs:annotation>

+    <xs:union memberTypes="xs:date xs:gYearMonth xs:gYear"/>

+  </xs:simpleType>

+  <xs:simpleType name="MaritalStatusType">

+    <xs:annotation>

+      <xs:documentation>simple type for marital status of a person</xs:documentation>

+    </xs:annotation>

+    <xs:restriction base="xs:token">

+      <xs:enumeration value="single"/>

+      <xs:enumeration value="married"/>

+      <xs:enumeration value="divorced"/>

+      <xs:enumeration value="widowed"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="xStringPatternExtensionType">

+    <xs:annotation>

+      <xs:documentation>pattern type for enlargement of type definitions. Contents as follows 

+x:sometext or 12345 or _ or  other symbols

+</xs:documentation>

+    </xs:annotation>

+    <xs:restriction base="xs:string">

+      <xs:pattern value="x:\S.*"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="DefinedRelationType">

+    <xs:annotation>

+      <xs:documentation>known relations (family + functional)</xs:documentation>

+    </xs:annotation>

+    <xs:restriction base="xs:string">

+      <xs:enumeration value="family:Parent"/>

+      <xs:enumeration value="family:Child"/>

+      <xs:enumeration value="family:Sibling"/>

+      <xs:enumeration value="family:Grandparent"/>

+      <xs:enumeration value="family:Grandchild"/>

+      <xs:enumeration value="family:Spouse"/>

+      <xs:enumeration value="function:LegalGuardian"/>

+      <xs:enumeration value="function:IsGuardedBy"/>

+      <xs:enumeration value="function:Cohabitant"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="RelationType">

+    <xs:annotation>

+      <xs:documentation>known + any other relation</xs:documentation>

+    </xs:annotation>

+    <xs:union memberTypes="xStringPatternExtensionType DefinedRelationType"/>

+  </xs:simpleType>

+  <xs:simpleType name="DefinedAlternativeNameTypeType">

+    <xs:annotation>

+      <xs:documentation>known types of alternative names</xs:documentation>

+    </xs:annotation>

+    <xs:restriction base="xs:string">

+      <xs:enumeration value="ArtistName"/>

+      <xs:enumeration value="NickName"/>

+      <xs:enumeration value="FormerName"/>

+      <xs:enumeration value="Alias"/>

+      <xs:enumeration value="MaidenName"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="AlternativeNameTypeType">

+    <xs:annotation>

+      <xs:documentation>known + any other alternative name types</xs:documentation>

+    </xs:annotation>

+    <xs:union memberTypes="xStringPatternExtensionType DefinedAlternativeNameTypeType"/>

+  </xs:simpleType>

+  <!-- ### additional data types for ZMR address #### -->

+  <xs:simpleType name="FederalStateType">

+    <xs:annotation>

+      <xs:documentation>zmr use only</xs:documentation>

+    </xs:annotation>

+    <xs:restriction base="xs:string">

+      <xs:enumeration value="Wien"/>

+      <xs:enumeration value="Niederösterreich"/>

+      <xs:enumeration value="Burgenland"/>

+      <xs:enumeration value="Oberösterreich"/>

+      <xs:enumeration value="Steiermark"/>

+      <xs:enumeration value="Salzburg"/>

+      <xs:enumeration value="Kärnten"/>

+      <xs:enumeration value="Tirol"/>

+      <xs:enumeration value="Vorarlberg"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <!-- ### strings of defined maximum lenght for use with ZMR address ###-->

+  <xs:simpleType name="string3">

+    <xs:restriction base="xs:string">

+      <xs:maxLength value="3"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="string4">

+    <xs:restriction base="xs:string">

+      <xs:maxLength value="4"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="string7">

+    <xs:restriction base="xs:string">

+      <xs:maxLength value="7"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="string20">

+    <xs:restriction base="xs:string">

+      <xs:maxLength value="20"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="string30">

+    <xs:restriction base="xs:string">

+      <xs:maxLength value="30"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="string50">

+    <xs:restriction base="xs:string">

+      <xs:maxLength value="50"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="string100">

+    <xs:restriction base="xs:string">

+      <xs:maxLength value="100"/>

+    </xs:restriction>

+  </xs:simpleType>

+  <xs:simpleType name="integer5">

+    <xs:restriction base="xs:integer">

+      <xs:minInclusive value="10000"/>

+      <xs:maxInclusive value="99999"/>

+    </xs:restriction>

+  </xs:simpleType>

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/PersonName-1_2.xsd b/moaSig/common/src/main/resources/resources/schemas/PersonName-1_2.xsd
new file mode 100644
index 0000000..347ed3d
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/PersonName-1_2.xsd
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- CHANGES from original HR-XML schema for use with PersonData.xsd:

+	* elementFormDefault set to "qualified" -->

+<!--

+"Copyright  The HR-XML Consortium. All Rights Reserved. http://www.hr-xml.org"

+Name: PersonName-1_2.xsd, Second Edition

+Status: Recommendation

+Date this version: 2001-12-17

+Date last version: 2001-09-05

+Purpose: Defines the schema for PersonName

+Author(s): Paul Kiel, Kim Bartkus, CPO Workgroup

+

+Note: This Second Edition corrects an inconsistency between the schema in this xsd file and the schema in the pdf documentation.  The documentation is correct.  This schema was changed in syntax only, not functionality.  When adding attributes to elements, "xsd:restriction" was used.  This Second Edition correctly changes it to "xsd:extension".

+

+This HR-XML Consortium Work (including specifications, documents,

+software, and related items) is provided by the copyright holders

+under the following license. By obtaining, using and/or copying

+this work, you (the licensee) agree that you have read, understood,

+and will comply with the following terms and conditions.

+

+Permission to use, copy, modify, or redistribute this Work and

+its documentation, with or without modification, for any purpose

+and without fee or royalty is hereby granted, provided that you

+include the following on ALL copies of the software and

+documentation or portions thereof, including modifications,

+that you make:

+

+1. This notice: "Copyright  The HR-XML Consortium. All Rights

+   Reserved. http://www.hr-xml.org"

+2. Notice of any changes or modifications to the The HR-XML

+   Consortium files.

+

+THIS WORK, INCLUDING SPECIFICATIONS, DOCUMENTS, SOFTWARE, OR OTHER

+RELATED ITEMS, IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO

+REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT

+NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY

+PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE OR DOCUMENTATION

+WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS

+OR OTHER RIGHTS.

+

+COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT,

+SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE

+SOFTWARE OR DOCUMENTATION.

+

+TITLE TO COPYRIGHT IN THIS WORK AND ANY ASSOCIATED DOCUMENTATION

+WILL AT ALL TIMES REMAIN WITH COPYRIGHT HOLDERS.

+-->

+<xsd:schema xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">

+	<xsd:complexType name="PersonNameType">

+		<xsd:sequence>

+			<xsd:element name="FormattedName" minOccurs="0" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:simpleContent>

+						<xsd:extension base="xsd:string">

+							<xsd:attribute name="type" default="presentation">

+								<xsd:simpleType>

+									<xsd:restriction base="xsd:string">

+										<xsd:enumeration value="presentation"/>

+										<xsd:enumeration value="legal"/>

+										<xsd:enumeration value="sortOrder"/>

+									</xsd:restriction>

+								</xsd:simpleType>

+							</xsd:attribute>

+						</xsd:extension>

+					</xsd:simpleContent>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="LegalName" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="GivenName" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="PreferredGivenName" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="MiddleName" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="FamilyName" minOccurs="0" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:simpleContent>

+						<xsd:extension base="xsd:string">

+							<xsd:attribute name="primary" default="undefined">

+								<xsd:simpleType>

+									<xsd:restriction base="xsd:string">

+										<xsd:enumeration value="true"/>

+										<xsd:enumeration value="false"/>

+										<xsd:enumeration value="undefined"/>

+									</xsd:restriction>

+								</xsd:simpleType>

+							</xsd:attribute>

+							<xsd:attribute name="prefix" type="xsd:string"/>

+						</xsd:extension>

+					</xsd:simpleContent>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Affix" minOccurs="0" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:simpleContent>

+						<xsd:extension base="xsd:string">

+							<xsd:attribute name="type" use="required">

+								<xsd:simpleType>

+									<xsd:restriction base="xsd:string">

+										<xsd:enumeration value="academicGrade"/>

+										<xsd:enumeration value="aristocraticPrefix"/>

+										<xsd:enumeration value="aristocraticTitle"/>

+										<xsd:enumeration value="familyNamePrefix"/>

+										<xsd:enumeration value="familyNameSuffix"/>

+										<xsd:enumeration value="formOfAddress"/>

+										<xsd:enumeration value="generation"/>

+										<xsd:enumeration value="qualification"/>

+									</xsd:restriction>

+								</xsd:simpleType>

+							</xsd:attribute>

+						</xsd:extension>

+					</xsd:simpleContent>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:element name="PersonName" type="PersonNameType"/>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/PostalAddress-1_2.xsd b/moaSig/common/src/main/resources/resources/schemas/PostalAddress-1_2.xsd
new file mode 100644
index 0000000..b3d89ab
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/PostalAddress-1_2.xsd
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- CHANGES from original HR-XML schema for use with PersonData.xsd:

+	* elementFormDefault set to "qualified"

+	* CountryCode set to minOccurs="0" -->

+<!--

+"Copyright  The HR-XML Consortium. All Rights Reserved. http://www.hr-xml.org"

+Name: PostalAddress-1_2.xsd

+Status: Recommendation

+Date this version: 2001-08-20

+Date last version: 2001-07-20

+Purpose: Defines the schema for Postal Address

+Author(s): Paul Kiel, Kim Bartkus, CPO Workgroup

+

+This HR-XML Consortium Work (including specifications, documents,

+software, and related items) is provided by the copyright holders

+under the following license. By obtaining, using and/or copying

+this work, you (the licensee) agree that you have read, understood,

+and will comply with the following terms and conditions.

+

+Permission to use, copy, modify, or redistribute this Work and

+its documentation, with or without modification, for any purpose

+and without fee or royalty is hereby granted, provided that you

+include the following on ALL copies of the software and

+documentation or portions thereof, including modifications,

+that you make:

+

+1. This notice: "Copyright  The HR-XML Consortium. All Rights

+   Reserved. http://www.hr-xml.org"

+2. Notice of any changes or modifications to the The HR-XML

+   Consortium files.

+

+THIS WORK, INCLUDING SPECIFICATIONS, DOCUMENTS, SOFTWARE, OR OTHER

+RELATED ITEMS, IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO

+REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT

+NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY

+PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE OR DOCUMENTATION

+WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS

+OR OTHER RIGHTS.

+

+COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT,

+SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE

+SOFTWARE OR DOCUMENTATION.

+

+TITLE TO COPYRIGHT IN THIS WORK AND ANY ASSOCIATED DOCUMENTATION

+WILL AT ALL TIMES REMAIN WITH COPYRIGHT HOLDERS.

+-->

+<xsd:schema xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">

+	<xsd:include schemaLocation="PersonName-1_2.xsd"/>

+	<xsd:complexType name="PostalAddressType">

+		<xsd:sequence>

+			<xsd:element name="CountryCode" minOccurs="0">

+				<xsd:simpleType>

+					<xsd:restriction base="xsd:string">

+						<xsd:pattern value="[A-Z]{2}"/>

+					</xsd:restriction>

+				</xsd:simpleType>

+			</xsd:element>

+			<xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="Region" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="Municipality" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="DeliveryAddress" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="AddressLine" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+						<xsd:element name="StreetName" type="xsd:string" minOccurs="0"/>

+						<xsd:element name="BuildingNumber" type="xsd:string" minOccurs="0"/>

+						<xsd:element name="Unit" type="xsd:string" minOccurs="0"/>

+						<xsd:element name="PostOfficeBox" type="xsd:string" minOccurs="0"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="Recipient" minOccurs="0" maxOccurs="unbounded">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="PersonName" type="PersonNameType" minOccurs="0"/>

+						<xsd:element name="AdditionalText" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>

+						<xsd:element name="Organization" type="xsd:string" minOccurs="0"/>

+						<xsd:element name="OrganizationName" type="xsd:string" minOccurs="0"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+		<xsd:attribute name="type" default="undefined">

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="postOfficeBoxAddress"/>

+					<xsd:enumeration value="streetAddress"/>

+					<xsd:enumeration value="militaryAddress"/>

+					<xsd:enumeration value="undefined"/>

+				</xsd:restriction>

+			</xsd:simpleType>

+		</xsd:attribute>

+	</xsd:complexType>

+	<xsd:element name="PostalAddress" type="PostalAddressType"/>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/TelcomNumber-1_0.xsd b/moaSig/common/src/main/resources/resources/schemas/TelcomNumber-1_0.xsd
new file mode 100644
index 0000000..f89702a
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/TelcomNumber-1_0.xsd
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- CHANGES from original HR-XML schema for use with PersonData.xsd:

+	* elementFormDefault set to "qualified" -->

+<!--

+"Copyright  The HR-XML Consortium. All Rights Reserved. http://www.hr-xml.org"

+Name: TelcomNumber-1_0.xsd

+Status:Recommendation

+Date this version: 2002-01-31

+Date last version: 2001-12-20

+Purpose: Schema for Telecommunications data.

+Author(s): Don Simonson, Robert Half Int'l., CPO Workgroup

+

+This HR-XML Consortium Work (including specifications, documents,

+software, and related items) is provided by the copyright holders

+under the following license. By obtaining, using and/or copying

+this work, you (the licensee) agree that you have read, understood,

+and will comply with the following terms and conditions.

+

+Permission to use, copy, modify, or redistribute this Work and

+its documentation, with or without modification, for any purpose

+and without fee or royalty is hereby granted, provided that you

+include the following on ALL copies of the software and

+documentation or portions thereof, including modifications,

+that you make:

+

+1. This notice: "Copyright  The HR-XML Consortium. All Rights

+   Reserved. http://www.hr-xml.org"

+2. Notice of any changes or modifications to the The HR-XML

+   Consortium files.

+

+THIS WORK, INCLUDING SPECIFICATIONS, DOCUMENTS, SOFTWARE, OR OTHER

+RELATED ITEMS, IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO

+REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT

+NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY

+PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE OR DOCUMENTATION

+WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS

+OR OTHER RIGHTS.

+

+COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT,

+SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE

+SOFTWARE OR DOCUMENTATION.

+

+TITLE TO COPYRIGHT IN THIS WORK AND ANY ASSOCIATED DOCUMENTATION

+WILL AT ALL TIMES REMAIN WITH COPYRIGHT HOLDERS.

+-->

+<xsd:schema xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">

+	<xsd:group name="TelcomNumberGroup">

+		<xsd:sequence>

+			<xsd:element ref="InternationalCountryCode" minOccurs="0"/>

+			<xsd:element ref="NationalNumber" minOccurs="0"/>

+			<xsd:element ref="AreaCityCode" minOccurs="0"/>

+			<xsd:element ref="SubscriberNumber"/>

+			<xsd:element ref="Extension" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:group>

+	<xsd:element name="FormattedNumber" type="xsd:string"/>

+	<xsd:element name="InternationalCountryCode" type="xsd:string"/>

+	<xsd:element name="NationalNumber" type="xsd:string"/>

+	<xsd:element name="AreaCityCode" type="xsd:string"/>

+	<xsd:element name="SubscriberNumber" type="xsd:string"/>

+	<xsd:complexType name="TelcomNumberType">

+		<xsd:choice>

+			<xsd:element ref="FormattedNumber"/>

+			<xsd:group ref="TelcomNumberGroup"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:element name="Extension" type="xsd:string"/>

+	<xsd:element name="Telephone" type="TelcomNumberType"/>

+	<xsd:element name="Mobile" type="MobileTelcomNumberType"/>

+	<xsd:element name="Fax" type="TelcomNumberType"/>

+	<xsd:element name="Pager" type="TelcomNumberType"/>

+	<xsd:element name="TTYTDD" type="TelcomNumberType"/>

+	<xsd:complexType name="MobileTelcomNumberType">

+		<xsd:complexContent>

+			<xsd:extension base="TelcomNumberType">

+				<xsd:attribute name="smsEnabled" type="xsd:boolean" use="optional"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="TelcomNumberListType">

+		<xsd:sequence>

+			<xsd:element ref="Telephone" minOccurs="0"/>

+			<xsd:element ref="Mobile" minOccurs="0"/>

+			<xsd:element ref="Fax" minOccurs="0"/>

+			<xsd:element ref="Pager" minOccurs="0"/>

+			<xsd:element ref="TTYTDD" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.1.1.xsd b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.1.1.xsd
new file mode 100644
index 0000000..7180610
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.1.1.xsd
@@ -0,0 +1,545 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.1.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://uri.etsi.org/01903/v1.1.1#" 

+xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified">

+

+  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+  

+<!-- Start auxiliary types definitions: AnyType, ObjectIdentifierType, 

+EncapsulatedPKIDataType and TimestampType-->

+	

+<!-- Start AnyType -->

+

+	<xsd:element name="Any" type="AnyType"/>

+	<xsd:complexType name="AnyType" mixed="true">

+		<xsd:sequence>

+			<xsd:any namespace="##any"/>

+		</xsd:sequence>

+		<xsd:anyAttribute namespace="##any"/>

+	</xsd:complexType>

+

+<!-- End AnyType -->

+

+<!-- Start ObjectIdentifierType-->

+	

+	<xsd:element name="ObjectIdentifier" type="ObjectIdentifierType"/>

+	<xsd:complexType name="ObjectIdentifierType">

+		<xsd:sequence>

+			<xsd:element name="Identifier" type="IdentifierType"/>

+			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="DocumentationReferences" type="DocumentationReferencesType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="IdentifierType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:anyURI">

+				<xsd:attribute name="Qualifier" type="QualifierType" use="optional"/>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:simpleType name="QualifierType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="OIDAsURI"/>

+			<xsd:enumeration value="OIDAsURN"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:complexType name="DocumentationReferencesType">

+		<xsd:sequence maxOccurs="unbounded">

+			<xsd:element name="DocumentationReference" type="xsd:anyURI"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	

+<!-- End ObjectIdentifierType-->	

+

+<!-- Start EncapsulatedPKIDataType-->

+	

+	<xsd:element name="EncapsulatedPKIData" type="EncapsulatedPKIDataType"/>

+	<xsd:complexType name="EncapsulatedPKIDataType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:base64Binary">

+				<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+

+<!-- End EncapsulatedPKIDataType -->

+

+<!-- Start TimeStampType -->

+

+	<xsd:element name="TimeStamp" type="TimeStampType"/>

+	<xsd:complexType name="TimeStampType">

+		<xsd:sequence>

+			<xsd:element name="HashDataInfo" type="HashDataInfoType" maxOccurs="unbounded"/>

+			<xsd:choice>

+				<xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/>

+				<xsd:element name="XMLTimeStamp" type="AnyType"/>

+			</xsd:choice>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="HashDataInfoType">

+		<xsd:sequence>

+			<xsd:element name="Transforms" type="ds:TransformsType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="uri" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	

+<!-- End TimeStampType -->	

+	

+<!-- End auxiliary types definitions-->	

+	

+<!-- Start container types -->

+

+<!-- Start QualifyingProperties -->

+

+	<xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/>

+

+	<xsd:complexType name="QualifyingPropertiesType">

+		<xsd:sequence>

+			<xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/>

+			<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Target" type="xsd:anyURI" use="required"/>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+

+<!-- End QualifyingProperties -->

+

+<!-- Start SignedProperties-->

+

+	<xsd:element name="SignedProperties" type="SignedPropertiesType"/>

+

+	<xsd:complexType name="SignedPropertiesType">

+		<xsd:sequence>

+			<xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/>

+			<xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+

+<!-- End SignedProperties-->

+

+<!-- Start UnsignedProperties-->

+

+<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" />

+

+  <xsd:complexType name="UnsignedPropertiesType">

+    <xsd:sequence>

+      <xsd:element name="UnsignedSignatureProperties" 

+        type="UnsignedSignaturePropertiesType" minOccurs="0"/>

+        <xsd:element name="UnsignedDataObjectProperties" 

+          type="UnsignedDataObjectPropertiesType" minOccurs="0"/>

+    </xsd:sequence>

+    <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+  </xsd:complexType>

+

+<!-- End UnsignedProperties-->

+

+<!-- Start SignedSignatureProperties-->

+

+<xsd:element name="SignedSignatureProperties" 

+  type="SignedSignaturePropertiesType" />

+

+<xsd:complexType name="SignedSignaturePropertiesType">

+  <xsd:sequence>

+    <xsd:element name="SigningTime" type="xsd:dateTime"/>

+    <xsd:element name="SigningCertificate" type="CertIDListType"/>

+    <xsd:element name="SignaturePolicyIdentifier" 

+     type="SignaturePolicyIdentifierType"/>

+    <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" 

+     minOccurs="0"/>

+    <xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End SignedSignatureProperties-->

+

+

+<!-- Start SignedDataObjectProperties-->

+

+<xsd:element name="SignedDataObjectProperties" 

+  type="SignedDataObjectPropertiesType"/>

+

+<xsd:complexType name="SignedDataObjectPropertiesType">

+  <xsd:sequence>

+    <xsd:element name="DataObjectFormat" type="DataObjectFormatType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+    <xsd:element name="CommitmentTypeIndication" 

+      type="CommitmentTypeIndicationType" minOccurs="0" 

+      maxOccurs="unbounded"/>

+    <xsd:element name="AllDataObjectsTimeStamp" type="TimeStampType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+    <xsd:element name="IndividualDataObjectsTimeStamp" type="TimeStampType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End SignedDataObjectProperties-->

+

+

+<!-- Start UnsignedSignatureProperties-->

+

+<xsd:element name="UnsignedSignatureProperties" 

+  type="UnsignedSignaturePropertiesType"/>

+

+<xsd:complexType name="UnsignedSignaturePropertiesType">

+  <xsd:sequence>

+    <xsd:element name="CounterSignature" type="CounterSignatureType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+    <xsd:element name="SignatureTimeStamp" type="TimeStampType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+    <xsd:element name="CompleteCertificateRefs" 

+      type="CompleteCertificateRefsType" minOccurs="0"/>

+    <xsd:element name="CompleteRevocationRefs" 

+      type="CompleteRevocationRefsType" minOccurs="0"/>

+    <xsd:choice>

+      <xsd:element name="SigAndRefsTimeStamp" type="TimeStampType" 

+        minOccurs="0" maxOccurs="unbounded"/>

+      <xsd:element name="RefsOnlyTimeStamp" type="TimeStampType" 

+        minOccurs="0" maxOccurs="unbounded"/>

+    </xsd:choice>

+    <xsd:element name="CertificateValues" type="CertificateValuesType" 

+      minOccurs="0"/>

+    <xsd:element name="RevocationValues" type="RevocationValuesType" 

+      minOccurs="0"/>

+    <xsd:element name="ArchiveTimeStamp" type="TimeStampType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+  </xsd:sequence>

+  </xsd:complexType>

+

+

+<!-- End UnsignedSignatureProperties-->

+

+

+<!-- Start UnsignedDataObjectProperties-->

+

+<xsd:element name="UnsignedDataObjectProperties" 

+  type="UnsignedDataObjectPropertiesType" />

+

+<xsd:complexType name="UnsignedDataObjectPropertiesType">

+  <xsd:sequence>

+    <xsd:element name="UnsignedDataObjectProperty" type="AnyType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End UnsignedDataObjectProperties-->

+

+<!-- Start QualifyingPropertiesReference-->

+

+<xsd:element name="QualifyingPropertiesReference" 

+  type="QualifyingPropertiesReferenceType"/>

+

+<xsd:complexType name="QualifyingPropertiesReferenceType">

+  <xsd:sequence>

+    <xsd:element name="Transforms" type="ds:TransformsType" minOccurs="0"/>

+  </xsd:sequence>

+  <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>

+  <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<!-- End QualifyingPropertiesReference-->

+

+<!-- End container types -->	

+	

+	

+<!-- Start SigningTime element -->

+	<xsd:element name="SigningTime" type="xsd:dateTime"/>

+	

+<!-- End SigningTime element -->

+

+<!-- Start SigningCertificate -->

+	<xsd:element name="SigningCertificate" type="CertIDListType"/>

+	<xsd:complexType name="CertIDListType">

+		<xsd:sequence>

+			<xsd:element name="Cert" type="CertIDType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CertIDType">

+		<xsd:sequence>

+			<xsd:element name="CertDigest" type="DigestAlgAndValueType"/>

+			<xsd:element name="IssuerSerial" type="ds:X509IssuerSerialType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="DigestAlgAndValueType">

+		<xsd:sequence>

+			<xsd:element name="DigestMethod" type="ds:DigestMethodType"/>

+			<xsd:element name="DigestValue" type="ds:DigestValueType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	

+<!-- End SigningCertificate -->	

+	

+<!-- Start SignaturePolicyIdentifier -->

+	

+	<xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/>

+	<xsd:complexType name="SignaturePolicyIdentifierType">

+		<xsd:choice>

+			<xsd:element name="SignaturePolicyId" type="SignaturePolicyIdType"/>

+			<xsd:element name="SignaturePolicyImplied"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:complexType name="SignaturePolicyIdType">

+		<xsd:sequence>

+			<xsd:element name="SigPolicyId" type="ObjectIdentifierType"/>

+			<xsd:element ref="ds:Transforms" minOccurs="0"/>

+			<xsd:element name="SigPolicyHash" type="DigestAlgAndValueType"/>

+			<xsd:element name="SigPolicyQualifiers" type="SigPolicyQualifiersListType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="SigPolicyQualifiersListType">

+		<xsd:sequence>

+			<xsd:element name="SigPolicyQualifier" type="AnyType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:element name="SPURI" type="xsd:anyURI"/>

+	<xsd:element name="SPUserNotice" type="SPUserNoticeType"/>

+	<xsd:complexType name="SPUserNoticeType">

+		<xsd:sequence>

+			<xsd:element name="NoticeRef" type="NoticeReferenceType" minOccurs="0"/>

+			<xsd:element name="ExplicitText" type="xsd:string" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="NoticeReferenceType">

+		<xsd:sequence>

+			<xsd:element name="Organization" type="xsd:string"/>

+			<xsd:element name="NoticeNumbers" type="IntegerListType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="IntegerListType">

+		<xsd:sequence>

+			<xsd:element name="int" type="xsd:integer" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+

+<!-- End SignaturePolicyIdentifier -->

+

+

+<!-- Start CounterSignature -->

+	<xsd:element name="CounterSignature" type="CounterSignatureType"/>

+	<xsd:complexType name="CounterSignatureType">

+		<xsd:sequence>

+			<xsd:element ref="ds:Signature"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	

+<!-- End CounterSignature -->

+

+<!-- Start DataObjectFormat -->

+

+	<xsd:element name="DataObjectFormat" type="DataObjectFormatType"/>

+	<xsd:complexType name="DataObjectFormatType">

+		<xsd:sequence>

+			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="ObjectIdentifier" type="ObjectIdentifierType" minOccurs="0"/>

+			<xsd:element name="MimeType" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="Encoding" type="xsd:anyURI" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="ObjectReference" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+

+<!-- End DataObjectFormat -->

+

+<!-- Start CommitmentTypeIndication -->

+

+	<xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType"/>

+	<xsd:complexType name="CommitmentTypeIndicationType">

+		<xsd:sequence>

+			<xsd:element name="CommitmentTypeId" type="ObjectIdentifierType"/>

+			<xsd:choice>

+				<xsd:element name="ObjectReference" type="xsd:anyURI" minOccurs="0" maxOccurs="unbounded"/>

+				<xsd:element name="AllSignedDataObjects"/>

+			</xsd:choice>

+			<xsd:element name="CommitmentTypeQualifiers" type="CommitmentTypeQualifiersListType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CommitmentTypeQualifiersListType">

+		<xsd:sequence>

+			<xsd:element name="CommitmentTypeQualifier" type="AnyType" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+

+<!-- End CommitmentTypeIndication -->

+

+<!-- Start SignatureProductionPlace -->

+

+	<xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType"/>

+	<xsd:complexType name="SignatureProductionPlaceType">

+		<xsd:sequence>

+			<xsd:element name="City" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="CountryName" type="xsd:string" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	

+<!-- End SignatureProductionPlace -->

+

+<!-- Start SignerRole -->

+	

+<xsd:element name="SignerRole" type="SignerRoleType"/>

+<xsd:complexType name="SignerRoleType">

+  <xsd:sequence>

+    <xsd:element name="ClaimedRoles" type="ClaimedRolesListType"

+      minOccurs="0"/>

+    <xsd:element name="CertifiedRoles" type="CertifiedRolesListType"

+      minOccurs="0"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="ClaimedRolesListType">

+  <xsd:sequence>

+    <xsd:element name="ClaimedRole" type="AnyType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="CertifiedRolesListType">

+  <xsd:sequence>

+    <xsd:element name="CertifiedRole" type="EncapsulatedPKIDataType"

+      maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End SignerRole -->

+

+

+	<xsd:element name="AllDataObjectsTimeStamp" type="TimeStampType"/>

+

+	<xsd:element name="IndividualDataObjectsTimeStamp" type="TimeStampType"/>

+

+	<xsd:element name="SignatureTimeStamp" type="TimeStampType"/>	

+

+<!-- Start CompleteCertificateRefs -->

+	

+<xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/>

+

+<xsd:complexType name="CompleteCertificateRefsType">

+  <xsd:sequence>

+    <xsd:element name="CertRefs" type="CertIDListType" />

+  </xsd:sequence>

+  <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<!-- End CompleteCertificateRefs -->

+

+

+<!-- Start CompleteRevocationRefs-->

+

+<xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/>

+

+<xsd:complexType name="CompleteRevocationRefsType">

+  <xsd:sequence>

+    <xsd:element name="CRLRefs" type="CRLRefsType" minOccurs="0"/>

+    <xsd:element name="OCSPRefs" type="OCSPRefsType" minOccurs="0"/>

+    <xsd:element name="OtherRefs" type="OtherCertStatusRefsType" minOccurs="0"/> 

+  </xsd:sequence>

+  <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<xsd:complexType name="CRLRefsType">

+  <xsd:sequence>

+    <xsd:element name="CRLRef" type="CRLRefType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="CRLRefType">

+  <xsd:sequence>

+    <xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType"/>

+    <xsd:element name="CRLIdentifier" type="CRLIdentifierType" minOccurs="0"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="CRLIdentifierType">

+  <xsd:sequence>

+    <xsd:element name="Issuer" type="xsd:string"/>

+    <xsd:element name="IssueTime" type="xsd:dateTime" />

+    <xsd:element name="Number" type="xsd:integer"  minOccurs="0"/>

+  </xsd:sequence>

+  <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>

+</xsd:complexType>

+

+<xsd:complexType name="OCSPRefsType">

+  <xsd:sequence>

+    <xsd:element name="OCSPRef" type="OCSPRefType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="OCSPRefType">

+  <xsd:sequence>

+    <xsd:element name="OCSPIdentifier" type="OCSPIdentifierType"/>

+    <xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType" 

+      minOccurs="0"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="OCSPIdentifierType">

+  <xsd:sequence>

+    <xsd:element name="ResponderID" type="xsd:string"/>

+    <xsd:element name="ProducedAt" type="xsd:dateTime"/>

+  </xsd:sequence>

+  <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>

+</xsd:complexType>

+

+<xsd:complexType name="OtherCertStatusRefsType">

+  <xsd:sequence>

+    <xsd:element name="OtherRef" type="AnyType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End CompleteRevocationRefs-->

+

+

+<xsd:element name="SigAndRefsTimeStamp" type="TimeStampType"/>

+

+<xsd:element name="RefsOnlyTimeStamp" type="TimeStampType"/>

+

+<!-- Start CertificateValues -->

+

+<xsd:element name="CertificateValues" type="CertificateValuesType"/>

+

+<xsd:complexType name="CertificateValuesType">

+	<xsd:choice minOccurs="0" maxOccurs="unbounded">

+		<xsd:element name="EncapsulatedX509Certificate" type="EncapsulatedPKIDataType"/>

+		 <xsd:element name="OtherCertificate" type="AnyType"/>

+    </xsd:choice>

+    <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<!-- End CertificateValues -->	

+

+<!-- Start RevocationValues-->

+	

+<xsd:element name="RevocationValues" type="RevocationValuesType"/>

+

+<xsd:complexType name="RevocationValuesType">

+  <xsd:sequence>

+    <xsd:element name="CRLValues" type="CRLValuesType" minOccurs="0"/>

+    <xsd:element name="OCSPValues" type="OCSPValuesType" minOccurs="0"/>

+    <xsd:element name="OtherValues" type="OtherCertStatusValuesType" minOccurs="0"/>

+  </xsd:sequence>

+  <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<xsd:complexType name="CRLValuesType">

+  <xsd:sequence>

+     <xsd:element name="EncapsulatedCRLValue" type="EncapsulatedPKIDataType" 

+       maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="OCSPValuesType">

+  <xsd:sequence>

+      <xsd:element name="EncapsulatedOCSPValue" 

+        type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+<xsd:complexType name="OtherCertStatusValuesType">

+  <xsd:sequence>

+    <xsd:element name="OtherValue" type="AnyType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End RevocationValues-->	

+

+<xsd:element name="ArchiveTimeStamp" type="TimeStampType"/>

+

+	

+</xsd:schema> 

diff --git a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.2.2.xsd b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.2.2.xsd
new file mode 100644
index 0000000..80ccf12
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.2.2.xsd
@@ -0,0 +1,551 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.2.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://uri.etsi.org/01903/v1.2.2#" 

+xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified">

+

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+

+<!-- Start auxiliary types definitions: AnyType, ObjectIdentifierType, 

+EncapsulatedPKIDataType and TimestampType-->

+	

+<!-- Start AnyType -->

+

+	<xsd:element name="Any" type="AnyType"/>

+	<xsd:complexType name="AnyType" mixed="true">

+		<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+			<xsd:any namespace="##any" processContents="lax"/>

+		</xsd:sequence>

+		<xsd:anyAttribute namespace="##any"/>

+	</xsd:complexType>

+

+<!-- End AnyType -->

+

+<!-- Start ObjectIdentifierType-->

+	

+	<xsd:element name="ObjectIdentifier" type="ObjectIdentifierType"/>

+	<xsd:complexType name="ObjectIdentifierType">

+		<xsd:sequence>

+			<xsd:element name="Identifier" type="IdentifierType"/>

+			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="DocumentationReferences" type="DocumentationReferencesType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="IdentifierType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:anyURI">

+				<xsd:attribute name="Qualifier" type="QualifierType" use="optional"/>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:simpleType name="QualifierType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="OIDAsURI"/>

+			<xsd:enumeration value="OIDAsURN"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:complexType name="DocumentationReferencesType">

+		<xsd:sequence maxOccurs="unbounded">

+			<xsd:element name="DocumentationReference" type="xsd:anyURI"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	

+<!-- End ObjectIdentifierType-->	

+

+<!-- Start EncapsulatedPKIDataType-->

+	

+	<xsd:element name="EncapsulatedPKIData" type="EncapsulatedPKIDataType"/>

+	<xsd:complexType name="EncapsulatedPKIDataType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:base64Binary">

+				<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+

+<!-- End EncapsulatedPKIDataType -->

+

+<!-- Start TimeStampType -->

+

+	<xsd:element name="TimeStamp" type="TimeStampType"/>

+	<xsd:complexType name="TimeStampType">

+		<xsd:sequence>

+			<xsd:element name="Include" type="IncludeType" maxOccurs="unbounded"/>

+			<xsd:element ref="ds:CanonicalizationMethod" minOccurs="0"/>

+			<xsd:choice>

+				<xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/>

+				<xsd:element name="XMLTimeStamp" type="AnyType"/>

+			</xsd:choice>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+

+	<xsd:complexType name="IncludeType">

+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>

+		<xsd:attribute name="referencedData" type="xsd:boolean" use="optional"/>

+	</xsd:complexType>

+	

+<!-- End TimeStampType -->	

+	

+<!-- End auxiliary types definitions-->	

+	

+<!-- Start container types -->

+

+<!-- Start QualifyingProperties -->

+

+	<xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/>

+

+	<xsd:complexType name="QualifyingPropertiesType">

+		<xsd:sequence>

+			<xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/>

+			<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Target" type="xsd:anyURI" use="required"/>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+

+<!-- End QualifyingProperties -->

+

+<!-- Start SignedProperties-->

+

+	<xsd:element name="SignedProperties" type="SignedPropertiesType"/>

+

+	<xsd:complexType name="SignedPropertiesType">

+		<xsd:sequence>

+			<xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/>

+			<xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+

+<!-- End SignedProperties-->

+

+<!-- Start UnsignedProperties-->

+

+<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" />

+

+  <xsd:complexType name="UnsignedPropertiesType">

+    <xsd:sequence>

+      <xsd:element name="UnsignedSignatureProperties" 

+        type="UnsignedSignaturePropertiesType" minOccurs="0"/>

+        <xsd:element name="UnsignedDataObjectProperties" 

+          type="UnsignedDataObjectPropertiesType" minOccurs="0"/>

+    </xsd:sequence>

+    <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+  </xsd:complexType>

+

+<!-- End UnsignedProperties-->

+

+<!-- Start SignedSignatureProperties-->

+

+<xsd:element name="SignedSignatureProperties" 

+  type="SignedSignaturePropertiesType" />

+

+<xsd:complexType name="SignedSignaturePropertiesType">

+  <xsd:sequence>

+    <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>

+    <xsd:element name="SigningCertificate" type="CertIDListType" minOccurs="0"/>

+    <xsd:element name="SignaturePolicyIdentifier" 

+type="SignaturePolicyIdentifierType" minOccurs="0"/>

+    <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" 

+     minOccurs="0"/>

+    <xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End SignedSignatureProperties-->

+

+

+<!-- Start SignedDataObjectProperties-->

+

+<xsd:element name="SignedDataObjectProperties" 

+  type="SignedDataObjectPropertiesType"/>

+

+<xsd:complexType name="SignedDataObjectPropertiesType">

+  <xsd:sequence>

+    <xsd:element name="DataObjectFormat" type="DataObjectFormatType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+    <xsd:element name="CommitmentTypeIndication" 

+      type="CommitmentTypeIndicationType" minOccurs="0" 

+      maxOccurs="unbounded"/>

+    <xsd:element name="AllDataObjectsTimeStamp" type="TimeStampType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+    <xsd:element name="IndividualDataObjectsTimeStamp" type="TimeStampType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End SignedDataObjectProperties-->

+

+

+<!-- Start UnsignedSignatureProperties-->

+

+<xsd:element name="UnsignedSignatureProperties" 

+  type="UnsignedSignaturePropertiesType"/>

+

+<xsd:complexType name="UnsignedSignaturePropertiesType">

+  <xsd:sequence>

+    <xsd:element name="CounterSignature" type="CounterSignatureType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+    <xsd:element name="SignatureTimeStamp" type="TimeStampType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+    <xsd:element name="CompleteCertificateRefs" 

+      type="CompleteCertificateRefsType" minOccurs="0"/>

+    <xsd:element name="CompleteRevocationRefs" 

+      type="CompleteRevocationRefsType" minOccurs="0"/>

+    <xsd:element name="AttributeCertificateRefs" 

+      type="CompleteCertificateRefsType" minOccurs="0"/>

+    <xsd:element name="AttributeRevocationRefs" 

+      type="CompleteRevocationRefsType" minOccurs="0"/>

+    <xsd:choice>

+      <xsd:element name="SigAndRefsTimeStamp" type="TimeStampType" 

+        minOccurs="0" maxOccurs="unbounded"/>

+      <xsd:element name="RefsOnlyTimeStamp" type="TimeStampType" 

+        minOccurs="0" maxOccurs="unbounded"/>

+    </xsd:choice>

+    <xsd:element name="CertificateValues"

+      type="CertificateValuesType" minOccurs="0"/>

+    <xsd:element name="RevocationValues" type="RevocationValuesType" 

+      minOccurs="0"/>

+    <xsd:element name="ArchiveTimeStamp" type="TimeStampType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+  </xsd:sequence>

+  </xsd:complexType>

+

+

+<!-- End UnsignedSignatureProperties-->

+

+

+<!-- Start UnsignedDataObjectProperties-->

+

+<xsd:element name="UnsignedDataObjectProperties" 

+  type="UnsignedDataObjectPropertiesType" />

+

+<xsd:complexType name="UnsignedDataObjectPropertiesType">

+  <xsd:sequence>

+    <xsd:element name="UnsignedDataObjectProperty" type="AnyType" 

+      minOccurs="0" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End UnsignedDataObjectProperties-->

+

+<!-- Start QualifyingPropertiesReference-->

+

+<xsd:element name="QualifyingPropertiesReference" 

+  type="QualifyingPropertiesReferenceType"/>

+

+<xsd:complexType name="QualifyingPropertiesReferenceType">

+  <xsd:sequence>

+    <xsd:element ref="ds:Transforms" minOccurs="0"/>

+  </xsd:sequence>

+  <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>

+  <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<!-- End QualifyingPropertiesReference-->

+

+<!-- End container types -->	

+	

+	

+<!-- Start SigningTime element -->

+	<xsd:element name="SigningTime" type="xsd:dateTime"/>

+	

+<!-- End SigningTime element -->

+

+<!-- Start SigningCertificate -->

+	<xsd:element name="SigningCertificate" type="CertIDListType"/>

+	<xsd:complexType name="CertIDListType">

+		<xsd:sequence>

+			<xsd:element name="Cert" type="CertIDType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CertIDType">

+		<xsd:sequence>

+			<xsd:element name="CertDigest" type="DigestAlgAndValueType"/>

+			<xsd:element name="IssuerSerial" type="ds:X509IssuerSerialType"/>

+		</xsd:sequence>

+		<xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>

+	</xsd:complexType>

+	<xsd:complexType name="DigestAlgAndValueType">

+		<xsd:sequence>

+			<xsd:element ref="ds:DigestMethod"/>

+			<xsd:element ref="ds:DigestValue"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	

+<!-- End SigningCertificate -->	

+	

+<!-- Start SignaturePolicyIdentifier -->

+	

+	<xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/>

+	<xsd:complexType name="SignaturePolicyIdentifierType">

+		<xsd:choice>

+			<xsd:element name="SignaturePolicyId" type="SignaturePolicyIdType"/>

+			<xsd:element name="SignaturePolicyImplied"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:complexType name="SignaturePolicyIdType">

+		<xsd:sequence>

+			<xsd:element name="SigPolicyId" type="ObjectIdentifierType"/>

+			<xsd:element ref="ds:Transforms" minOccurs="0"/>

+			<xsd:element name="SigPolicyHash" type="DigestAlgAndValueType"/>

+			<xsd:element name="SigPolicyQualifiers" type="SigPolicyQualifiersListType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="SigPolicyQualifiersListType">

+		<xsd:sequence>

+			<xsd:element name="SigPolicyQualifier" type="AnyType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:element name="SPURI" type="xsd:anyURI"/>

+	<xsd:element name="SPUserNotice" type="SPUserNoticeType"/>

+	<xsd:complexType name="SPUserNoticeType">

+		<xsd:sequence>

+			<xsd:element name="NoticeRef" type="NoticeReferenceType" minOccurs="0"/>

+			<xsd:element name="ExplicitText" type="xsd:string" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="NoticeReferenceType">

+		<xsd:sequence>

+			<xsd:element name="Organization" type="xsd:string"/>

+			<xsd:element name="NoticeNumbers" type="IntegerListType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="IntegerListType">

+		<xsd:sequence>

+			<xsd:element name="int" type="xsd:integer" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+

+<!-- End SignaturePolicyIdentifier -->

+

+

+<!-- Start CounterSignature -->

+	<xsd:element name="CounterSignature" type="CounterSignatureType"/>

+	<xsd:complexType name="CounterSignatureType">

+		<xsd:sequence>

+			<xsd:element ref="ds:Signature"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	

+<!-- End CounterSignature -->

+

+<!-- Start DataObjectFormat -->

+

+	<xsd:element name="DataObjectFormat" type="DataObjectFormatType"/>

+	<xsd:complexType name="DataObjectFormatType">

+		<xsd:sequence>

+			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="ObjectIdentifier" type="ObjectIdentifierType" minOccurs="0"/>

+			<xsd:element name="MimeType" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="Encoding" type="xsd:anyURI" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="ObjectReference" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+

+<!-- End DataObjectFormat -->

+

+<!-- Start CommitmentTypeIndication -->

+

+	<xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType"/>

+	<xsd:complexType name="CommitmentTypeIndicationType">

+		<xsd:sequence>

+			<xsd:element name="CommitmentTypeId" type="ObjectIdentifierType"/>

+			<xsd:choice>

+				<xsd:element name="ObjectReference" type="xsd:anyURI" minOccurs="0" maxOccurs="unbounded"/>

+				<xsd:element name="AllSignedDataObjects"/>

+			</xsd:choice>

+			<xsd:element name="CommitmentTypeQualifiers" type="CommitmentTypeQualifiersListType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CommitmentTypeQualifiersListType">

+		<xsd:sequence>

+			<xsd:element name="CommitmentTypeQualifier" type="AnyType" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+

+<!-- End CommitmentTypeIndication -->

+

+<!-- Start SignatureProductionPlace -->

+

+	<xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType"/>

+	<xsd:complexType name="SignatureProductionPlaceType">

+		<xsd:sequence>

+			<xsd:element name="City" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="CountryName" type="xsd:string" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	

+<!-- End SignatureProductionPlace -->

+

+<!-- Start SignerRole -->

+	

+<xsd:element name="SignerRole" type="SignerRoleType"/>

+<xsd:complexType name="SignerRoleType">

+  <xsd:sequence>

+    <xsd:element name="ClaimedRoles" type="ClaimedRolesListType"

+      minOccurs="0"/>

+    <xsd:element name="CertifiedRoles" type="CertifiedRolesListType"

+      minOccurs="0"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="ClaimedRolesListType">

+  <xsd:sequence>

+    <xsd:element name="ClaimedRole" type="AnyType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="CertifiedRolesListType">

+  <xsd:sequence>

+    <xsd:element name="CertifiedRole" type="EncapsulatedPKIDataType"

+      maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End SignerRole -->

+

+

+	<xsd:element name="AllDataObjectsTimeStamp" type="TimeStampType"/>

+

+	<xsd:element name="IndividualDataObjectsTimeStamp" type="TimeStampType"/>

+

+	<xsd:element name="SignatureTimeStamp" type="TimeStampType"/>	

+

+<!-- Start CompleteCertificateRefs -->

+	

+<xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/>

+

+<xsd:complexType name="CompleteCertificateRefsType">

+  <xsd:sequence>

+    <xsd:element name="CertRefs" type="CertIDListType" />

+  </xsd:sequence>

+  <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<!-- End CompleteCertificateRefs -->

+

+

+<!-- Start CompleteRevocationRefs-->

+

+<xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/>

+

+<xsd:complexType name="CompleteRevocationRefsType">

+  <xsd:sequence>

+    <xsd:element name="CRLRefs" type="CRLRefsType" minOccurs="0"/>

+    <xsd:element name="OCSPRefs" type="OCSPRefsType" minOccurs="0"/>

+    <xsd:element name="OtherRefs" type="OtherCertStatusRefsType" minOccurs="0"/> 

+  </xsd:sequence>

+  <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<xsd:complexType name="CRLRefsType">

+  <xsd:sequence>

+    <xsd:element name="CRLRef" type="CRLRefType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="CRLRefType">

+  <xsd:sequence>

+    <xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType"/>

+    <xsd:element name="CRLIdentifier" type="CRLIdentifierType" minOccurs="0"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="CRLIdentifierType">

+  <xsd:sequence>

+    <xsd:element name="Issuer" type="xsd:string"/>

+    <xsd:element name="IssueTime" type="xsd:dateTime" />

+    <xsd:element name="Number" type="xsd:integer"  minOccurs="0"/>

+  </xsd:sequence>

+  <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>

+</xsd:complexType>

+

+<xsd:complexType name="OCSPRefsType">

+  <xsd:sequence>

+    <xsd:element name="OCSPRef" type="OCSPRefType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="OCSPRefType">

+  <xsd:sequence>

+    <xsd:element name="OCSPIdentifier" type="OCSPIdentifierType"/>

+    <xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType" 

+      minOccurs="0"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="OCSPIdentifierType">

+  <xsd:sequence>

+    <xsd:element name="ResponderID" type="xsd:string"/>

+    <xsd:element name="ProducedAt" type="xsd:dateTime"/>

+  </xsd:sequence>

+  <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>

+</xsd:complexType>

+

+<xsd:complexType name="OtherCertStatusRefsType">

+  <xsd:sequence>

+    <xsd:element name="OtherRef" type="AnyType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End CompleteRevocationRefs-->

+

+

+<xsd:element name="SigAndRefsTimeStamp" type="TimeStampType"/>

+

+<xsd:element name="RefsOnlyTimeStamp" type="TimeStampType"/>

+

+<!-- Start CertificateValues -->

+

+<xsd:element name="CertificateValues" type="CertificateValuesType"/>

+

+<xsd:complexType name="CertificateValuesType">

+	<xsd:choice minOccurs="0" maxOccurs="unbounded">

+		<xsd:element name="EncapsulatedX509Certificate" type="EncapsulatedPKIDataType"/>

+		 <xsd:element name="OtherCertificate" type="AnyType"/>

+    </xsd:choice>

+    <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<!-- End CertificateValues -->	

+

+<!-- Start RevocationValues-->

+	

+<xsd:element name="RevocationValues" type="RevocationValuesType"/>

+

+<xsd:complexType name="RevocationValuesType">

+  <xsd:sequence>

+    <xsd:element name="CRLValues" type="CRLValuesType" minOccurs="0"/>

+    <xsd:element name="OCSPValues" type="OCSPValuesType" minOccurs="0"/>

+    <xsd:element name="OtherValues" type="OtherCertStatusValuesType" minOccurs="0"/>

+  </xsd:sequence>

+  <xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+</xsd:complexType>

+

+<xsd:complexType name="CRLValuesType">

+  <xsd:sequence>

+     <xsd:element name="EncapsulatedCRLValue" type="EncapsulatedPKIDataType" 

+       maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<xsd:complexType name="OCSPValuesType">

+  <xsd:sequence>

+      <xsd:element name="EncapsulatedOCSPValue" 

+        type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+<xsd:complexType name="OtherCertStatusValuesType">

+  <xsd:sequence>

+    <xsd:element name="OtherValue" type="AnyType" maxOccurs="unbounded"/>

+  </xsd:sequence>

+</xsd:complexType>

+

+<!-- End RevocationValues-->	

+

+<xsd:element name="ArchiveTimeStamp" type="TimeStampType"/>

+

+	

+</xsd:schema> 

diff --git a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd
new file mode 100644
index 0000000..d0ce075
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd
@@ -0,0 +1,466 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified">

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>

+	<!-- Start auxiliary types definitions: AnyType, ObjectIdentifierType, 

+EncapsulatedPKIDataType and containers for time-stamp tokens -->

+	<!-- Start AnyType -->

+	<xsd:element name="Any" type="AnyType"/>

+	<xsd:complexType name="AnyType" mixed="true">

+		<xsd:sequence minOccurs="0" maxOccurs="unbounded">

+			<xsd:any namespace="##any" processContents="lax"/>

+		</xsd:sequence>

+		<xsd:anyAttribute namespace="##any"/>

+	</xsd:complexType>

+	<!-- End AnyType -->

+	<!-- Start ObjectIdentifierType-->

+	<xsd:element name="ObjectIdentifier" type="ObjectIdentifierType"/>

+	<xsd:complexType name="ObjectIdentifierType">

+		<xsd:sequence>

+			<xsd:element name="Identifier" type="IdentifierType"/>

+			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="DocumentationReferences" type="DocumentationReferencesType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="IdentifierType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:anyURI">

+				<xsd:attribute name="Qualifier" type="QualifierType" use="optional"/>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:simpleType name="QualifierType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="OIDAsURI"/>

+			<xsd:enumeration value="OIDAsURN"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:complexType name="DocumentationReferencesType">

+		<xsd:sequence maxOccurs="unbounded">

+			<xsd:element name="DocumentationReference" type="xsd:anyURI"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!-- End ObjectIdentifierType-->

+	<!-- Start EncapsulatedPKIDataType-->

+	<xsd:element name="EncapsulatedPKIData" type="EncapsulatedPKIDataType"/>

+	<xsd:complexType name="EncapsulatedPKIDataType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:base64Binary">

+				<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+				<xsd:attribute name="Encoding" type="xsd:anyURI" use="optional"/>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<!-- End EncapsulatedPKIDataType -->

+	<!-- Start time-stamp containers types -->

+	<!-- Start GenericTimeStampType -->

+	<xsd:element name="Include" type="IncludeType"/>

+	<xsd:complexType name="IncludeType">

+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>

+		<xsd:attribute name="referencedData" type="xsd:boolean" use="optional"/>

+	</xsd:complexType>

+	<xsd:element name="ReferenceInfo" type="ReferenceInfoType"/>

+	<xsd:complexType name="ReferenceInfoType">

+		<xsd:sequence>

+			<xsd:element ref="ds:DigestMethod"/>

+			<xsd:element ref="ds:DigestValue"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+		<xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>

+	</xsd:complexType>

+	<xsd:complexType name="GenericTimeStampType" abstract="true">

+		<xsd:sequence>

+			<xsd:choice minOccurs="0">

+				<xsd:element ref="Include" minOccurs="0" maxOccurs="unbounded"/>

+				<xsd:element ref="ReferenceInfo" maxOccurs="unbounded"/>

+			</xsd:choice>

+			<xsd:element ref="ds:CanonicalizationMethod" minOccurs="0"/>

+			<xsd:choice maxOccurs="unbounded">

+				<xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/>

+				<xsd:element name="XMLTimeStamp" type="AnyType"/>

+			</xsd:choice>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End GenericTimeStampType -->

+	<!-- Start XAdESTimeStampType -->

+	<xsd:element name="XAdESTimeStamp" type="XAdESTimeStampType"/>

+	<xsd:complexType name="XAdESTimeStampType">

+		<xsd:complexContent>

+			<xsd:restriction base="GenericTimeStampType">

+				<xsd:sequence>

+					<xsd:element ref="Include" minOccurs="0" maxOccurs="unbounded"/>

+					<xsd:element ref="ds:CanonicalizationMethod" minOccurs="0"/>

+					<xsd:choice maxOccurs="unbounded">

+						<xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/>

+						<xsd:element name="XMLTimeStamp" type="AnyType"/>

+					</xsd:choice>

+				</xsd:sequence>

+				<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<!-- End XAdESTimeStampType -->

+	<!-- Start OtherTimeStampType -->

+	<xsd:element name="OtherTimeStamp" type="OtherTimeStampType"/>

+	<xsd:complexType name="OtherTimeStampType">

+		<xsd:complexContent>

+			<xsd:restriction base="GenericTimeStampType">

+				<xsd:sequence>

+					<xsd:element ref="ReferenceInfo" maxOccurs="unbounded"/>

+					<xsd:element ref="ds:CanonicalizationMethod" minOccurs="0"/>

+					<xsd:choice>

+						<xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/>

+						<xsd:element name="XMLTimeStamp" type="AnyType"/>

+					</xsd:choice>

+				</xsd:sequence>

+				<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<!-- End OtherTimeStampType -->

+	<!-- End time-stamp containers types -->

+	<!-- End auxiliary types definitions-->

+	<!-- Start container types -->

+	<!-- Start QualifyingProperties -->

+	<xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/>

+	<xsd:complexType name="QualifyingPropertiesType">

+		<xsd:sequence>

+			<xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/>

+			<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Target" type="xsd:anyURI" use="required"/>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End QualifyingProperties -->

+	<!-- Start SignedProperties-->

+	<xsd:element name="SignedProperties" type="SignedPropertiesType"/>

+	<xsd:complexType name="SignedPropertiesType">

+		<xsd:sequence>

+			<xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType" minOccurs="0"/>

+			<xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End SignedProperties-->

+	<!-- Start UnsignedProperties-->

+	<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType"/>

+	<xsd:complexType name="UnsignedPropertiesType">

+		<xsd:sequence>

+			<xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType" minOccurs="0"/>

+			<xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End UnsignedProperties-->

+	<!-- Start SignedSignatureProperties-->

+	<xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/>

+	<xsd:complexType name="SignedSignaturePropertiesType">

+		<xsd:sequence>

+			<xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>

+			<xsd:element name="SigningCertificate" type="CertIDListType" minOccurs="0"/>

+			<xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType" minOccurs="0"/>

+			<xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" minOccurs="0"/>

+			<xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End SignedSignatureProperties-->

+	<!-- Start SignedDataObjectProperties-->

+	<xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType"/>

+	<xsd:complexType name="SignedDataObjectPropertiesType">

+		<xsd:sequence>

+			<xsd:element name="DataObjectFormat" type="DataObjectFormatType" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End SignedDataObjectProperties-->

+	<!-- Start UnsignedSignatureProperties-->

+	<xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType"/>

+	<xsd:complexType name="UnsignedSignaturePropertiesType">

+		<xsd:choice maxOccurs="unbounded">

+			<xsd:element name="CounterSignature" type="CounterSignatureType"/>

+			<xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/>

+			<xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/>

+			<xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/>

+			<xsd:element name="AttributeCertificateRefs" type="CompleteCertificateRefsType"/>

+			<xsd:element name="AttributeRevocationRefs" type="CompleteRevocationRefsType"/>

+			<xsd:element name="SigAndRefsTimeStamp" type="XAdESTimeStampType"/>

+			<xsd:element name="RefsOnlyTimeStamp" type="XAdESTimeStampType"/>

+			<xsd:element name="CertificateValues" type="CertificateValuesType"/>

+			<xsd:element name="RevocationValues" type="RevocationValuesType"/>

+			<xsd:element name="AttrAuthoritiesCertValues" type="CertificateValuesType"/>

+			<xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/>

+			<xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/>

+			<xsd:any namespace="##other"/>

+		</xsd:choice>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End UnsignedSignatureProperties-->

+	<!-- Start UnsignedDataObjectProperties-->

+	<xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType"/>

+	<xsd:complexType name="UnsignedDataObjectPropertiesType">

+		<xsd:sequence>

+			<xsd:element name="UnsignedDataObjectProperty" type="AnyType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End UnsignedDataObjectProperties-->

+	<!-- Start QualifyingPropertiesReference-->

+	<xsd:element name="QualifyingPropertiesReference" type="QualifyingPropertiesReferenceType"/>

+	<xsd:complexType name="QualifyingPropertiesReferenceType">

+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End QualifyingPropertiesReference-->

+	<!-- End container types -->

+	<!-- Start SigningTime element -->

+	<xsd:element name="SigningTime" type="xsd:dateTime"/>

+	<!-- End SigningTime element -->

+	<!-- Start SigningCertificate -->

+	<xsd:element name="SigningCertificate" type="CertIDListType"/>

+	<xsd:complexType name="CertIDListType">

+		<xsd:sequence>

+			<xsd:element name="Cert" type="CertIDType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CertIDType">

+		<xsd:sequence>

+			<xsd:element name="CertDigest" type="DigestAlgAndValueType"/>

+			<xsd:element name="IssuerSerial" type="ds:X509IssuerSerialType"/>

+		</xsd:sequence>

+		<xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>

+	</xsd:complexType>

+	<xsd:complexType name="DigestAlgAndValueType">

+		<xsd:sequence>

+			<xsd:element ref="ds:DigestMethod"/>

+			<xsd:element ref="ds:DigestValue"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!-- End SigningCertificate -->

+	<!-- Start SignaturePolicyIdentifier -->

+	<xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/>

+	<xsd:complexType name="SignaturePolicyIdentifierType">

+		<xsd:choice>

+			<xsd:element name="SignaturePolicyId" type="SignaturePolicyIdType"/>

+			<xsd:element name="SignaturePolicyImplied"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:complexType name="SignaturePolicyIdType">

+		<xsd:sequence>

+			<xsd:element name="SigPolicyId" type="ObjectIdentifierType"/>

+			<xsd:element ref="ds:Transforms" minOccurs="0"/>

+			<xsd:element name="SigPolicyHash" type="DigestAlgAndValueType"/>

+			<xsd:element name="SigPolicyQualifiers" type="SigPolicyQualifiersListType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="SigPolicyQualifiersListType">

+		<xsd:sequence>

+			<xsd:element name="SigPolicyQualifier" type="AnyType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:element name="SPURI" type="xsd:anyURI"/>

+	<xsd:element name="SPUserNotice" type="SPUserNoticeType"/>

+	<xsd:complexType name="SPUserNoticeType">

+		<xsd:sequence>

+			<xsd:element name="NoticeRef" type="NoticeReferenceType" minOccurs="0"/>

+			<xsd:element name="ExplicitText" type="xsd:string" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="NoticeReferenceType">

+		<xsd:sequence>

+			<xsd:element name="Organization" type="xsd:string"/>

+			<xsd:element name="NoticeNumbers" type="IntegerListType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="IntegerListType">

+		<xsd:sequence>

+			<xsd:element name="int" type="xsd:integer" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!-- End SignaturePolicyIdentifier -->

+	<!-- Start CounterSignature -->

+	<xsd:element name="CounterSignature" type="CounterSignatureType"/>

+	<xsd:complexType name="CounterSignatureType">

+		<xsd:sequence>

+			<xsd:element ref="ds:Signature"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!-- End CounterSignature -->

+	<!-- Start DataObjectFormat -->

+	<xsd:element name="DataObjectFormat" type="DataObjectFormatType"/>

+	<xsd:complexType name="DataObjectFormatType">

+		<xsd:sequence>

+			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="ObjectIdentifier" type="ObjectIdentifierType" minOccurs="0"/>

+			<xsd:element name="MimeType" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="Encoding" type="xsd:anyURI" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="ObjectReference" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<!-- End DataObjectFormat -->

+	<!-- Start CommitmentTypeIndication -->

+	<xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType"/>

+	<xsd:complexType name="CommitmentTypeIndicationType">

+		<xsd:sequence>

+			<xsd:element name="CommitmentTypeId" type="ObjectIdentifierType"/>

+			<xsd:choice>

+				<xsd:element name="ObjectReference" type="xsd:anyURI" maxOccurs="unbounded"/>

+				<xsd:element name="AllSignedDataObjects"/>

+			</xsd:choice>

+			<xsd:element name="CommitmentTypeQualifiers" type="CommitmentTypeQualifiersListType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CommitmentTypeQualifiersListType">

+		<xsd:sequence>

+			<xsd:element name="CommitmentTypeQualifier" type="AnyType" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!-- End CommitmentTypeIndication -->

+	<!-- Start SignatureProductionPlace -->

+	<xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType"/>

+	<xsd:complexType name="SignatureProductionPlaceType">

+		<xsd:sequence>

+			<xsd:element name="City" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/>

+			<xsd:element name="CountryName" type="xsd:string" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!-- End SignatureProductionPlace -->

+	<!-- Start SignerRole -->

+	<xsd:element name="SignerRole" type="SignerRoleType"/>

+	<xsd:complexType name="SignerRoleType">

+		<xsd:sequence>

+			<xsd:element name="ClaimedRoles" type="ClaimedRolesListType" minOccurs="0"/>

+			<xsd:element name="CertifiedRoles" type="CertifiedRolesListType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ClaimedRolesListType">

+		<xsd:sequence>

+			<xsd:element name="ClaimedRole" type="AnyType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CertifiedRolesListType">

+		<xsd:sequence>

+			<xsd:element name="CertifiedRole" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!-- End SignerRole -->

+	<xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType"/>

+	<xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType"/>

+	<xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/>

+	<!-- Start CompleteCertificateRefs -->

+	<xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/>

+	<xsd:complexType name="CompleteCertificateRefsType">

+		<xsd:sequence>

+			<xsd:element name="CertRefs" type="CertIDListType"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End CompleteCertificateRefs -->

+	<!-- Start CompleteRevocationRefs-->

+	<xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/>

+	<xsd:complexType name="CompleteRevocationRefsType">

+		<xsd:sequence>

+			<xsd:element name="CRLRefs" type="CRLRefsType" minOccurs="0"/>

+			<xsd:element name="OCSPRefs" type="OCSPRefsType" minOccurs="0"/>

+			<xsd:element name="OtherRefs" type="OtherCertStatusRefsType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<xsd:complexType name="CRLRefsType">

+		<xsd:sequence>

+			<xsd:element name="CRLRef" type="CRLRefType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CRLRefType">

+		<xsd:sequence>

+			<xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType"/>

+			<xsd:element name="CRLIdentifier" type="CRLIdentifierType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CRLIdentifierType">

+		<xsd:sequence>

+			<xsd:element name="Issuer" type="xsd:string"/>

+			<xsd:element name="IssueTime" type="xsd:dateTime"/>

+			<xsd:element name="Number" type="xsd:integer" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>

+	</xsd:complexType>

+	<xsd:complexType name="OCSPRefsType">

+		<xsd:sequence>

+			<xsd:element name="OCSPRef" type="OCSPRefType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="OCSPRefType">

+		<xsd:sequence>

+			<xsd:element name="OCSPIdentifier" type="OCSPIdentifierType"/>

+			<xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ResponderIDType">

+		<xsd:choice>

+			<xsd:element name="ByName" type="xsd:string"/>

+			<xsd:element name="ByKey" type="xsd:base64Binary"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:complexType name="OCSPIdentifierType">

+		<xsd:sequence>

+			<xsd:element name="ResponderID" type="ResponderIDType"/>

+			<xsd:element name="ProducedAt" type="xsd:dateTime"/>

+		</xsd:sequence>

+		<xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>

+	</xsd:complexType>

+	<xsd:complexType name="OtherCertStatusRefsType">

+		<xsd:sequence>

+			<xsd:element name="OtherRef" type="AnyType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!-- End CompleteRevocationRefs-->

+	<xsd:element name="AttributeCertificateRefs" type="CompleteCertificateRefsType"/>

+	<xsd:element name="AttributeRevocationRefs" type="CompleteRevocationRefsType"/>

+	<xsd:element name="SigAndRefsTimeStamp" type="XAdESTimeStampType"/>

+	<xsd:element name="RefsOnlyTimeStamp" type="XAdESTimeStampType"/>

+	<!-- Start CertificateValues -->

+	<xsd:element name="CertificateValues" type="CertificateValuesType"/>

+	<xsd:complexType name="CertificateValuesType">

+		<xsd:choice minOccurs="0" maxOccurs="unbounded">

+			<xsd:element name="EncapsulatedX509Certificate" type="EncapsulatedPKIDataType"/>

+			<xsd:element name="OtherCertificate" type="AnyType"/>

+		</xsd:choice>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<!-- End CertificateValues -->

+	<!-- Start RevocationValues-->

+	<xsd:element name="RevocationValues" type="RevocationValuesType"/>

+	<xsd:complexType name="RevocationValuesType">

+		<xsd:sequence>

+			<xsd:element name="CRLValues" type="CRLValuesType" minOccurs="0"/>

+			<xsd:element name="OCSPValues" type="OCSPValuesType" minOccurs="0"/>

+			<xsd:element name="OtherValues" type="OtherCertStatusValuesType" minOccurs="0"/>

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+	</xsd:complexType>

+	<xsd:complexType name="CRLValuesType">

+		<xsd:sequence>

+			<xsd:element name="EncapsulatedCRLValue" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="OCSPValuesType">

+		<xsd:sequence>

+			<xsd:element name="EncapsulatedOCSPValue" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="OtherCertStatusValuesType">

+		<xsd:sequence>

+			<xsd:element name="OtherValue" type="AnyType" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!-- End RevocationValues-->

+	<xsd:element name="AttrAuthoritiesCertValues" type="CertificateValuesType"/>

+	<xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/>

+	<xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd
new file mode 100644
index 0000000..383fcbd
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified">

+	<xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="XAdES-1.3.2.xsd"/>

+	<!-- Start CertificateValues -->

+	<xsd:element name="TimeStampValidationData" type="ValidationDataType"/>

+	<xsd:complexType name="ValidationDataType">

+		<xsd:sequence>

+			<xsd:element ref="xades:CertificateValues" minOccurs="0" />

+			<xsd:element ref="xades:RevocationValues" minOccurs="0" />

+		</xsd:sequence>

+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>

+		<xsd:attribute name="UR" type="xsd:anyURI" use="optional"/>

+	</xsd:complexType>

+	<xsd:element name="ArchiveTimeStampV2" type="xades:XAdESTimeStampType"/>

+</xsd:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/XMLSchema-instance.xsd b/moaSig/common/src/main/resources/resources/schemas/XMLSchema-instance.xsd
new file mode 100644
index 0000000..f47577b
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/XMLSchema-instance.xsd
@@ -0,0 +1,37 @@
+<?xml version='1.0'?>
+<!DOCTYPE xs:schema SYSTEM "XMLSchema.dtd" [
+<!ELEMENT p ANY>
+<!ELEMENT a ANY>
+<!ATTLIST a href CDATA #IMPLIED>
+<!ELEMENT hr ANY>
+<!ELEMENT h1 ANY>
+<!ELEMENT br ANY>
+]>
+<xs:schema targetNamespace="http://www.w3.org/2001/XMLSchema-instance"
+           xmlns:xs="http://www.w3.org/2001/XMLSchema"
+           xmlns="http://www.w3.org/1999/xhtml">
+  <xs:annotation>
+   <xs:documentation>
+    <h1>XML Schema instance namespace</h1>
+    <p>See <a href="http://www.w3.org/TR/xmlschema-1/">the XML Schema
+       Recommendation</a> for an introduction</p>
+
+
+    <hr />
+    $Date: 2001/03/16 20:25:57 $<br />
+    $Id: XMLSchema-instance.xsd,v 1.4 2001/03/16 20:25:57 ht Exp $
+  </xs:documentation>
+ </xs:annotation>
+ <xs:annotation>
+  <xs:documentation><p>This schema should never be used as such:
+                    <a href="http://www.w3.org/TR/xmlschema-1/#no-xsi">the XML
+                    Schema Recommendation</a> forbids the declaration of
+                    attributes in this namespace</p>
+  </xs:documentation>
+ </xs:annotation>
+
+ <xs:attribute name="nil"/>
+ <xs:attribute name="type"/>
+ <xs:attribute name="schemaLocation"/>
+ <xs:attribute name="noNamespaceSchemaLocation"/>
+</xs:schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/XMLSchema.dtd b/moaSig/common/src/main/resources/resources/schemas/XMLSchema.dtd
new file mode 100644
index 0000000..e8e8f76
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/XMLSchema.dtd
@@ -0,0 +1,402 @@
+<!-- DTD for XML Schemas: Part 1: Structures
+     Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
+     Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
+<!-- $Id: XMLSchema.dtd,v 1.31 2001/10/24 15:50:16 ht Exp $ -->
+<!-- Note this DTD is NOT normative, or even definitive. -->           <!--d-->
+<!-- prose copy in the structures REC is the definitive version -->    <!--d-->
+<!-- (which shouldn't differ from this one except for this -->         <!--d-->
+<!-- comment and entity expansions, but just in case) -->              <!--d-->
+<!-- With the exception of cases with multiple namespace
+     prefixes for the XML Schema namespace, any XML document which is
+     not valid per this DTD given redefinitions in its internal subset of the
+     'p' and 's' parameter entities below appropriate to its namespace
+     declaration of the XML Schema namespace is almost certainly not
+     a valid schema. -->
+
+<!-- The simpleType element and its constituent parts
+     are defined in XML Schema: Part 2: Datatypes -->
+<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
+
+<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+                         schema document to establish a different
+                         namespace prefix -->
+<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
+                         also define %s as the suffix for the appropriate
+                         namespace declaration (e.g. :foo) -->
+<!ENTITY % nds 'xmlns%s;'>
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % schema "%p;schema">
+<!ENTITY % complexType "%p;complexType">
+<!ENTITY % complexContent "%p;complexContent">
+<!ENTITY % simpleContent "%p;simpleContent">
+<!ENTITY % extension "%p;extension">
+<!ENTITY % element "%p;element">
+<!ENTITY % unique "%p;unique">
+<!ENTITY % key "%p;key">
+<!ENTITY % keyref "%p;keyref">
+<!ENTITY % selector "%p;selector">
+<!ENTITY % field "%p;field">
+<!ENTITY % group "%p;group">
+<!ENTITY % all "%p;all">
+<!ENTITY % choice "%p;choice">
+<!ENTITY % sequence "%p;sequence">
+<!ENTITY % any "%p;any">
+<!ENTITY % anyAttribute "%p;anyAttribute">
+<!ENTITY % attribute "%p;attribute">
+<!ENTITY % attributeGroup "%p;attributeGroup">
+<!ENTITY % include "%p;include">
+<!ENTITY % import "%p;import">
+<!ENTITY % redefine "%p;redefine">
+<!ENTITY % notation "%p;notation">
+
+<!-- annotation elements -->
+<!ENTITY % annotation "%p;annotation">
+<!ENTITY % appinfo "%p;appinfo">
+<!ENTITY % documentation "%p;documentation">
+
+<!-- Customisation entities for the ATTLIST of each element type.
+     Define one of these if your schema takes advantage of the
+     anyAttribute='##other' in the schema for schemas -->
+
+<!ENTITY % schemaAttrs ''>
+<!ENTITY % complexTypeAttrs ''>
+<!ENTITY % complexContentAttrs ''>
+<!ENTITY % simpleContentAttrs ''>
+<!ENTITY % extensionAttrs ''>
+<!ENTITY % elementAttrs ''>
+<!ENTITY % groupAttrs ''>
+<!ENTITY % allAttrs ''>
+<!ENTITY % choiceAttrs ''>
+<!ENTITY % sequenceAttrs ''>
+<!ENTITY % anyAttrs ''>
+<!ENTITY % anyAttributeAttrs ''>
+<!ENTITY % attributeAttrs ''>
+<!ENTITY % attributeGroupAttrs ''>
+<!ENTITY % uniqueAttrs ''>
+<!ENTITY % keyAttrs ''>
+<!ENTITY % keyrefAttrs ''>
+<!ENTITY % selectorAttrs ''>
+<!ENTITY % fieldAttrs ''>
+<!ENTITY % includeAttrs ''>
+<!ENTITY % importAttrs ''>
+<!ENTITY % redefineAttrs ''>
+<!ENTITY % notationAttrs ''>
+<!ENTITY % annotationAttrs ''>
+<!ENTITY % appinfoAttrs ''>
+<!ENTITY % documentationAttrs ''>
+
+<!ENTITY % complexDerivationSet "CDATA">
+      <!-- #all or space-separated list drawn from derivationChoice -->
+<!ENTITY % blockSet "CDATA">
+      <!-- #all or space-separated list drawn from
+                      derivationChoice + 'substitution' -->
+
+<!ENTITY % mgs '%all; | %choice; | %sequence;'>
+<!ENTITY % cs '%choice; | %sequence;'>
+<!ENTITY % formValues '(qualified|unqualified)'>
+
+
+<!ENTITY % attrDecls    '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
+
+<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
+
+<!-- This is used in part2 -->
+<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
+
+%xs-datatypes;
+
+<!-- the duplication below is to produce an unambiguous content model
+     which allows annotation everywhere -->
+<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
+                    ((%simpleType; | %complexType;
+                      | %element; | %attribute;
+                      | %attributeGroup; | %group;
+                      | %notation; ),
+                     (%annotation;)*)* )>
+<!ATTLIST %schema;
+   targetNamespace      %URIref;               #IMPLIED
+   version              CDATA                  #IMPLIED
+   %nds;                %URIref;               #FIXED 'http://www.w3.org/2001/XMLSchema'
+   xmlns                CDATA                  #IMPLIED
+   finalDefault         %complexDerivationSet; ''
+   blockDefault         %blockSet;             ''
+   id                   ID                     #IMPLIED
+   elementFormDefault   %formValues;           'unqualified'
+   attributeFormDefault %formValues;           'unqualified'
+   xml:lang             CDATA                  #IMPLIED
+   %schemaAttrs;>
+<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
+     because at the Infoset level where schemas operate,
+     xmlns(:prefix) is NOT an attribute! -->
+<!-- The declaration of xmlns is a convenience for schema authors -->
+ 
+<!-- The id attribute here and below is for use in external references
+     from non-schemas using simple fragment identifiers.
+     It is NOT used for schema-to-schema reference, internal or
+     external. -->
+
+<!-- a type is a named content type specification which allows attribute
+     declarations-->
+<!-- -->
+
+<!ELEMENT %complexType; ((%annotation;)?,
+                         (%simpleContent;|%complexContent;|
+                          %particleAndAttrs;))>
+
+<!ATTLIST %complexType;
+          name      %NCName;                        #IMPLIED
+          id        ID                              #IMPLIED
+          abstract  %boolean;                       #IMPLIED
+          final     %complexDerivationSet;          #IMPLIED
+          block     %complexDerivationSet;          #IMPLIED
+          mixed (true|false) 'false'
+          %complexTypeAttrs;>
+
+<!-- particleAndAttrs is shorthand for a root type -->
+<!-- mixed is disallowed if simpleContent, overriden if complexContent
+     has one too. -->
+
+<!-- If anyAttribute appears in one or more referenced attributeGroups
+     and/or explicitly, the intersection of the permissions is used -->
+
+<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %complexContent;
+          mixed (true|false) #IMPLIED
+          id    ID           #IMPLIED
+          %complexContentAttrs;>
+
+<!-- restriction should use the branch defined above, not the simple
+     one from part2; extension should use the full model  -->
+
+<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %simpleContent;
+          id    ID           #IMPLIED
+          %simpleContentAttrs;>
+
+<!-- restriction should use the simple branch from part2, not the 
+     one defined above; extension should have no particle  -->
+
+<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
+<!ATTLIST %extension;
+          base  %QName;      #REQUIRED
+          id    ID           #IMPLIED
+          %extensionAttrs;>
+
+<!-- an element is declared by either:
+ a name and a type (either nested or referenced via the type attribute)
+ or a ref to an existing element declaration -->
+
+<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
+                     (%unique; | %key; | %keyref;)*)>
+<!-- simpleType or complexType only if no type|ref attribute -->
+<!-- ref not allowed at top level -->
+<!ATTLIST %element;
+            name               %NCName;               #IMPLIED
+            id                 ID                     #IMPLIED
+            ref                %QName;                #IMPLIED
+            type               %QName;                #IMPLIED
+            minOccurs          %nonNegativeInteger;   #IMPLIED
+            maxOccurs          CDATA                  #IMPLIED
+            nillable           %boolean;              #IMPLIED
+            substitutionGroup  %QName;                #IMPLIED
+            abstract           %boolean;              #IMPLIED
+            final              %complexDerivationSet; #IMPLIED
+            block              %blockSet;             #IMPLIED
+            default            CDATA                  #IMPLIED
+            fixed              CDATA                  #IMPLIED
+            form               %formValues;           #IMPLIED
+            %elementAttrs;>
+<!-- type and ref are mutually exclusive.
+     name and ref are mutually exclusive, one is required -->
+<!-- In the absence of type AND ref, type defaults to type of
+     substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
+<!-- default and fixed are mutually exclusive -->
+
+<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
+<!ATTLIST %group; 
+          name        %NCName;               #IMPLIED
+          ref         %QName;                #IMPLIED
+          minOccurs   %nonNegativeInteger;   #IMPLIED
+          maxOccurs   CDATA                  #IMPLIED
+          id          ID                     #IMPLIED
+          %groupAttrs;>
+
+<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
+<!ATTLIST %all;
+          minOccurs   (1)                    #IMPLIED
+          maxOccurs   (1)                    #IMPLIED
+          id          ID                     #IMPLIED
+          %allAttrs;>
+
+<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %choice;
+          minOccurs   %nonNegativeInteger;   #IMPLIED
+          maxOccurs   CDATA                  #IMPLIED
+          id          ID                     #IMPLIED
+          %choiceAttrs;>
+
+<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %sequence;
+          minOccurs   %nonNegativeInteger;   #IMPLIED
+          maxOccurs   CDATA                  #IMPLIED
+          id          ID                     #IMPLIED
+          %sequenceAttrs;>
+
+<!-- an anonymous grouping in a model, or
+     a top-level named group definition, or a reference to same -->
+
+<!-- Note that if order is 'all', group is not allowed inside.
+     If order is 'all' THIS group must be alone (or referenced alone) at
+     the top level of a content model -->
+<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
+<!-- Should allow minOccurs=0 inside order='all' . . . -->
+
+<!ELEMENT %any; (%annotation;)?>
+<!ATTLIST %any;
+            namespace       CDATA                  '##any'
+            processContents (skip|lax|strict)      'strict'
+            minOccurs       %nonNegativeInteger;   '1'
+            maxOccurs       CDATA                  '1'
+            id              ID                     #IMPLIED
+            %anyAttrs;>
+
+<!-- namespace is interpreted as follows:
+                  ##any      - - any non-conflicting WFXML at all
+
+                  ##other    - - any non-conflicting WFXML from namespace other
+                                  than targetNamespace
+
+                  ##local    - - any unqualified non-conflicting WFXML/attribute
+                  one or     - - any non-conflicting WFXML from
+                  more URI        the listed namespaces
+                  references
+
+                  ##targetNamespace ##local may appear in the above list,
+                    with the obvious meaning -->
+
+<!ELEMENT %anyAttribute; (%annotation;)?>
+<!ATTLIST %anyAttribute;
+            namespace       CDATA              '##any'
+            processContents (skip|lax|strict)  'strict'
+            id              ID                 #IMPLIED
+            %anyAttributeAttrs;>
+<!-- namespace is interpreted as for 'any' above -->
+
+<!-- simpleType only if no type|ref attribute -->
+<!-- ref not allowed at top level, name iff at top level -->
+<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
+<!ATTLIST %attribute;
+          name      %NCName;      #IMPLIED
+          id        ID            #IMPLIED
+          ref       %QName;       #IMPLIED
+          type      %QName;       #IMPLIED
+          use       (prohibited|optional|required) #IMPLIED
+          default   CDATA         #IMPLIED
+          fixed     CDATA         #IMPLIED
+          form      %formValues;  #IMPLIED
+          %attributeAttrs;>
+<!-- type and ref are mutually exclusive.
+     name and ref are mutually exclusive, one is required -->
+<!-- default for use is optional when nested, none otherwise -->
+<!-- default and fixed are mutually exclusive -->
+<!-- type attr and simpleType content are mutually exclusive -->
+
+<!-- an attributeGroup is a named collection of attribute decls, or a
+     reference thereto -->
+<!ELEMENT %attributeGroup; ((%annotation;)?,
+                       (%attribute; | %attributeGroup;)*,
+                       (%anyAttribute;)?) >
+<!ATTLIST %attributeGroup;
+                 name       %NCName;       #IMPLIED
+                 id         ID             #IMPLIED
+                 ref        %QName;        #IMPLIED
+                 %attributeGroupAttrs;>
+
+<!-- ref iff no content, no name.  ref iff not top level -->
+
+<!-- better reference mechanisms -->
+<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %unique;
+          name     %NCName;       #REQUIRED
+	  id       ID             #IMPLIED
+	  %uniqueAttrs;>
+
+<!ELEMENT %key;    ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %key;
+          name     %NCName;       #REQUIRED
+	  id       ID             #IMPLIED
+	  %keyAttrs;>
+
+<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %keyref;
+          name     %NCName;       #REQUIRED
+	  refer    %QName;        #REQUIRED
+	  id       ID             #IMPLIED
+	  %keyrefAttrs;>
+
+<!ELEMENT %selector; ((%annotation;)?)>
+<!ATTLIST %selector;
+          xpath %XPathExpr; #REQUIRED
+          id    ID          #IMPLIED
+          %selectorAttrs;>
+<!ELEMENT %field; ((%annotation;)?)>
+<!ATTLIST %field;
+          xpath %XPathExpr; #REQUIRED
+          id    ID          #IMPLIED
+          %fieldAttrs;>
+
+<!-- Schema combination mechanisms -->
+<!ELEMENT %include; (%annotation;)?>
+<!ATTLIST %include;
+          schemaLocation %URIref; #REQUIRED
+          id             ID       #IMPLIED
+          %includeAttrs;>
+
+<!ELEMENT %import; (%annotation;)?>
+<!ATTLIST %import;
+          namespace      %URIref; #IMPLIED
+          schemaLocation %URIref; #IMPLIED
+          id             ID       #IMPLIED
+          %importAttrs;>
+
+<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
+                      %attributeGroup; | %group;)*>
+<!ATTLIST %redefine;
+          schemaLocation %URIref; #REQUIRED
+          id             ID       #IMPLIED
+          %redefineAttrs;>
+
+<!ELEMENT %notation; (%annotation;)?>
+<!ATTLIST %notation;
+	  name        %NCName;    #REQUIRED
+	  id          ID          #IMPLIED
+	  public      CDATA       #REQUIRED
+	  system      %URIref;    #IMPLIED
+	  %notationAttrs;>
+
+<!-- Annotation is either application information or documentation -->
+<!-- By having these here they are available for datatypes as well
+     as all the structures elements -->
+
+<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
+<!ATTLIST %annotation; %annotationAttrs;>
+
+<!-- User must define annotation elements in internal subset for this
+     to work -->
+<!ELEMENT %appinfo; ANY>   <!-- too restrictive -->
+<!ATTLIST %appinfo;
+          source     %URIref;      #IMPLIED
+          id         ID         #IMPLIED
+          %appinfoAttrs;>
+<!ELEMENT %documentation; ANY>   <!-- too restrictive -->
+<!ATTLIST %documentation;
+          source     %URIref;   #IMPLIED
+          id         ID         #IMPLIED
+          xml:lang   CDATA      #IMPLIED
+          %documentationAttrs;>
+
+<!NOTATION XMLSchemaStructures PUBLIC
+           'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
+<!NOTATION XML PUBLIC
+           'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >
diff --git a/moaSig/common/src/main/resources/resources/schemas/cs-sstc-schema-assertion-01.xsd b/moaSig/common/src/main/resources/resources/schemas/cs-sstc-schema-assertion-01.xsd
new file mode 100644
index 0000000..8bc5af1
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/cs-sstc-schema-assertion-01.xsd
@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->

+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">

+        <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+        <annotation>

+                <documentation>

+                Document identifier: cs-sstc-schema-assertion-01

+                Location: http://www.oasis-open.org/committees/security/docs/

+                </documentation>

+        </annotation>

+        <simpleType name="IDType">

+                <restriction base="string"/>

+        </simpleType>

+        <simpleType name="IDReferenceType">

+                <restriction base="string"/>

+        </simpleType>

+        <simpleType name="DecisionType">

+                <restriction base="string">

+                        <enumeration value="Permit"/>

+                        <enumeration value="Deny"/>

+                        <enumeration value="Indeterminate"/>

+                </restriction>

+        </simpleType>

+        <element name="AssertionIDReference" type="saml:IDReferenceType"/>

+        <element name="Assertion" type="saml:AssertionType"/>

+        <complexType name="AssertionType">

+                <sequence>

+                        <element ref="saml:Conditions" minOccurs="0"/>

+                        <element ref="saml:Advice" minOccurs="0"/>

+                        <choice maxOccurs="unbounded">

+                                <element ref="saml:Statement"/>

+                                <element ref="saml:SubjectStatement"/>

+                                <element ref="saml:AuthenticationStatement"/>

+                                <element ref="saml:AuthorizationDecisionStatement"/>

+                                <element ref="saml:AttributeStatement"/>

+                        </choice>

+                        <element ref="ds:Signature" minOccurs="0"/>

+                </sequence>

+                <attribute name="MajorVersion" type="integer" use="required"/>

+                <attribute name="MinorVersion" type="integer" use="required"/>

+                <attribute name="AssertionID" type="saml:IDType" use="required"/>

+                <attribute name="Issuer" type="string" use="required"/>

+                <attribute name="IssueInstant" type="dateTime" use="required"/>

+        </complexType>

+        <element name="Conditions" type="saml:ConditionsType"/>

+        <complexType name="ConditionsType">

+                <choice minOccurs="0" maxOccurs="unbounded">

+                        <element ref="saml:AudienceRestrictionCondition"/>

+                        <element ref="saml:Condition"/>

+                </choice>

+                <attribute name="NotBefore" type="dateTime" use="optional"/>

+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>

+        </complexType>

+        <element name="Condition" type="saml:ConditionAbstractType"/>

+        <complexType name="ConditionAbstractType" abstract="true"/>

+        <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>

+        <complexType name="AudienceRestrictionConditionType">

+                <complexContent>

+                        <extension base="saml:ConditionAbstractType">

+                                <sequence>

+                                        <element ref="saml:Audience" maxOccurs="unbounded"/>

+                                </sequence>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="Audience" type="anyURI"/>

+        <element name="Advice" type="saml:AdviceType"/>

+        <complexType name="AdviceType">

+                <choice minOccurs="0" maxOccurs="unbounded">

+                        <element ref="saml:AssertionIDReference"/>

+                        <element ref="saml:Assertion"/>

+                        <any namespace="##other" processContents="lax"/>

+                </choice>

+        </complexType>

+        <element name="Statement" type="saml:StatementAbstractType"/>

+        <complexType name="StatementAbstractType" abstract="true"/>

+        <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>

+        <complexType name="SubjectStatementAbstractType" abstract="true">

+                <complexContent>

+                        <extension base="saml:StatementAbstractType">

+                                <sequence>

+                                        <element ref="saml:Subject"/>

+                                </sequence>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="Subject" type="saml:SubjectType"/>

+        <complexType name="SubjectType">

+                <choice>

+                        <sequence>

+                                <element ref="saml:NameIdentifier"/>

+                                <element ref="saml:SubjectConfirmation" minOccurs="0"/>

+                        </sequence>

+                        <element ref="saml:SubjectConfirmation"/>

+                </choice>

+        </complexType>

+        <element name="NameIdentifier" type="saml:NameIdentifierType"/>

+        <complexType name="NameIdentifierType">

+                <simpleContent>

+                        <extension base="string">

+                                <attribute name="NameQualifier" type="string" use="optional"/>

+                                <attribute name="Format" type="anyURI" use="optional"/>

+                        </extension>

+                </simpleContent>

+        </complexType>

+        <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>

+        <complexType name="SubjectConfirmationType">

+                <sequence>

+                        <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>

+                        <element ref="saml:SubjectConfirmationData" minOccurs="0"/>

+                        <element ref="ds:KeyInfo" minOccurs="0"/>

+                </sequence>

+        </complexType>

+        <element name="SubjectConfirmationData" type="anyType"/>

+        <element name="ConfirmationMethod" type="anyURI"/>

+        <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>

+        <complexType name="AuthenticationStatementType">

+                <complexContent>

+                        <extension base="saml:SubjectStatementAbstractType">

+                                <sequence>

+                                        <element ref="saml:SubjectLocality" minOccurs="0"/>

+                                        <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>

+                                </sequence>

+                                <attribute name="AuthenticationMethod" type="anyURI" use="required"/>

+                                <attribute name="AuthenticationInstant" type="dateTime" use="required"/>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="SubjectLocality" type="saml:SubjectLocalityType"/>

+        <complexType name="SubjectLocalityType">

+                <attribute name="IPAddress" type="string" use="optional"/>

+                <attribute name="DNSAddress" type="string" use="optional"/>

+        </complexType>

+        <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>

+        <complexType name="AuthorityBindingType">

+                <attribute name="AuthorityKind" type="QName" use="required"/>

+                <attribute name="Location" type="anyURI" use="required"/>

+                <attribute name="Binding" type="anyURI" use="required"/>

+        </complexType>

+        <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>

+        <complexType name="AuthorizationDecisionStatementType">

+                <complexContent>

+                        <extension base="saml:SubjectStatementAbstractType">

+                                <sequence>

+                                        <element ref="saml:Action" maxOccurs="unbounded"/>

+                                        <element ref="saml:Evidence" minOccurs="0"/>

+                                </sequence>

+                                <attribute name="Resource" type="anyURI" use="required"/>

+                                <attribute name="Decision" type="saml:DecisionType" use="required"/>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="Action" type="saml:ActionType"/>

+        <complexType name="ActionType">

+                <simpleContent>

+                        <extension base="string">

+                                <attribute name="Namespace" type="anyURI"/>

+                        </extension>

+                </simpleContent>

+        </complexType>

+        <element name="Evidence" type="saml:EvidenceType"/>

+        <complexType name="EvidenceType">

+                <choice maxOccurs="unbounded">

+                        <element ref="saml:AssertionIDReference"/>

+                        <element ref="saml:Assertion"/>

+                </choice>

+        </complexType>

+        <element name="AttributeStatement" type="saml:AttributeStatementType"/>

+        <complexType name="AttributeStatementType">

+                <complexContent>

+                        <extension base="saml:SubjectStatementAbstractType">

+                                <sequence>

+                                        <element ref="saml:Attribute" maxOccurs="unbounded"/>

+                                </sequence>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>

+        <complexType name="AttributeDesignatorType">

+                <attribute name="AttributeName" type="string" use="required"/>

+                <attribute name="AttributeNamespace" type="anyURI" use="required"/>

+        </complexType>

+        <element name="Attribute" type="saml:AttributeType"/>

+        <complexType name="AttributeType">

+                <complexContent>

+                        <extension base="saml:AttributeDesignatorType">

+                                <sequence>

+                                        <element ref="saml:AttributeValue" maxOccurs="unbounded"/>

+                                </sequence>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="AttributeValue" type="anyType"/>

+</schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/cs-sstc-schema-protocol-01.xsd b/moaSig/common/src/main/resources/resources/schemas/cs-sstc-schema-protocol-01.xsd
new file mode 100644
index 0000000..ecad05b
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/cs-sstc-schema-protocol-01.xsd
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XML Spy v4.2 U (http://www.xmlspy.com) by Phillip Hallam-Baker (Phillip Hallam-Baker) -->

+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">

+        <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-01.xsd"/>

+        <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+        <annotation>

+                <documentation>

+                Document identifier: cs-sstc-schema-protocol-01

+                Location: http://www.oasis-open.org/committees/security/docs/

+                </documentation>

+        </annotation>

+        <complexType name="RequestAbstractType" abstract="true">

+                <sequence>

+                        <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>

+                        <element ref="ds:Signature" minOccurs="0"/>

+                </sequence>

+                <attribute name="RequestID" type="saml:IDType" use="required"/>

+                <attribute name="MajorVersion" type="integer" use="required"/>

+                <attribute name="MinorVersion" type="integer" use="required"/>

+                <attribute name="IssueInstant" type="dateTime" use="required"/>

+        </complexType>

+        <element name="RespondWith" type="QName"/>

+        <element name="Request" type="samlp:RequestType"/>

+        <complexType name="RequestType">

+                <complexContent>

+                        <extension base="samlp:RequestAbstractType">

+                                <choice>

+                                        <element ref="samlp:Query"/>

+                                        <element ref="samlp:SubjectQuery"/>

+                                        <element ref="samlp:AuthenticationQuery"/>

+                                        <element ref="samlp:AttributeQuery"/>

+                                        <element ref="samlp:AuthorizationDecisionQuery"/>

+                                        <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>

+                                        <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>

+                                </choice>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="AssertionArtifact" type="string"/>

+        <element name="Query" type="samlp:QueryAbstractType"/>

+        <complexType name="QueryAbstractType" abstract="true"/>

+        <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>

+        <complexType name="SubjectQueryAbstractType" abstract="true">

+                <complexContent>

+                        <extension base="samlp:QueryAbstractType">

+                                <sequence>

+                                        <element ref="saml:Subject"/>

+                                </sequence>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>

+        <complexType name="AuthenticationQueryType">

+                <complexContent>

+                        <extension base="samlp:SubjectQueryAbstractType">

+                                <attribute name="AuthenticationMethod" type="anyURI"/>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="AttributeQuery" type="samlp:AttributeQueryType"/>

+        <complexType name="AttributeQueryType">

+                <complexContent>

+                        <extension base="samlp:SubjectQueryAbstractType">

+                                <sequence>

+                                        <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>

+                                </sequence>

+                                <attribute name="Resource" type="anyURI" use="optional"/>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>

+        <complexType name="AuthorizationDecisionQueryType">

+                <complexContent>

+                        <extension base="samlp:SubjectQueryAbstractType">

+                                <sequence>

+                                        <element ref="saml:Action" maxOccurs="unbounded"/>

+                                        <element ref="saml:Evidence" minOccurs="0" maxOccurs="1"/>

+                                </sequence>

+                                <attribute name="Resource" type="anyURI" use="required"/>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <complexType name="ResponseAbstractType" abstract="true">

+                <sequence>

+                        <element ref="ds:Signature" minOccurs="0"/>

+                </sequence>

+                <attribute name="ResponseID" type="saml:IDType" use="required"/>

+                <attribute name="InResponseTo" type="saml:IDReferenceType" use="optional"/>

+                <attribute name="MajorVersion" type="integer" use="required"/>

+                <attribute name="MinorVersion" type="integer" use="required"/>

+                <attribute name="IssueInstant" type="dateTime" use="required"/>

+                <attribute name="Recipient" type="anyURI" use="optional"/>

+        </complexType>

+        <element name="Response" type="samlp:ResponseType"/>

+        <complexType name="ResponseType">

+                <complexContent>

+                        <extension base="samlp:ResponseAbstractType">

+                                <sequence>

+                                        <element ref="samlp:Status"/>

+                                        <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>

+                                </sequence>

+                        </extension>

+                </complexContent>

+        </complexType>

+        <element name="Status" type="samlp:StatusType"/>

+        <complexType name="StatusType">

+                <sequence>

+                        <element ref="samlp:StatusCode"/>

+                        <element ref="samlp:StatusMessage" minOccurs="0" maxOccurs="1"/>

+                        <element ref="samlp:StatusDetail" minOccurs="0"/>

+                </sequence>

+        </complexType>

+        <element name="StatusCode" type="samlp:StatusCodeType"/>

+        <complexType name="StatusCodeType">

+                <sequence>

+                        <element ref="samlp:StatusCode" minOccurs="0"/>

+                </sequence>

+                <attribute name="Value" type="QName" use="required"/>

+        </complexType>

+        <element name="StatusMessage" type="string"/>

+        <element name="StatusDetail" type="samlp:StatusDetailType"/>

+        <complexType name="StatusDetailType">

+                <sequence>

+                        <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+        </complexType>

+</schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/datatypes.dtd b/moaSig/common/src/main/resources/resources/schemas/datatypes.dtd
new file mode 100644
index 0000000..8e48553
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/datatypes.dtd
@@ -0,0 +1,203 @@
+<!--
+        DTD for XML Schemas: Part 2: Datatypes
+        $Id: datatypes.dtd,v 1.23 2001/03/16 17:36:30 ht Exp $
+        Note this DTD is NOT normative, or even definitive. - - the
+        prose copy in the datatypes REC is the definitive version
+        (which shouldn't differ from this one except for this comment
+        and entity expansions, but just in case)
+  -->
+
+<!--
+        This DTD cannot be used on its own, it is intended
+        only for incorporation in XMLSchema.dtd, q.v.
+  -->
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % simpleType "%p;simpleType">
+<!ENTITY % restriction "%p;restriction">
+<!ENTITY % list "%p;list">
+<!ENTITY % union "%p;union">
+<!ENTITY % maxExclusive "%p;maxExclusive">
+<!ENTITY % minExclusive "%p;minExclusive">
+<!ENTITY % maxInclusive "%p;maxInclusive">
+<!ENTITY % minInclusive "%p;minInclusive">
+<!ENTITY % totalDigits "%p;totalDigits">
+<!ENTITY % fractionDigits "%p;fractionDigits">
+<!ENTITY % length "%p;length">
+<!ENTITY % minLength "%p;minLength">
+<!ENTITY % maxLength "%p;maxLength">
+<!ENTITY % enumeration "%p;enumeration">
+<!ENTITY % whiteSpace "%p;whiteSpace">
+<!ENTITY % pattern "%p;pattern">
+
+<!--
+        Customisation entities for the ATTLIST of each element
+        type. Define one of these if your schema takes advantage
+        of the anyAttribute='##other' in the schema for schemas
+  -->
+
+<!ENTITY % simpleTypeAttrs "">
+<!ENTITY % restrictionAttrs "">
+<!ENTITY % listAttrs "">
+<!ENTITY % unionAttrs "">
+<!ENTITY % maxExclusiveAttrs "">
+<!ENTITY % minExclusiveAttrs "">
+<!ENTITY % maxInclusiveAttrs "">
+<!ENTITY % minInclusiveAttrs "">
+<!ENTITY % totalDigitsAttrs "">
+<!ENTITY % fractionDigitsAttrs "">
+<!ENTITY % lengthAttrs "">
+<!ENTITY % minLengthAttrs "">
+<!ENTITY % maxLengthAttrs "">
+<!ENTITY % enumerationAttrs "">
+<!ENTITY % whiteSpaceAttrs "">
+<!ENTITY % patternAttrs "">
+
+<!-- Define some entities for informative use as attribute
+        types -->
+<!ENTITY % URIref "CDATA">
+<!ENTITY % XPathExpr "CDATA">
+<!ENTITY % QName "NMTOKEN">
+<!ENTITY % QNames "NMTOKENS">
+<!ENTITY % NCName "NMTOKEN">
+<!ENTITY % nonNegativeInteger "NMTOKEN">
+<!ENTITY % boolean "(true|false)">
+<!ENTITY % simpleDerivationSet "CDATA">
+<!--
+        #all or space-separated list drawn from derivationChoice
+  -->
+
+<!--
+        Note that the use of 'facet' below is less restrictive
+        than is really intended:  There should in fact be no
+        more than one of each of minInclusive, minExclusive,
+        maxInclusive, maxExclusive, totalDigits, fractionDigits,
+        length, maxLength, minLength within datatype,
+        and the min- and max- variants of Inclusive and Exclusive
+        are mutually exclusive. On the other hand,  pattern and
+        enumeration may repeat.
+  -->
+<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
+<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
+<!ENTITY % bounds "%minBound; | %maxBound;">
+<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
+<!ENTITY % ordered "%bounds; | %numeric;">
+<!ENTITY % unordered
+   "%pattern; | %enumeration; | %whiteSpace; | %length; |
+   %maxLength; | %minLength;">
+<!ENTITY % facet "%ordered; | %unordered;">
+<!ENTITY % facetAttr 
+        "value CDATA #REQUIRED
+        id ID #IMPLIED">
+<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
+<!ENTITY % facetModel "(%annotation;)?">
+<!ELEMENT %simpleType;
+        ((%annotation;)?, (%restriction; | %list; | %union;))>
+<!ATTLIST %simpleType;
+    name      %NCName; #IMPLIED
+    final     %simpleDerivationSet; #IMPLIED
+    id        ID       #IMPLIED
+    %simpleTypeAttrs;>
+<!-- name is required at top level -->
+<!ELEMENT %restriction; ((%annotation;)?,
+                         (%restriction1; |
+                          ((%simpleType;)?,(%facet;)*)),
+                         (%attrDecls;))>
+<!ATTLIST %restriction;
+    base      %QName;                  #IMPLIED
+    id        ID       #IMPLIED
+    %restrictionAttrs;>
+<!--
+        base and simpleType child are mutually exclusive,
+        one is required.
+
+        restriction is shared between simpleType and
+        simpleContent and complexContent (in XMLSchema.xsd).
+        restriction1 is for the latter cases, when this
+        is restricting a complex type, as is attrDecls.
+  -->
+<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
+<!ATTLIST %list;
+    itemType      %QName;             #IMPLIED
+    id        ID       #IMPLIED
+    %listAttrs;>
+<!--
+        itemType and simpleType child are mutually exclusive,
+        one is required
+  -->
+<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
+<!ATTLIST %union;
+    id            ID       #IMPLIED
+    memberTypes   %QNames;            #IMPLIED
+    %unionAttrs;>
+<!--
+        At least one item in memberTypes or one simpleType
+        child is required
+  -->
+
+<!ELEMENT %maxExclusive; %facetModel;>
+<!ATTLIST %maxExclusive;
+        %facetAttr;
+        %fixedAttr;
+        %maxExclusiveAttrs;>
+<!ELEMENT %minExclusive; %facetModel;>
+<!ATTLIST %minExclusive;
+        %facetAttr;
+        %fixedAttr;
+        %minExclusiveAttrs;>
+
+<!ELEMENT %maxInclusive; %facetModel;>
+<!ATTLIST %maxInclusive;
+        %facetAttr;
+        %fixedAttr;
+        %maxInclusiveAttrs;>
+<!ELEMENT %minInclusive; %facetModel;>
+<!ATTLIST %minInclusive;
+        %facetAttr;
+        %fixedAttr;
+        %minInclusiveAttrs;>
+
+<!ELEMENT %totalDigits; %facetModel;>
+<!ATTLIST %totalDigits;
+        %facetAttr;
+        %fixedAttr;
+        %totalDigitsAttrs;>
+<!ELEMENT %fractionDigits; %facetModel;>
+<!ATTLIST %fractionDigits;
+        %facetAttr;
+        %fixedAttr;
+        %fractionDigitsAttrs;>
+
+<!ELEMENT %length; %facetModel;>
+<!ATTLIST %length;
+        %facetAttr;
+        %fixedAttr;
+        %lengthAttrs;>
+<!ELEMENT %minLength; %facetModel;>
+<!ATTLIST %minLength;
+        %facetAttr;
+        %fixedAttr;
+        %minLengthAttrs;>
+<!ELEMENT %maxLength; %facetModel;>
+<!ATTLIST %maxLength;
+        %facetAttr;
+        %fixedAttr;
+        %maxLengthAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %enumeration; %facetModel;>
+<!ATTLIST %enumeration;
+        %facetAttr;
+        %enumerationAttrs;>
+
+<!ELEMENT %whiteSpace; %facetModel;>
+<!ATTLIST %whiteSpace;
+        %facetAttr;
+        %fixedAttr;
+        %whiteSpaceAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %pattern; %facetModel;>
+<!ATTLIST %pattern;
+        %facetAttr;
+        %patternAttrs;>
diff --git a/moaSig/common/src/main/resources/resources/schemas/exclusive-canonicalization.xsd b/moaSig/common/src/main/resources/resources/schemas/exclusive-canonicalization.xsd
new file mode 100644
index 0000000..d4a2d82
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/exclusive-canonicalization.xsd
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>

+<!-- commented out for compatibility with Xerces 2.0.2

+<!DOCTYPE schema

+  PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"

+  [

+   <!ATTLIST schema 

+     xmlns:ec CDATA #FIXED 'http://www.w3.org/2001/10/xml-exc-c14n#'>

+   <!ENTITY ec 'http://www.w3.org/2001/10/xml-exc-c14n#'> 

+   <!ENTITY % p ''>

+   <!ENTITY % s ''>

+  ]>

+-->

+<schema xmlns="http://www.w3.org/2001/XMLSchema"

+        xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"

+        targetNamespace="http://www.w3.org/2001/10/xml-exc-c14n#"

+        version="0.1" elementFormDefault="qualified">

+  <element name="InclusiveNamespaces"

+           type="ec:InclusiveNamespaces"/>

+  <complexType name="InclusiveNamespaces">

+     <attribute name="PrefixList" type="string"/>

+  </complexType>

+</schema>
\ No newline at end of file
diff --git a/moaSig/common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd b/moaSig/common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd
new file mode 100644
index 0000000..91706a8
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd
@@ -0,0 +1,290 @@
+<?xml version="1.0" encoding="US-ASCII"?>

+<schema

+    targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"

+    xmlns="http://www.w3.org/2001/XMLSchema"

+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"

+    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"

+    elementFormDefault="unqualified"

+    attributeFormDefault="unqualified"

+    blockDefault="substitution"

+    version="2.0">

+    <!-- 

+    <import namespace="http://www.w3.org/2000/09/xmldsig#"

+        schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>

+    <import namespace="http://www.w3.org/2001/04/xmlenc#"

+        schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>

+    -->

+    <import namespace="http://www.w3.org/2000/09/xmldsig#"

+        schemaLocation="xmldsig-core-schema.xsd"/>

+    <import namespace="http://www.w3.org/2001/04/xmlenc#"

+        schemaLocation="xenc-schema.xsd"/>

+    

+    <annotation>

+        <documentation>

+            Document identifier: saml-schema-assertion-2.0

+            Location: http://docs.oasis-open.org/security/saml/v2.0/

+            Revision history:

+            V1.0 (November, 2002):

+              Initial Standard Schema.

+            V1.1 (September, 2003):

+              Updates within the same V1.0 namespace.

+            V2.0 (March, 2005):

+              New assertion schema for SAML V2.0 namespace.

+        </documentation>

+    </annotation>

+    <attributeGroup name="IDNameQualifiers">

+        <attribute name="NameQualifier" type="string" use="optional"/>

+        <attribute name="SPNameQualifier" type="string" use="optional"/>

+    </attributeGroup>

+    <element name="BaseID" type="saml:BaseIDAbstractType"/>

+    <complexType name="BaseIDAbstractType" abstract="true">

+        <attributeGroup ref="saml:IDNameQualifiers"/>

+    </complexType>

+    <element name="NameID" type="saml:NameIDType"/>

+    <complexType name="NameIDType">

+        <simpleContent>

+            <extension base="string">

+                <attributeGroup ref="saml:IDNameQualifiers"/>

+                <attribute name="Format" type="anyURI" use="optional"/>

+                <attribute name="SPProvidedID" type="string" use="optional"/>

+            </extension>

+        </simpleContent>

+    </complexType>

+    <complexType name="EncryptedElementType">

+        <sequence>

+            <element ref="xenc:EncryptedData"/>

+            <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+    </complexType>

+    <element name="EncryptedID" type="saml:EncryptedElementType"/>

+    <element name="Issuer" type="saml:NameIDType"/>

+    <element name="AssertionIDRef" type="NCName"/>

+    <element name="AssertionURIRef" type="anyURI"/>

+    <element name="Assertion" type="saml:AssertionType"/>

+    <complexType name="AssertionType">

+        <sequence>

+            <element ref="saml:Issuer"/>

+            <element ref="ds:Signature" minOccurs="0"/>

+            <element ref="saml:Subject" minOccurs="0"/>

+            <element ref="saml:Conditions" minOccurs="0"/>

+            <element ref="saml:Advice" minOccurs="0"/>

+            <choice minOccurs="0" maxOccurs="unbounded">

+                <element ref="saml:Statement"/>

+                <element ref="saml:AuthnStatement"/>

+                <element ref="saml:AuthzDecisionStatement"/>

+                <element ref="saml:AttributeStatement"/>

+            </choice>

+        </sequence>

+        <attribute name="Version" type="string" use="required"/>

+        <attribute name="ID" type="ID" use="required"/>

+        <attribute name="IssueInstant" type="dateTime" use="required"/>

+    </complexType>

+    <element name="Subject" type="saml:SubjectType"/>

+    <complexType name="SubjectType">

+        <choice>

+            <sequence>

+                <choice>

+                    <element ref="saml:BaseID"/>

+                    <element ref="saml:NameID"/>

+                    <element ref="saml:EncryptedID"/>

+                </choice>

+                <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>

+            </sequence>

+            <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>

+        </choice>

+    </complexType>

+    <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>

+    <complexType name="SubjectConfirmationType">

+        <sequence>

+            <choice minOccurs="0">

+                <element ref="saml:BaseID"/>

+                <element ref="saml:NameID"/>

+                <element ref="saml:EncryptedID"/>

+            </choice>

+            <element ref="saml:SubjectConfirmationData" minOccurs="0"/>

+        </sequence>

+        <attribute name="Method" type="anyURI" use="required"/>

+    </complexType>

+    <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>

+    <complexType name="SubjectConfirmationDataType" mixed="true">

+        <complexContent>

+            <restriction base="anyType">

+                <sequence>

+                    <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+                <attribute name="NotBefore" type="dateTime" use="optional"/>

+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>

+                <attribute name="Recipient" type="anyURI" use="optional"/>

+                <attribute name="InResponseTo" type="NCName" use="optional"/>

+                <attribute name="Address" type="string" use="optional"/>

+                <anyAttribute namespace="##other" processContents="lax"/>

+            </restriction>

+        </complexContent>

+    </complexType>

+    <complexType name="KeyInfoConfirmationDataType" mixed="false">

+        <complexContent>

+            <restriction base="saml:SubjectConfirmationDataType">

+                <sequence>

+                    <element ref="ds:KeyInfo" maxOccurs="unbounded"/>

+                </sequence>

+            </restriction>

+        </complexContent>

+    </complexType>

+    <element name="Conditions" type="saml:ConditionsType"/>

+    <complexType name="ConditionsType">

+        <choice minOccurs="0" maxOccurs="unbounded">

+            <element ref="saml:Condition"/>

+            <element ref="saml:AudienceRestriction"/>

+            <element ref="saml:OneTimeUse"/>

+            <element ref="saml:ProxyRestriction"/>

+        </choice>

+        <attribute name="NotBefore" type="dateTime" use="optional"/>

+        <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>

+    </complexType>

+    <element name="Condition" type="saml:ConditionAbstractType"/>

+    <complexType name="ConditionAbstractType" abstract="true"/>

+    <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>

+    <complexType name="AudienceRestrictionType">

+        <complexContent>

+            <extension base="saml:ConditionAbstractType">

+                <sequence>

+                    <element ref="saml:Audience" maxOccurs="unbounded"/>

+                </sequence>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="Audience" type="anyURI"/>

+    <element name="OneTimeUse" type="saml:OneTimeUseType" />

+    <complexType name="OneTimeUseType">

+        <complexContent>

+            <extension base="saml:ConditionAbstractType"/>

+        </complexContent>

+    </complexType>

+    <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>

+    <complexType name="ProxyRestrictionType">

+    <complexContent>

+        <extension base="saml:ConditionAbstractType">

+            <sequence>

+                <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>

+            </sequence>

+            <attribute name="Count" type="nonNegativeInteger" use="optional"/>

+        </extension>

+	</complexContent>

+    </complexType>

+    <element name="Advice" type="saml:AdviceType"/>

+    <complexType name="AdviceType">

+        <choice minOccurs="0" maxOccurs="unbounded">

+            <element ref="saml:AssertionIDRef"/>

+            <element ref="saml:AssertionURIRef"/>

+            <element ref="saml:Assertion"/>

+            <element ref="saml:EncryptedAssertion"/>

+            <any namespace="##other" processContents="lax"/>

+        </choice>

+    </complexType>

+    <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>

+    <element name="Statement" type="saml:StatementAbstractType"/>

+    <complexType name="StatementAbstractType" abstract="true"/>

+    <element name="AuthnStatement" type="saml:AuthnStatementType"/>

+    <complexType name="AuthnStatementType">

+        <complexContent>

+            <extension base="saml:StatementAbstractType">

+                <sequence>

+                    <element ref="saml:SubjectLocality" minOccurs="0"/>

+                    <element ref="saml:AuthnContext"/>

+                </sequence>

+                <attribute name="AuthnInstant" type="dateTime" use="required"/>

+                <attribute name="SessionIndex" type="string" use="optional"/>

+                <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="SubjectLocality" type="saml:SubjectLocalityType"/>

+    <complexType name="SubjectLocalityType">

+        <attribute name="Address" type="string" use="optional"/>

+        <attribute name="DNSName" type="string" use="optional"/>

+    </complexType>

+    <element name="AuthnContext" type="saml:AuthnContextType"/>

+    <complexType name="AuthnContextType">

+        <sequence>

+            <choice>

+                <sequence>

+                    <element ref="saml:AuthnContextClassRef"/>

+                    <choice minOccurs="0">

+                        <element ref="saml:AuthnContextDecl"/>

+                        <element ref="saml:AuthnContextDeclRef"/>

+                    </choice>

+                </sequence>

+                <choice>

+                    <element ref="saml:AuthnContextDecl"/>

+                    <element ref="saml:AuthnContextDeclRef"/>

+                </choice>

+            </choice>

+            <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+    </complexType>

+    <element name="AuthnContextClassRef" type="anyURI"/>

+    <element name="AuthnContextDeclRef" type="anyURI"/>

+    <element name="AuthnContextDecl" type="anyType"/>

+    <element name="AuthenticatingAuthority" type="anyURI"/>

+    <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>

+    <complexType name="AuthzDecisionStatementType">

+        <complexContent>

+            <extension base="saml:StatementAbstractType">

+                <sequence>

+                    <element ref="saml:Action" maxOccurs="unbounded"/>

+                    <element ref="saml:Evidence" minOccurs="0"/>

+                </sequence>

+                <attribute name="Resource" type="anyURI" use="required"/>

+                <attribute name="Decision" type="saml:DecisionType" use="required"/>

+            </extension>

+        </complexContent>

+    </complexType>

+    <simpleType name="DecisionType">

+        <restriction base="string">

+            <enumeration value="Permit"/>

+            <enumeration value="Deny"/>

+            <enumeration value="Indeterminate"/>

+        </restriction>

+    </simpleType>

+    <element name="Action" type="saml:ActionType"/>

+    <complexType name="ActionType">

+        <simpleContent>

+            <extension base="string">

+                <attribute name="Namespace" type="anyURI" use="required"/>

+            </extension>

+        </simpleContent>

+    </complexType>

+    <element name="Evidence" type="saml:EvidenceType"/>

+    <complexType name="EvidenceType">

+        <choice maxOccurs="unbounded">

+            <element ref="saml:AssertionIDRef"/>

+            <element ref="saml:AssertionURIRef"/>

+            <element ref="saml:Assertion"/>

+            <element ref="saml:EncryptedAssertion"/>

+        </choice>

+    </complexType>

+    <element name="AttributeStatement" type="saml:AttributeStatementType"/>

+    <complexType name="AttributeStatementType">

+        <complexContent>

+            <extension base="saml:StatementAbstractType">

+                <choice maxOccurs="unbounded">

+                    <element ref="saml:Attribute"/>

+                    <element ref="saml:EncryptedAttribute"/>

+                </choice>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="Attribute" type="saml:AttributeType"/>

+    <complexType name="AttributeType">

+        <sequence>

+            <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+        <attribute name="Name" type="string" use="required"/>

+        <attribute name="NameFormat" type="anyURI" use="optional"/>

+        <attribute name="FriendlyName" type="string" use="optional"/>

+        <anyAttribute namespace="##other" processContents="lax"/>

+    </complexType>

+    <element name="AttributeValue" type="anyType" nillable="true"/>

+    <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>

+</schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd b/moaSig/common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd
new file mode 100644
index 0000000..0d158c0
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd
@@ -0,0 +1,337 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<schema

+    targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"

+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"

+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"

+    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"

+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

+    xmlns="http://www.w3.org/2001/XMLSchema"

+    elementFormDefault="unqualified"

+    attributeFormDefault="unqualified"

+    blockDefault="substitution"

+    version="2.0">

+    <import namespace="http://www.w3.org/2000/09/xmldsig#"

+        schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>

+    <import namespace="http://www.w3.org/2001/04/xmlenc#"

+        schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>

+    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"

+        schemaLocation="saml-schema-assertion-2.0.xsd"/>

+    <import namespace="http://www.w3.org/XML/1998/namespace"

+        schemaLocation="http://www.w3.org/2001/xml.xsd"/>

+    <annotation>

+        <documentation>

+            Document identifier: saml-schema-metadata-2.0

+            Location: http://docs.oasis-open.org/security/saml/v2.0/

+            Revision history:

+              V2.0 (March, 2005):

+                Schema for SAML metadata, first published in SAML 2.0.

+        </documentation>

+    </annotation>

+

+    <simpleType name="entityIDType">

+        <restriction base="anyURI">

+            <maxLength value="1024"/>

+        </restriction>

+    </simpleType>

+    <complexType name="localizedNameType">

+        <simpleContent>

+            <extension base="string">

+                <attribute ref="xml:lang" use="required"/>

+            </extension>

+        </simpleContent>

+    </complexType>

+    <complexType name="localizedURIType">

+        <simpleContent>

+            <extension base="anyURI">

+                <attribute ref="xml:lang" use="required"/>

+            </extension>

+        </simpleContent>

+    </complexType>

+    

+    <element name="Extensions" type="md:ExtensionsType"/>

+    <complexType final="#all" name="ExtensionsType">

+        <sequence>

+            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>

+        </sequence>

+    </complexType>

+    

+    <complexType name="EndpointType">

+        <sequence>

+            <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+        <attribute name="Binding" type="anyURI" use="required"/>

+        <attribute name="Location" type="anyURI" use="required"/>

+        <attribute name="ResponseLocation" type="anyURI" use="optional"/>

+        <anyAttribute namespace="##other" processContents="lax"/>

+    </complexType>

+    

+    <complexType name="IndexedEndpointType">

+        <complexContent>

+            <extension base="md:EndpointType">

+                <attribute name="index" type="unsignedShort" use="required"/>

+                <attribute name="isDefault" type="boolean" use="optional"/>

+            </extension>

+        </complexContent>

+    </complexType>

+    

+    <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>

+    <complexType name="EntitiesDescriptorType">

+        <sequence>

+            <element ref="ds:Signature" minOccurs="0"/>

+            <element ref="md:Extensions" minOccurs="0"/>

+            <choice minOccurs="1" maxOccurs="unbounded">

+                <element ref="md:EntityDescriptor"/>

+                <element ref="md:EntitiesDescriptor"/>

+            </choice>

+        </sequence>

+        <attribute name="validUntil" type="dateTime" use="optional"/>

+        <attribute name="cacheDuration" type="duration" use="optional"/>

+        <attribute name="ID" type="ID" use="optional"/>

+        <attribute name="Name" type="string" use="optional"/>

+    </complexType>

+

+    <element name="EntityDescriptor" type="md:EntityDescriptorType"/>

+    <complexType name="EntityDescriptorType">

+        <sequence>

+            <element ref="ds:Signature" minOccurs="0"/>

+            <element ref="md:Extensions" minOccurs="0"/>

+            <choice>

+                <choice maxOccurs="unbounded">

+                    <element ref="md:RoleDescriptor"/>

+                    <element ref="md:IDPSSODescriptor"/>

+                    <element ref="md:SPSSODescriptor"/>

+                    <element ref="md:AuthnAuthorityDescriptor"/>

+                    <element ref="md:AttributeAuthorityDescriptor"/>

+                    <element ref="md:PDPDescriptor"/>

+                </choice>

+                <element ref="md:AffiliationDescriptor"/>

+            </choice>

+            <element ref="md:Organization" minOccurs="0"/>

+            <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>

+            <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+        <attribute name="entityID" type="md:entityIDType" use="required"/>

+        <attribute name="validUntil" type="dateTime" use="optional"/>

+        <attribute name="cacheDuration" type="duration" use="optional"/>

+        <attribute name="ID" type="ID" use="optional"/>

+        <anyAttribute namespace="##other" processContents="lax"/>

+    </complexType>

+    

+    <element name="Organization" type="md:OrganizationType"/>

+    <complexType name="OrganizationType">

+        <sequence>

+            <element ref="md:Extensions" minOccurs="0"/>

+            <element ref="md:OrganizationName" maxOccurs="unbounded"/>

+            <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>

+            <element ref="md:OrganizationURL" maxOccurs="unbounded"/>

+        </sequence>

+        <anyAttribute namespace="##other" processContents="lax"/>

+    </complexType>

+    <element name="OrganizationName" type="md:localizedNameType"/>

+    <element name="OrganizationDisplayName" type="md:localizedNameType"/>

+    <element name="OrganizationURL" type="md:localizedURIType"/>

+    <element name="ContactPerson" type="md:ContactType"/>

+    <complexType name="ContactType">

+        <sequence>

+            <element ref="md:Extensions" minOccurs="0"/>

+            <element ref="md:Company" minOccurs="0"/>

+            <element ref="md:GivenName" minOccurs="0"/>

+            <element ref="md:SurName" minOccurs="0"/>

+            <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>

+            <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+        <attribute name="contactType" type="md:ContactTypeType" use="required"/>

+        <anyAttribute namespace="##other" processContents="lax"/>

+    </complexType>

+    <element name="Company" type="string"/>

+    <element name="GivenName" type="string"/>

+    <element name="SurName" type="string"/>

+    <element name="EmailAddress" type="anyURI"/>

+    <element name="TelephoneNumber" type="string"/>

+    <simpleType name="ContactTypeType">

+        <restriction base="string">

+            <enumeration value="technical"/>

+            <enumeration value="support"/>

+            <enumeration value="administrative"/>

+            <enumeration value="billing"/>

+            <enumeration value="other"/>

+        </restriction>

+    </simpleType>

+

+    <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>

+    <complexType name="AdditionalMetadataLocationType">

+        <simpleContent>

+            <extension base="anyURI">

+                <attribute name="namespace" type="anyURI" use="required"/>

+            </extension>

+        </simpleContent>

+    </complexType>

+

+    <element name="RoleDescriptor" type="md:RoleDescriptorType"/>

+    <complexType name="RoleDescriptorType" abstract="true">

+        <sequence>

+            <element ref="ds:Signature" minOccurs="0"/>

+            <element ref="md:Extensions" minOccurs="0"/>

+            <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>

+            <element ref="md:Organization" minOccurs="0"/>

+            <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+        <attribute name="ID" type="ID" use="optional"/>

+        <attribute name="validUntil" type="dateTime" use="optional"/>

+        <attribute name="cacheDuration" type="duration" use="optional"/>

+        <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>

+        <attribute name="errorURL" type="anyURI" use="optional"/>

+        <anyAttribute namespace="##other" processContents="lax"/>

+    </complexType>

+    <simpleType name="anyURIListType">

+        <list itemType="anyURI"/>

+    </simpleType>

+

+    <element name="KeyDescriptor" type="md:KeyDescriptorType"/>

+    <complexType name="KeyDescriptorType">

+        <sequence>

+            <element ref="ds:KeyInfo"/>

+            <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+        <attribute name="use" type="md:KeyTypes" use="optional"/>

+    </complexType>

+    <simpleType name="KeyTypes">

+        <restriction base="string">

+            <enumeration value="encryption"/>

+            <enumeration value="signing"/>

+        </restriction>

+    </simpleType>

+    <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>

+    

+    <complexType name="SSODescriptorType" abstract="true">

+        <complexContent>

+            <extension base="md:RoleDescriptorType">

+                <sequence>

+                    <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>

+    <element name="SingleLogoutService" type="md:EndpointType"/>

+    <element name="ManageNameIDService" type="md:EndpointType"/>

+    <element name="NameIDFormat" type="anyURI"/>

+

+    <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>

+    <complexType name="IDPSSODescriptorType">

+        <complexContent>

+            <extension base="md:SSODescriptorType">

+                <sequence>

+                    <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>

+                    <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+                <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="SingleSignOnService" type="md:EndpointType"/>

+    <element name="NameIDMappingService" type="md:EndpointType"/>

+    <element name="AssertionIDRequestService" type="md:EndpointType"/>

+    <element name="AttributeProfile" type="anyURI"/>

+    

+    <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>

+    <complexType name="SPSSODescriptorType">

+        <complexContent>

+            <extension base="md:SSODescriptorType">

+                <sequence>

+                    <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>

+                    <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+                <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>

+                <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>

+    <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>

+    <complexType name="AttributeConsumingServiceType">

+        <sequence>

+            <element ref="md:ServiceName" maxOccurs="unbounded"/>

+            <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>

+            <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>

+        </sequence>

+        <attribute name="index" type="unsignedShort" use="required"/>

+        <attribute name="isDefault" type="boolean" use="optional"/>

+    </complexType>

+    <element name="ServiceName" type="md:localizedNameType"/>

+    <element name="ServiceDescription" type="md:localizedNameType"/>

+    <element name="RequestedAttribute" type="md:RequestedAttributeType"/>

+    <complexType name="RequestedAttributeType">

+        <complexContent>

+            <extension base="saml:AttributeType">

+                <attribute name="isRequired" type="boolean" use="optional"/>

+            </extension>

+        </complexContent>

+    </complexType>

+  

+    <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>

+    <complexType name="AuthnAuthorityDescriptorType">

+        <complexContent>

+            <extension base="md:RoleDescriptorType">

+                <sequence>

+                    <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>

+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="AuthnQueryService" type="md:EndpointType"/>

+

+    <element name="PDPDescriptor" type="md:PDPDescriptorType"/>

+    <complexType name="PDPDescriptorType">

+        <complexContent>

+            <extension base="md:RoleDescriptorType">

+                <sequence>

+                    <element ref="md:AuthzService" maxOccurs="unbounded"/>

+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="AuthzService" type="md:EndpointType"/>

+

+    <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>

+    <complexType name="AttributeAuthorityDescriptorType">

+        <complexContent>

+            <extension base="md:RoleDescriptorType">

+                <sequence>

+                    <element ref="md:AttributeService" maxOccurs="unbounded"/>

+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>

+                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="AttributeService" type="md:EndpointType"/>

+   

+    <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>

+    <complexType name="AffiliationDescriptorType">

+        <sequence>

+            <element ref="ds:Signature" minOccurs="0"/>

+            <element ref="md:Extensions" minOccurs="0"/>

+            <element ref="md:AffiliateMember" maxOccurs="unbounded"/>

+            <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+        <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>

+        <attribute name="validUntil" type="dateTime" use="optional"/>

+        <attribute name="cacheDuration" type="duration" use="optional"/>

+        <attribute name="ID" type="ID" use="optional"/>

+        <anyAttribute namespace="##other" processContents="lax"/>

+    </complexType>

+    <element name="AffiliateMember" type="md:entityIDType"/>

+</schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd b/moaSig/common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd
new file mode 100644
index 0000000..7682410
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd
@@ -0,0 +1,306 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<schema

+    targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"

+    xmlns="http://www.w3.org/2001/XMLSchema"

+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"

+    elementFormDefault="unqualified"

+    attributeFormDefault="unqualified"

+    blockDefault="substitution"

+    version="2.0">

+    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"

+        schemaLocation="saml-schema-assertion-2.0.xsd"/>

+    <!-- 

+    <import namespace="http://www.w3.org/2000/09/xmldsig#"

+        schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>

+    -->

+    <import namespace="http://www.w3.org/2000/09/xmldsig#"

+        schemaLocation="xmldsig-core-schema.xsd"/>

+    <annotation>

+        <documentation>

+            Document identifier: saml-schema-protocol-2.0

+            Location: http://docs.oasis-open.org/security/saml/v2.0/

+            Revision history:

+            V1.0 (November, 2002):

+              Initial Standard Schema.

+            V1.1 (September, 2003):

+              Updates within the same V1.0 namespace.

+            V2.0 (March, 2005):

+              New protocol schema based in a SAML V2.0 namespace.

+     </documentation>

+    </annotation>

+    <complexType name="RequestAbstractType" abstract="true">

+        <sequence>

+            <element ref="saml:Issuer" minOccurs="0"/>

+            <element ref="ds:Signature" minOccurs="0"/>

+            <element ref="samlp:Extensions" minOccurs="0"/>

+        </sequence>

+        <attribute name="ID" type="ID" use="required"/>

+        <attribute name="Version" type="string" use="required"/>

+        <attribute name="IssueInstant" type="dateTime" use="required"/>

+        <attribute name="Destination" type="anyURI" use="optional"/>

+    	<attribute name="Consent" type="anyURI" use="optional"/>

+    </complexType>

+    <element name="Extensions" type="samlp:ExtensionsType"/>

+    <complexType name="ExtensionsType">

+        <sequence>

+            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>

+        </sequence>

+    </complexType>

+    <complexType name="StatusResponseType">

+    	<sequence>

+            <element ref="saml:Issuer" minOccurs="0"/>

+            <element ref="ds:Signature" minOccurs="0"/>

+            <element ref="samlp:Extensions" minOccurs="0"/>

+            <element ref="samlp:Status"/>

+    	</sequence>

+    	<attribute name="ID" type="ID" use="required"/>

+    	<attribute name="InResponseTo" type="NCName" use="optional"/>

+    	<attribute name="Version" type="string" use="required"/>

+    	<attribute name="IssueInstant" type="dateTime" use="required"/>

+    	<attribute name="Destination" type="anyURI" use="optional"/>

+    	<attribute name="Consent" type="anyURI" use="optional"/>

+    </complexType>

+    <element name="Status" type="samlp:StatusType"/>

+    <complexType name="StatusType">

+        <sequence>

+            <element ref="samlp:StatusCode"/>

+            <element ref="samlp:StatusMessage" minOccurs="0"/>

+            <element ref="samlp:StatusDetail" minOccurs="0"/>

+        </sequence>

+    </complexType>

+    <element name="StatusCode" type="samlp:StatusCodeType"/>

+    <complexType name="StatusCodeType">

+        <sequence>

+            <element ref="samlp:StatusCode" minOccurs="0"/>

+        </sequence>

+        <attribute name="Value" type="anyURI" use="required"/>

+    </complexType>

+    <element name="StatusMessage" type="string"/>

+    <element name="StatusDetail" type="samlp:StatusDetailType"/>

+    <complexType name="StatusDetailType">

+        <sequence>

+            <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+    </complexType>

+    <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>

+    <complexType name="AssertionIDRequestType">

+    	<complexContent>

+            <extension base="samlp:RequestAbstractType">

+                <sequence>

+                    <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>

+                </sequence>

+            </extension>

+    	</complexContent>

+    </complexType>

+    <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>

+    <complexType name="SubjectQueryAbstractType" abstract="true">

+    	<complexContent>

+            <extension base="samlp:RequestAbstractType">

+                <sequence>

+                    <element ref="saml:Subject"/>

+                </sequence>

+            </extension>

+    	</complexContent>

+    </complexType>

+    <element name="AuthnQuery" type="samlp:AuthnQueryType"/>

+    <complexType name="AuthnQueryType">

+        <complexContent>

+            <extension base="samlp:SubjectQueryAbstractType">

+                <sequence>

+                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>

+                </sequence>

+                <attribute name="SessionIndex" type="string" use="optional"/>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>

+    <complexType name="RequestedAuthnContextType">

+        <choice>

+            <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>

+            <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>

+        </choice>

+        <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>

+    </complexType>

+    <simpleType name="AuthnContextComparisonType">

+        <restriction base="string">

+            <enumeration value="exact"/>

+            <enumeration value="minimum"/>

+            <enumeration value="maximum"/>

+            <enumeration value="better"/>

+        </restriction>

+    </simpleType>

+    <element name="AttributeQuery" type="samlp:AttributeQueryType"/>

+    <complexType name="AttributeQueryType">

+        <complexContent>

+            <extension base="samlp:SubjectQueryAbstractType">

+                <sequence>

+                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>

+    <complexType name="AuthzDecisionQueryType">

+        <complexContent>

+            <extension base="samlp:SubjectQueryAbstractType">

+                <sequence>

+                    <element ref="saml:Action" maxOccurs="unbounded"/>

+                    <element ref="saml:Evidence" minOccurs="0"/>

+                </sequence>

+                <attribute name="Resource" type="anyURI" use="required"/>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="AuthnRequest" type="samlp:AuthnRequestType"/>

+    <complexType name="AuthnRequestType">

+        <complexContent>

+            <extension base="samlp:RequestAbstractType">

+                <sequence>

+                    <element ref="saml:Subject" minOccurs="0"/>

+                    <element ref="samlp:NameIDPolicy" minOccurs="0"/>

+                    <element ref="saml:Conditions" minOccurs="0"/>

+                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>

+                    <element ref="samlp:Scoping" minOccurs="0"/>

+                </sequence>

+                <attribute name="ForceAuthn" type="boolean" use="optional"/>

+                <attribute name="IsPassive" type="boolean" use="optional"/>

+                <attribute name="ProtocolBinding" type="anyURI" use="optional"/>

+                <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>

+                <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>

+                <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>

+                <attribute name="ProviderName" type="string" use="optional"/>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>

+    <complexType name="NameIDPolicyType">

+        <attribute name="Format" type="anyURI" use="optional"/>

+        <attribute name="SPNameQualifier" type="string" use="optional"/>

+        <attribute name="AllowCreate" type="boolean" use="optional"/>

+    </complexType>

+    <element name="Scoping" type="samlp:ScopingType"/>

+    <complexType name="ScopingType">

+        <sequence>

+            <element ref="samlp:IDPList" minOccurs="0"/>

+            <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>

+        </sequence>

+        <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>

+    </complexType>

+    <element name="RequesterID" type="anyURI"/>

+    <element name="IDPList" type="samlp:IDPListType"/>

+    <complexType name="IDPListType">

+        <sequence>

+            <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>

+            <element ref="samlp:GetComplete" minOccurs="0"/>

+        </sequence>

+    </complexType>

+    <element name="IDPEntry" type="samlp:IDPEntryType"/>

+    <complexType name="IDPEntryType">

+        <attribute name="ProviderID" type="anyURI" use="required"/>

+        <attribute name="Name" type="string" use="optional"/>

+        <attribute name="Loc" type="anyURI" use="optional"/>

+    </complexType>

+    <element name="GetComplete" type="anyURI"/>

+    <element name="Response" type="samlp:ResponseType"/>

+    <complexType name="ResponseType">

+    	<complexContent>

+            <extension base="samlp:StatusResponseType">

+                <choice minOccurs="0" maxOccurs="unbounded">

+                    <element ref="saml:Assertion"/>

+                    <element ref="saml:EncryptedAssertion"/>

+                </choice>

+            </extension>

+    	</complexContent>

+    </complexType>

+    <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>

+    <complexType name="ArtifactResolveType">

+    	<complexContent>

+            <extension base="samlp:RequestAbstractType">

+                <sequence>

+                    <element ref="samlp:Artifact"/>

+                </sequence>

+            </extension>

+    	</complexContent>

+    </complexType>

+    <element name="Artifact" type="string"/>

+    <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>

+    <complexType name="ArtifactResponseType">

+    	<complexContent>

+            <extension base="samlp:StatusResponseType">

+                <sequence>

+                    <any namespace="##any" processContents="lax" minOccurs="0"/>

+                </sequence>

+            </extension>

+    	</complexContent>

+    </complexType>

+    <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>

+    <complexType name="ManageNameIDRequestType">

+    	<complexContent>

+            <extension base="samlp:RequestAbstractType">

+                <sequence>

+                    <choice>

+                        <element ref="saml:NameID"/>

+                        <element ref="saml:EncryptedID"/>

+                    </choice>

+                    <choice>

+                        <element ref="samlp:NewID"/>

+                        <element ref="samlp:NewEncryptedID"/>

+                        <element ref="samlp:Terminate"/>

+                    </choice>

+                </sequence>

+            </extension>

+    	</complexContent>

+    </complexType>

+    <element name="NewID" type="string"/>

+    <element name="NewEncryptedID" type="saml:EncryptedElementType"/>

+    <element name="Terminate" type="samlp:TerminateType"/>

+    <complexType name="TerminateType"/>

+    <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>

+    <element name="LogoutRequest" type="samlp:LogoutRequestType"/>

+    <complexType name="LogoutRequestType">

+        <complexContent>

+            <extension base="samlp:RequestAbstractType">

+                <sequence>

+                    <choice>

+                        <element ref="saml:BaseID"/>

+                        <element ref="saml:NameID"/>

+                        <element ref="saml:EncryptedID"/>

+                    </choice>

+                    <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>

+                </sequence>

+                <attribute name="Reason" type="string" use="optional"/>

+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="SessionIndex" type="string"/>

+    <element name="LogoutResponse" type="samlp:StatusResponseType"/>

+    <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>

+    <complexType name="NameIDMappingRequestType">

+        <complexContent>

+            <extension base="samlp:RequestAbstractType">

+                <sequence>

+                    <choice>

+                        <element ref="saml:BaseID"/>

+                        <element ref="saml:NameID"/>

+                        <element ref="saml:EncryptedID"/>

+                    </choice>

+                    <element ref="samlp:NameIDPolicy"/>

+                </sequence>

+            </extension>

+        </complexContent>

+    </complexType>

+    <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>

+    <complexType name="NameIDMappingResponseType">

+        <complexContent>

+            <extension base="samlp:StatusResponseType">

+                <choice>

+                    <element ref="saml:NameID"/>

+                    <element ref="saml:EncryptedID"/>

+                </choice>

+            </extension>

+        </complexContent>

+    </complexType>

+</schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd b/moaSig/common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd
new file mode 100644
index 0000000..ecb001f
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xs:schema 

+  elementFormDefault="qualified" 

+  targetNamespace="urn:eu:stork:names:tc:STORK:1.0:assertion" 

+  xmlns:xs="http://www.w3.org/2001/XMLSchema" 

+  xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"

+  xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion">

+

+  <xs:element name="QualityAuthenticationAssuranceLevel" type="stork:QualityAuthenticationAssuranceLevelType" />

+  <xs:element name="spSector" type="stork:SPSectorType" />

+  <xs:element name="spApplication" type="stork:SPApplicationType"/>

+  <xs:element name="spCountry" type="stork:CountryCodeType"/>

+  <xs:element name="CitizenCountryCode" type="stork:CountryCodeType" />

+  <xs:element name="RequestedAttribute" type="stork:RequestedAttributeType" />

+  <xs:element name="AttributeValue" type="xs:anyType" />

+  <xs:element name="canonicalResidenceAddress" type="stork:canonicalResidenceAddressType"/>

+  <xs:element name="countryCodeAddress" type="stork:CountryCodeType"/>

+  

+  <xs:attribute name="AttributeStatus" type="stork:AttributeStatusType" />

+

+

+  <xs:simpleType name="SPSectorType">

+    <xs:restriction base="xs:string">

+      <xs:minLength value="1" />

+      <xs:maxLength value="20" />

+    </xs:restriction>

+  </xs:simpleType>

+

+  <xs:simpleType name="SPApplicationType">

+    <xs:restriction base="xs:string">

+      <xs:minLength value="1" />

+      <xs:maxLength value="100" />

+    </xs:restriction>

+  </xs:simpleType>

+  

+  <xs:simpleType name="AttributeStatusType">

+    <xs:restriction base="xs:string">

+      <xs:enumeration value="Available" />

+      <xs:enumeration value="NotAvailable" />

+      <xs:enumeration value="Withheld" />

+    </xs:restriction>

+  </xs:simpleType>

+

+  <xs:simpleType name="QualityAuthenticationAssuranceLevelType">

+    <xs:restriction base="xs:integer">

+      <xs:minInclusive value="1" />

+      <xs:maxInclusive value="4" />

+    </xs:restriction>

+  </xs:simpleType>

+

+  <xs:complexType name="canonicalResidenceAddressType">

+    <xs:sequence>

+      <xs:element name="countryCodeAddress" type="stork:CountryCodeType" />

+      <xs:element name="state" type="xs:string" minOccurs="0"/>            		

+      <xs:element name="municipalityCode" type="xs:string" minOccurs="0"/>

+      <xs:element name="town" type="xs:string"/>

+      <xs:element name="postalCode" type="xs:string"/>

+      <xs:element name="streetName" type="xs:string"/>

+      <xs:element name="streetNumber" type="xs:string" minOccurs="0"/>

+      <xs:element name="apartmentNumber" type="xs:string" minOccurs="0"/>

+    </xs:sequence>

+  </xs:complexType>

+  

+  <xs:simpleType name="CountryCodeType">

+    <xs:restriction base="xs:token">

+      <xs:pattern value="[A-Z]{2}"/>

+    </xs:restriction>

+  </xs:simpleType>

+  

+  <xs:complexType name="RequestedAttributeType">

+    <xs:sequence>

+      <xs:element minOccurs="0" maxOccurs="unbounded" ref="stork:AttributeValue"/>

+    </xs:sequence>

+    <xs:attribute name="Name" use="required" type="xs:string"/>

+    <xs:attribute name="NameFormat" use="required" type="xs:anyURI"/>

+    <xs:attribute name="FriendlyName" use="optional" type="xs:string"/>

+    <xs:attribute name="isRequired" use="optional" type="xs:boolean"/>

+    <xs:anyAttribute namespace="##other" processContents="lax"/>

+  </xs:complexType>

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd b/moaSig/common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd
new file mode 100644
index 0000000..a8efa53
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<xs:schema

+  elementFormDefault="qualified" 

+  targetNamespace="urn:eu:stork:names:tc:STORK:1.0:protocol" 

+  xmlns:xs="http://www.w3.org/2001/XMLSchema"  

+  xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol" 

+  xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion"

+  xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

+

+  <xs:import namespace="urn:eu:stork:names:tc:STORK:1.0:assertion" schemaLocation="stork-schema-assertion-1.0.xsd"/>

+  <!--  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd" /> -->

+  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />

+  

+

+  <xs:element name="eIDSectorShare" type="xs:boolean" default="false"/>

+  <xs:element name="eIDCrossSectorShare" type="xs:boolean" default="false"/>

+  <xs:element name="eIDCrossBorderShare" type="xs:boolean" default="false"/>

+  <xs:element name="RequestedAttributes" type="storkp:RequestedAttributesType" />  

+  <xs:element name="AuthenticationAttributes" type="storkp:AuthenticationAttributesType" />

+  

+  <xs:complexType name="RequestedAttributesType">

+    <xs:sequence>

+      <xs:element minOccurs="0" maxOccurs="unbounded" ref="stork:RequestedAttribute"/>

+    </xs:sequence>

+  </xs:complexType>

+  

+  <xs:complexType name="AuthenticationAttributesType">

+    <xs:sequence>

+      <xs:element name="VIDPAuthenticationAttributes" type="storkp:VIDPAuthenticationAttributesType" minOccurs="0" maxOccurs="1" />

+    </xs:sequence>

+  </xs:complexType>

+  

+  <xs:complexType name="VIDPAuthenticationAttributesType">

+    <xs:sequence>

+      <xs:element name="CitizenCountryCode" minOccurs="0" maxOccurs="1" type="stork:CountryCodeType" />

+      <xs:element name="SPInformation" minOccurs="1" maxOccurs="1" type="storkp:SPInformationType"/>

+    </xs:sequence>

+  </xs:complexType>

+  

+  <xs:complexType name="SPInformationType">

+    <xs:sequence>

+      <xs:element name="SPID" minOccurs="1" maxOccurs="1" type="storkp:SPIDType" />

+      <xs:element name="SPCertSig" minOccurs="0" maxOccurs="1" type="storkp:SPCertSigType" />

+      <xs:element name="SPCertEnc" minOccurs="0" maxOccurs="1" type="storkp:SPCertEncType" />

+      <xs:element name="SPAuthRequest" minOccurs="0" maxOccurs="1" type="storkp:SPAuthRequestType"/>

+    </xs:sequence>

+  </xs:complexType>

+  

+  <xs:simpleType name="SPIDType">

+    <xs:restriction base="xs:string">

+      <xs:minLength value="1" />

+      <xs:maxLength value="20" />

+    </xs:restriction>

+  </xs:simpleType>

+  

+  <xs:complexType name="SPCertSigType">

+    <xs:sequence>

+      <xs:element minOccurs="1" ref="ds:KeyInfo" />

+    </xs:sequence>    

+  </xs:complexType>

+

+  <xs:complexType name="SPCertEncType">

+    <xs:sequence>

+      <xs:element minOccurs="1" ref="ds:KeyInfo" />

+    </xs:sequence>    

+  </xs:complexType>

+  

+  <xs:complexType name="SPAuthRequestType">

+    <xs:sequence>

+        <xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/>

+    </xs:sequence>

+  </xs:complexType> 

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd b/moaSig/common/src/main/resources/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd
new file mode 100644
index 0000000..5f1c646
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--                  ****** NOTICE ******
+This document is part of ETSI TS 102 231. In the event that any
+part of this document in conflict with the text of TS 102 231 
+then that text shall prevail as the authoritative source
+-->
+<schema targetNamespace="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<import namespace="http://uri.etsi.org/02231/v2#" schemaLocation="http://uri.etsi.org/02231/v3.1.2/tsl.xsd"/>
+	<import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES.xsd"/>
+	<element name="MimeType" type="xsd:string"/>
+	<element name="X509CertificateLocation" type="tsl:NonEmptyURIType"/>
+	<element name="PublicKeyLocation" type="tsl:NonEmptyURIType"/>
+	<element name="ExtendedKeyUsage" type="tslx:ExtendedKeyUsageType"/>
+	<complexType name="ExtendedKeyUsageType">
+		<sequence maxOccurs="unbounded">
+			<element name="KeyPurposeId" type="xades:ObjectIdentifierType"/>
+		</sequence>
+	</complexType>
+	<element name="TakenOverBy" type="tslx:TakenOverByType"/>
+	<complexType name="TakenOverByType">
+		<sequence>
+			<element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
+			<element name="TSPName" type="tsl:InternationalNamesType"/>
+			<element ref="tsl:SchemeOperatorName"/>
+			<element ref="tsl:SchemeTerritory"/>
+			<element name="OtherQualifier" type="tsl:AnyType" minOccurs="0" maxOccurs="unbounded"/>
+		</sequence>
+	</complexType>
+	<element name="CertSubjectDNAttribute" type="tslx:CertSubjectDNAttributeType"/>
+	<complexType name="CertSubjectDNAttributeType">
+		<sequence maxOccurs="unbounded">
+			<element name="AttributeOID" type="xades:ObjectIdentifierType"/>
+		</sequence>
+	</complexType>
+</schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/ts_102231v030102_sie_xsd.xsd b/moaSig/common/src/main/resources/resources/schemas/ts_102231v030102_sie_xsd.xsd
new file mode 100644
index 0000000..1b3bed4
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/ts_102231v030102_sie_xsd.xsd
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--                  ****** NOTICE ******
+This document is part of ETSI TS 102 231. In the event that any
+part of this document in conflict with the text of TS 102 231 
+then that text shall prevail as the authoritative source
+-->
+<schema targetNamespace="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:tns="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES.xsd"/>
+	<element name="Qualifications" type="tns:QualificationsType"/>
+	<complexType name="QualificationsType">
+		<sequence maxOccurs="unbounded">
+			<element name="QualificationElement" type="tns:QualificationElementType"/>
+		</sequence>
+	</complexType>
+	<complexType name="QualificationElementType">
+		<sequence>
+			<element name="Qualifiers" type="tns:QualifiersType"/>
+			<element name="CriteriaList" type="tns:CriteriaListType"/>
+		</sequence>
+	</complexType>
+	<complexType name="CriteriaListType">
+		<annotation>
+			<documentation>Please first try to use the CriteriaList before doing the OtherCriteria extension point.</documentation>
+		</annotation>
+		<sequence>
+			<element name="KeyUsage" type="tns:KeyUsageType" minOccurs="0" maxOccurs="unbounded"/>
+			<element name="PolicySet" type="tns:PoliciesListType" minOccurs="0" maxOccurs="unbounded"/>
+			<element name="CriteriaList" type="tns:CriteriaListType" minOccurs="0" maxOccurs="unbounded"/>
+			<element name="Description" type="xsd:string" minOccurs="0"/>
+			<element name="otherCriteriaList" type="xades:AnyType" minOccurs="0"/>
+		</sequence>
+		<attribute name="assert">
+			<simpleType>
+				<restriction base="xsd:string">
+					<enumeration value="all"/>
+					<enumeration value="atLeastOne"/>
+					<enumeration value="none"/>
+				</restriction>
+			</simpleType>
+		</attribute>
+	</complexType>
+	<complexType name="QualifiersType">
+		<sequence maxOccurs="unbounded">
+			<element name="Qualifier" type="tns:QualifierType"/>
+		</sequence>
+	</complexType>
+	<complexType name="QualifierType">
+		<attribute name="uri" type="anyURI"/>
+	</complexType>
+	<complexType name="PoliciesListType">
+		<sequence maxOccurs="unbounded">
+			<element name="PolicyIdentifier" type="xades:ObjectIdentifierType"/>
+		</sequence>
+	</complexType>
+	<complexType name="KeyUsageType">
+		<sequence maxOccurs="9">
+			<element name="KeyUsageBit" type="tns:KeyUsageBitType"/>
+		</sequence>
+	</complexType>
+	<complexType name="KeyUsageBitType">
+		<simpleContent>
+			<extension base="xsd:boolean">
+				<attribute name="name">
+					<simpleType>
+						<restriction base="xsd:string">
+							<enumeration value="digitalSignature"/>
+							<enumeration value="nonRepudiation"/>
+							<enumeration value="keyEncipherment"/>
+							<enumeration value="dataEncipherment"/>
+							<enumeration value="keyAgreement"/>
+							<enumeration value="keyCertSign"/>
+							<enumeration value="crlSign"/>
+							<enumeration value="encipherOnly"/>
+							<enumeration value="decipherOnly"/>
+						</restriction>
+					</simpleType>
+				</attribute>
+			</extension>
+		</simpleContent>
+	</complexType>
+</schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/ts_102231v030102_xsd.xsd b/moaSig/common/src/main/resources/resources/schemas/ts_102231v030102_xsd.xsd
new file mode 100644
index 0000000..5ee04ec
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/ts_102231v030102_xsd.xsd
@@ -0,0 +1,331 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--                  ****** NOTICE ******
+This document is part of ETSI TS 102 231. In the event that any
+part of this document in conflict with the text of TS 102 231 
+then that text shall prevail as the authoritative source
+-->
+<xsd:schema targetNamespace="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tsl="http://uri.etsi.org/02231/v2#" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<!-- Imports -->
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+	<!-- Begin auxiliary types -->
+	<!--InternationalNamesType-->
+	<xsd:complexType name="InternationalNamesType">
+		<xsd:sequence>
+			<xsd:element name="Name" type="tsl:MultiLangNormStringType" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="MultiLangNormStringType">
+		<xsd:simpleContent>
+			<xsd:extension base="tsl:NonEmptyNormalizedString">
+				<xsd:attribute ref="xml:lang" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="MultiLangStringType">
+		<xsd:simpleContent>
+			<xsd:extension base="tsl:NonEmptyString">
+				<xsd:attribute ref="xml:lang" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:simpleType name="NonEmptyString">
+		<xsd:restriction base="xsd:string">
+			<xsd:minLength value="1"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="NonEmptyNormalizedString">
+		<xsd:restriction base="xsd:normalizedString">
+			<xsd:minLength value="1"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!-- AddressType -->
+	<xsd:complexType name="AddressType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:PostalAddresses"/>
+			<xsd:element ref="tsl:ElectronicAddress"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--PostalAddressList Type-->
+	<xsd:element name="PostalAddresses" type="tsl:PostalAddressListType"/>
+	<xsd:complexType name="PostalAddressListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:PostalAddress" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--PostalAddress Type-->
+	<xsd:element name="PostalAddress" type="tsl:PostalAddressType"/>
+	<xsd:complexType name="PostalAddressType">
+		<xsd:sequence>
+			<xsd:element name="StreetAddress" type="tsl:NonEmptyString"/>
+			<xsd:element name="Locality" type="tsl:NonEmptyString"/>
+			<xsd:element name="StateOrProvince" type="tsl:NonEmptyString" minOccurs="0"/>
+			<xsd:element name="PostalCode" type="tsl:NonEmptyString" minOccurs="0"/>
+			<xsd:element name="CountryName" type="tsl:NonEmptyString"/>
+		</xsd:sequence>
+		<xsd:attribute ref="xml:lang" use="required"/>
+	</xsd:complexType>
+	<!--ElectronicAddressType-->
+	<xsd:element name="ElectronicAddress" type="tsl:ElectronicAddressType"/>
+	<xsd:complexType name="ElectronicAddressType">
+		<xsd:sequence>
+			<xsd:element name="URI" type="tsl:NonEmptyURIType" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- Types for extensions in TSL -->
+	<xsd:complexType name="AnyType" mixed="true">
+		<xsd:sequence minOccurs="0" maxOccurs="unbounded">
+			<xsd:any processContents="lax"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="Extension" type="tsl:ExtensionType"/>
+	<xsd:complexType name="ExtensionType">
+		<xsd:complexContent>
+			<xsd:extension base="tsl:AnyType">
+				<xsd:attribute name="Critical" type="xsd:boolean" use="required"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ExtensionsListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:Extension" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--NonEmptyURIType-->
+	<xsd:simpleType name="NonEmptyURIType">
+		<xsd:restriction base="xsd:anyURI">
+			<xsd:minLength value="1"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!--NonEmptyURIType with language indication-->
+	<xsd:complexType name="NonEmptyMultiLangURIType">
+		<xsd:simpleContent>
+			<xsd:extension base="tsl:NonEmptyURIType">
+				<xsd:attribute ref="xml:lang" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<!--List of NonEmptyURIType with language indication-->
+	<xsd:complexType name="NonEmptyMultiLangURIListType">
+		<xsd:sequence>
+			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--List of NonEmptyURIType-->
+	<xsd:complexType name="NonEmptyURIListType">
+		<xsd:sequence>
+			<xsd:element name="URI" type="tsl:NonEmptyURIType" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- End auxiliary types -->
+	<!-- ROOT Element -->
+	<xsd:element name="TrustServiceStatusList" type="tsl:TrustStatusListType"/>
+	<!-- Trust Status List Type Definition -->
+	<xsd:complexType name="TrustStatusListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:SchemeInformation"/>
+			<xsd:element ref="tsl:TrustServiceProviderList" minOccurs="0"/>
+			<xsd:element ref="ds:Signature" minOccurs="0"/>
+		</xsd:sequence>
+		<xsd:attribute name="TSLTag" type="tsl:TSLTagType" use="required"/>
+		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+	</xsd:complexType>
+	<!-- TSLTagType -->
+	<xsd:simpleType name="TSLTagType">
+		<xsd:restriction base="xsd:anyURI">
+			<xsd:enumeration value="http://uri.etsi.org/02231/TSLTag"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!-- TrustServiceProviderListType-->
+	<xsd:element name="TrustServiceProviderList" type="tsl:TrustServiceProviderListType"/>
+	<xsd:complexType name="TrustServiceProviderListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:TrustServiceProvider" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSL Scheme Information -->
+	<xsd:element name="SchemeInformation" type="tsl:TSLSchemeInformationType"/>
+	<xsd:complexType name="TSLSchemeInformationType">
+		<xsd:sequence>
+			<xsd:element name="TSLVersionIdentifier" type="xsd:integer" fixed="3"/>
+			<xsd:element name="TSLSequenceNumber" type="xsd:positiveInteger"/>
+			<xsd:element ref="tsl:TSLType"/>
+			<xsd:element ref="tsl:SchemeOperatorName"/>
+			<xsd:element name="SchemeOperatorAddress" type="tsl:AddressType"/>
+			<xsd:element ref="tsl:SchemeName"/>
+			<xsd:element ref="tsl:SchemeInformationURI"/>
+			<xsd:element name="StatusDeterminationApproach" type="tsl:NonEmptyURIType"/>
+			<xsd:element ref="tsl:SchemeTypeCommunityRules" minOccurs="0"/>
+			<xsd:element ref="tsl:SchemeTerritory" minOccurs="0"/>
+			<xsd:element ref="tsl:PolicyOrLegalNotice" minOccurs="0"/>
+			<xsd:element name="HistoricalInformationPeriod" type="xsd:nonNegativeInteger"/>
+			<xsd:element ref="tsl:PointersToOtherTSL" minOccurs="0"/>
+			<xsd:element name="ListIssueDateTime" type="xsd:dateTime"/>
+			<xsd:element ref="tsl:NextUpdate"/>
+			<xsd:element ref="tsl:DistributionPoints" minOccurs="0"/>
+			<xsd:element name="SchemeExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="TSLType" type="tsl:NonEmptyURIType"/>
+	<xsd:element name="SchemeOperatorName" type="tsl:InternationalNamesType"/>
+	<xsd:element name="SchemeName" type="tsl:InternationalNamesType"/>
+	<xsd:element name="SchemeInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
+	<xsd:element name="SchemeTypeCommunityRules" type="tsl:NonEmptyURIListType"/>
+	<!-- SchemeTerritory -->
+	<xsd:element name="SchemeTerritory" type="tsl:SchemeTerritoryType"/>
+	<xsd:simpleType name="SchemeTerritoryType">
+		<xsd:restriction base="xsd:string">
+			<xsd:length value="2"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!-- Policy or Legal Notice -->
+	<xsd:element name="PolicyOrLegalNotice" type="tsl:PolicyOrLegalnoticeType"/>
+	<xsd:complexType name="PolicyOrLegalnoticeType">
+		<xsd:choice>
+			<xsd:element name="TSLPolicy" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
+			<xsd:element name="TSLLegalNotice" type="tsl:MultiLangStringType" maxOccurs="unbounded"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="NextUpdate" type="tsl:NextUpdateType"/>
+	<xsd:complexType name="NextUpdateType">
+		<xsd:sequence>
+			<xsd:element name="dateTime" type="xsd:dateTime" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--OtherTSLPointersType-->
+	<xsd:element name="PointersToOtherTSL" type="tsl:OtherTSLPointersType"/>
+	<xsd:complexType name="OtherTSLPointersType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:OtherTSLPointer" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="OtherTSLPointer" type="tsl:OtherTSLPointerType"/>
+	<xsd:complexType name="OtherTSLPointerType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceDigitalIdentities" minOccurs="0"/>
+			<xsd:element name="TSLLocation" type="tsl:NonEmptyURIType"/>
+			<xsd:element ref="tsl:AdditionalInformation" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="ServiceDigitalIdentities" type="tsl:ServiceDigitalIdentityListType"/>
+	<xsd:complexType name="ServiceDigitalIdentityListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceDigitalIdentity" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="AdditionalInformation" type="tsl:AdditionalInformationType"/>
+	<xsd:complexType name="AdditionalInformationType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:element name="TextualInformation" type="tsl:MultiLangStringType"/>
+			<xsd:element name="OtherInformation" type="tsl:AnyType"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--DistributionPoints element-->
+	<xsd:element name="DistributionPoints" type="tsl:ElectronicAddressType"/>
+	<!-- TSPType -->
+	<xsd:element name="TrustServiceProvider" type="tsl:TSPType"/>
+	<xsd:complexType name="TSPType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:TSPInformation"/>
+			<xsd:element ref="tsl:TSPServices"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSPInformationType -->
+	<xsd:element name="TSPInformation" type="tsl:TSPInformationType"/>
+	<xsd:complexType name="TSPInformationType">
+		<xsd:sequence>
+			<xsd:element name="TSPName" type="tsl:InternationalNamesType"/>
+			<xsd:element name="TSPTradeName" type="tsl:InternationalNamesType" minOccurs="0"/>
+			<xsd:element name="TSPAddress" type="tsl:AddressType"/>
+			<xsd:element name="TSPInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
+			<xsd:element name="TSPInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSP Services-->
+	<xsd:element name="TSPServices" type="tsl:TSPServicesListType"/>
+	<xsd:complexType name="TSPServicesListType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:TSPService" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="TSPService" type="tsl:TSPServiceType"/>
+	<xsd:complexType name="TSPServiceType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceInformation"/>
+			<xsd:element ref="tsl:ServiceHistory" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSPServiceInformationType -->
+	<xsd:element name="ServiceInformation" type="tsl:TSPServiceInformationType"/>
+	<xsd:complexType name="TSPServiceInformationType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceTypeIdentifier"/>
+			<xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
+			<xsd:element ref="tsl:ServiceDigitalIdentity"/>
+			<xsd:element ref="tsl:ServiceStatus"/>
+			<xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
+			<xsd:element name="SchemeServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
+			<xsd:element ref="tsl:ServiceSupplyPoints" minOccurs="0"/>
+			<xsd:element name="TSPServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
+			<xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- Service status -->
+	<xsd:element name="ServiceStatus" type="tsl:NonEmptyURIType"/>
+	<!-- Type for Service Supply Points -->
+	<xsd:element name="ServiceSupplyPoints" type="tsl:ServiceSupplyPointsType"/>
+	<xsd:complexType name="ServiceSupplyPointsType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="ServiceSupplyPoint" type="tsl:NonEmptyURIType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- TSPServiceIdentifier -->
+	<xsd:element name="ServiceTypeIdentifier" type="tsl:NonEmptyURIType"/>
+	<!-- DigitalIdentityType  -->
+	<xsd:element name="ServiceDigitalIdentity" type="tsl:DigitalIdentityListType"/>
+	<xsd:complexType name="DigitalIdentityListType">
+		<xsd:sequence>
+			<xsd:element name="DigitalId" type="tsl:DigitalIdentityType" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="DigitalIdentityType">
+		<xsd:choice>
+			<xsd:element name="X509Certificate" type="xsd:base64Binary"/>
+			<xsd:element name="X509SubjectName" type="xsd:string"/>
+			<xsd:element ref="ds:KeyValue"/>
+			<xsd:element name="X509SKI" type="xsd:base64Binary"/>
+			<xsd:element name="Other" type="tsl:AnyType"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!-- ServiceHistory element-->
+	<xsd:element name="ServiceHistory" type="tsl:ServiceHistoryType"/>
+	<xsd:complexType name="ServiceHistoryType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceHistoryInstance" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="ServiceHistoryInstance" type="tsl:ServiceHistoryInstanceType"/>
+	<xsd:complexType name="ServiceHistoryInstanceType">
+		<xsd:sequence>
+			<xsd:element ref="tsl:ServiceTypeIdentifier"/>
+			<xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
+			<xsd:element ref="tsl:ServiceDigitalIdentity"/>
+			<xsd:element ref="tsl:ServiceStatus"/>
+			<xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
+			<xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!-- Elements and types for Extensions -->
+	<!-- Extensions children of tsl:VaExtension-->
+	<!-- Element ExpiredCertsRevocationInfo -->
+	<xsd:element name="ExpiredCertsRevocationInfo" type="xsd:dateTime"/>
+	<!-- Element additionalServiceInformation -->
+	<xsd:element name="AdditionalServiceInformation" type="tsl:AdditionalServiceInformationType"/>
+	<xsd:complexType name="AdditionalServiceInformationType">
+		<xsd:sequence>
+			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
+			<xsd:element name="InformationValue" type="xsd:string" minOccurs="0"/>
+			<xsd:element name="OtherInformation" type="tsl:AnyType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/moaSig/common/src/main/resources/resources/schemas/xenc-schema.xsd b/moaSig/common/src/main/resources/resources/schemas/xenc-schema.xsd
new file mode 100644
index 0000000..d4519cd
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/xenc-schema.xsd
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema  PUBLIC "-//W3C//DTD XMLSchema 200102//EN"
+ "http://www.w3.org/2001/XMLSchema.dtd"
+ [
+   <!ATTLIST schema
+     xmlns:xenc CDATA #FIXED 'http://www.w3.org/2001/04/xmlenc#'
+     xmlns:ds CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'>
+   <!ENTITY xenc 'http://www.w3.org/2001/04/xmlenc#'>
+   <!ENTITY % p ''>
+   <!ENTITY % s ''>
+  ]>
+
+<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
+        xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
+        xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
+        targetNamespace='http://www.w3.org/2001/04/xmlenc#'
+        elementFormDefault='qualified'>
+
+<!-- 
+  <import namespace='http://www.w3.org/2000/09/xmldsig#'
+          schemaLocation='http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd'/>
+ -->
+ <import namespace='http://www.w3.org/2000/09/xmldsig#'
+          schemaLocation='xmldsig-core-schema.xsd'/>
+          
+  <complexType name='EncryptedType' abstract='true'>
+    <sequence>
+      <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
+       minOccurs='0'/>
+      <element ref='ds:KeyInfo' minOccurs='0'/>
+      <element ref='xenc:CipherData'/>
+      <element ref='xenc:EncryptionProperties' minOccurs='0'/>
+    </sequence>
+    <attribute name='Id' type='ID' use='optional'/>
+    <attribute name='Type' type='anyURI' use='optional'/>
+    <attribute name='MimeType' type='string' use='optional'/>
+    <attribute name='Encoding' type='anyURI' use='optional'/>
+  </complexType>
+  
+  <complexType name='EncryptionMethodType' mixed='true'>
+    <sequence>
+      <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
+      <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
+      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
+    </sequence>
+    <attribute name='Algorithm' type='anyURI' use='required'/>
+  </complexType>
+
+    <simpleType name='KeySizeType'>
+      <restriction base="integer"/>
+    </simpleType>
+
+  <element name='CipherData' type='xenc:CipherDataType'/>
+  <complexType name='CipherDataType'>
+     <choice>
+       <element name='CipherValue' type='base64Binary'/>
+       <element ref='xenc:CipherReference'/>
+     </choice>
+    </complexType>
+
+   <element name='CipherReference' type='xenc:CipherReferenceType'/>
+   <complexType name='CipherReferenceType'>
+       <choice>
+         <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
+       </choice>
+       <attribute name='URI' type='anyURI' use='required'/>
+   </complexType>
+
+     <complexType name='TransformsType'>
+       <sequence>
+         <element ref='ds:Transform' maxOccurs='unbounded'/>
+       </sequence>
+     </complexType>
+
+
+  <element name='EncryptedData' type='xenc:EncryptedDataType'/>
+  <complexType name='EncryptedDataType'>
+    <complexContent>
+      <extension base='xenc:EncryptedType'>
+       </extension>
+    </complexContent>
+  </complexType>
+
+  <!-- Children of ds:KeyInfo -->
+
+  <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
+  <complexType name='EncryptedKeyType'>
+    <complexContent>
+      <extension base='xenc:EncryptedType'>
+        <sequence>
+          <element ref='xenc:ReferenceList' minOccurs='0'/>
+          <element name='CarriedKeyName' type='string' minOccurs='0'/>
+        </sequence>
+        <attribute name='Recipient' type='string'
+         use='optional'/>
+      </extension>
+    </complexContent>
+  </complexType>
+
+    <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
+    <complexType name="AgreementMethodType" mixed="true">
+      <sequence>
+        <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
+        <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
+        <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+        <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
+        <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
+      </sequence>
+      <attribute name="Algorithm" type="anyURI" use="required"/>
+    </complexType>
+
+  <!-- End Children of ds:KeyInfo -->
+
+  <element name='ReferenceList'>
+    <complexType>
+      <choice minOccurs='1' maxOccurs='unbounded'>
+        <element name='DataReference' type='xenc:ReferenceType'/>
+        <element name='KeyReference' type='xenc:ReferenceType'/>
+      </choice>
+    </complexType>
+  </element>
+
+  <complexType name='ReferenceType'>
+    <sequence>
+      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
+    </sequence>
+    <attribute name='URI' type='anyURI' use='required'/>
+  </complexType>
+
+
+  <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
+  <complexType name='EncryptionPropertiesType'>
+    <sequence>
+      <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
+    </sequence>
+    <attribute name='Id' type='ID' use='optional'/>
+  </complexType>
+
+    <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
+    <complexType name='EncryptionPropertyType' mixed='true'>
+      <choice maxOccurs='unbounded'>
+        <any namespace='##other' processContents='lax'/>
+      </choice>
+      <attribute name='Target' type='anyURI' use='optional'/>
+      <attribute name='Id' type='ID' use='optional'/>
+      <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
+    </complexType>
+
+</schema>
+
diff --git a/moaSig/common/src/main/resources/resources/schemas/xml.xsd b/moaSig/common/src/main/resources/resources/schemas/xml.xsd
new file mode 100644
index 0000000..79dbc02
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/xml.xsd
@@ -0,0 +1,83 @@
+<?xml version='1.0'?>

+<!-- documented out for compatibility with Xerces-2.0.2

+<!DOCTYPE xs:schema PUBLIC "-//W3C//DTD XMLSCHEMA 200102//EN" "XMLSchema.dtd" >

+-->

+<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" xml:lang="en">

+

+ <xs:annotation>

+  <xs:documentation>

+   See http://www.w3.org/XML/1998/namespace.html and

+   http://www.w3.org/TR/REC-xml for information about this namespace.

+  </xs:documentation>

+ </xs:annotation>

+

+ <xs:annotation>

+  <xs:documentation>This schema defines attributes and an attribute group

+        suitable for use by

+        schemas wishing to allow xml:base, xml:lang or xml:space attributes

+        on elements they define.

+

+        To enable this, such a schema must import this schema

+        for the XML namespace, e.g. as follows:

+        &lt;schema . . .>

+         . . .

+         &lt;import namespace="http://www.w3.org/XML/1998/namespace"

+                    schemaLocation="http://www.w3.org/2001/03/xml.xsd"/>

+

+        Subsequently, qualified reference to any of the attributes

+        or the group defined below will have the desired effect, e.g.

+

+        &lt;type . . .>

+         . . .

+         &lt;attributeGroup ref="xml:specialAttrs"/>

+ 

+         will define a type which will schema-validate an instance

+         element with any of those attributes</xs:documentation>

+ </xs:annotation>

+

+ <xs:annotation>

+  <xs:documentation>In keeping with the XML Schema WG's standard versioning

+   policy, this schema document will persist at

+   http://www.w3.org/2001/03/xml.xsd.

+   At the date of issue it can also be found at

+   http://www.w3.org/2001/xml.xsd.

+   The schema document at that URI may however change in the future,

+   in order to remain compatible with the latest version of XML Schema

+   itself.  In other words, if the XML Schema namespace changes, the version

+   of this document at

+   http://www.w3.org/2001/xml.xsd will change

+   accordingly; the version at

+   http://www.w3.org/2001/03/xml.xsd will not change.

+  </xs:documentation>

+ </xs:annotation>

+

+ <xs:attribute name="lang" type="xs:language">

+  <xs:annotation>

+   <xs:documentation>In due course, we should install the relevant ISO 2- and 3-letter

+         codes as the enumerated possible values . . .</xs:documentation>

+  </xs:annotation>

+ </xs:attribute>

+

+ <xs:attribute name="space" default="preserve">

+  <xs:simpleType>

+   <xs:restriction base="xs:NCName">

+    <xs:enumeration value="default"/>

+    <xs:enumeration value="preserve"/>

+   </xs:restriction>

+  </xs:simpleType>

+ </xs:attribute>

+

+ <xs:attribute name="base" type="xs:anyURI">

+  <xs:annotation>

+   <xs:documentation>See http://www.w3.org/TR/xmlbase/ for

+                     information about this attribute.</xs:documentation>

+  </xs:annotation>

+ </xs:attribute>

+

+ <xs:attributeGroup name="specialAttrs">

+  <xs:attribute ref="xml:base"/>

+  <xs:attribute ref="xml:lang"/>

+  <xs:attribute ref="xml:space"/>

+ </xs:attributeGroup>

+

+</xs:schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/xmldsig-core-schema.xsd b/moaSig/common/src/main/resources/resources/schemas/xmldsig-core-schema.xsd
new file mode 100644
index 0000000..a7e3023
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/xmldsig-core-schema.xsd
@@ -0,0 +1,264 @@
+<?xml version="1.0" encoding="utf-8"?>

+<!-- documented out for compatibility with Xerces-2.0.2

+<!DOCTYPE schema PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "XMLSchema.dtd" [

+  <!ATTLIST schema

+  xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#"

+>

+  <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>

+  <!ENTITY % p ''>

+  <!ENTITY % s ''>

+]>

+-->

+<!-- Schema for XML Signatures

+    http://www.w3.org/2000/09/xmldsig#

+    $Revision: 1.1 $ on $Date: 2003/03/11 10:10:34 $ by $Author: peck $

+

+    Copyright 2001 The Internet Society and W3C (Massachusetts Institute

+    of Technology, Institut National de Recherche en Informatique et en

+    Automatique, Keio University). All Rights Reserved.

+    http://www.w3.org/Consortium/Legal/

+

+    This document is governed by the W3C Software License [1] as described

+    in the FAQ [2].

+

+    [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720

+    [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD

+-->

+<schema targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" version="0.1">

+  <!-- Basic Types Defined for Signatures -->

+  <simpleType name="CryptoBinary">

+    <restriction base="base64Binary"/>

+  </simpleType>

+  <!-- Start Signature -->

+  <element name="Signature" type="ds:SignatureType"/>

+  <complexType name="SignatureType">

+    <sequence>

+      <element ref="ds:SignedInfo"/>

+      <element ref="ds:SignatureValue"/>

+      <element ref="ds:KeyInfo" minOccurs="0"/>

+      <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>

+    </sequence>

+    <attribute name="Id" type="ID" use="optional"/>

+  </complexType>

+  <element name="SignatureValue" type="ds:SignatureValueType"/>

+  <complexType name="SignatureValueType">

+    <simpleContent>

+      <extension base="base64Binary">

+        <attribute name="Id" type="ID" use="optional"/>

+      </extension>

+    </simpleContent>

+  </complexType>

+  <!-- Start SignedInfo -->

+  <element name="SignedInfo" type="ds:SignedInfoType"/>

+  <complexType name="SignedInfoType">

+    <sequence>

+      <element ref="ds:CanonicalizationMethod"/>

+      <element ref="ds:SignatureMethod"/>

+      <element ref="ds:Reference" maxOccurs="unbounded"/>

+    </sequence>

+    <attribute name="Id" type="ID" use="optional"/>

+  </complexType>

+  <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>

+  <complexType name="CanonicalizationMethodType" mixed="true">

+    <sequence>

+      <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>

+      <!-- (0,unbounded) elements from (1,1) namespace -->

+    </sequence>

+    <attribute name="Algorithm" type="anyURI" use="required"/>

+  </complexType>

+  <element name="SignatureMethod" type="ds:SignatureMethodType"/>

+  <complexType name="SignatureMethodType" mixed="true">

+    <sequence>

+      <element name="HMACOutputLength" type="ds:HMACOutputLengthType" minOccurs="0"/>

+      <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>

+      <!-- (0,unbounded) elements from (1,1) external namespace -->

+    </sequence>

+    <attribute name="Algorithm" type="anyURI" use="required"/>

+  </complexType>

+  <!-- Start Reference -->

+  <element name="Reference" type="ds:ReferenceType"/>

+  <complexType name="ReferenceType">

+    <sequence>

+      <element ref="ds:Transforms" minOccurs="0"/>

+      <element ref="ds:DigestMethod"/>

+      <element ref="ds:DigestValue"/>

+    </sequence>

+    <attribute name="Id" type="ID" use="optional"/>

+    <attribute name="URI" type="anyURI" use="optional"/>

+    <attribute name="Type" type="anyURI" use="optional"/>

+  </complexType>

+  <element name="Transforms" type="ds:TransformsType"/>

+  <complexType name="TransformsType">

+    <sequence>

+      <element ref="ds:Transform" maxOccurs="unbounded"/>

+    </sequence>

+  </complexType>

+  <element name="Transform" type="ds:TransformType"/>

+  <complexType name="TransformType" mixed="true">

+    <choice minOccurs="0" maxOccurs="unbounded">

+      <any namespace="##other" processContents="lax"/>

+      <element name="XPath" type="string"/>

+      <!-- (1,1) elements from (0,unbounded) namespaces -->

+    </choice>

+    <attribute name="Algorithm" type="anyURI" use="required"/>

+  </complexType>

+  <!-- End Reference -->

+  <element name="DigestMethod" type="ds:DigestMethodType"/>

+  <complexType name="DigestMethodType" mixed="true">

+    <sequence>

+      <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+    </sequence>

+    <attribute name="Algorithm" type="anyURI" use="required"/>

+  </complexType>

+  <element name="DigestValue" type="ds:DigestValueType"/>

+  <simpleType name="DigestValueType">

+    <restriction base="base64Binary"/>

+  </simpleType>

+  <!-- End SignedInfo -->

+  <!-- Start KeyInfo -->

+  <element name="KeyInfo" type="ds:KeyInfoType"/>

+  <complexType name="KeyInfoType" mixed="true">

+    <choice maxOccurs="unbounded">

+      <element ref="ds:KeyName"/>

+      <element ref="ds:KeyValue"/>

+      <element ref="ds:RetrievalMethod"/>

+      <element ref="ds:X509Data"/>

+      <element ref="ds:PGPData"/>

+      <element ref="ds:SPKIData"/>

+      <element ref="ds:MgmtData"/>

+      <any namespace="##other" processContents="lax"/>

+      <!-- (1,1) elements from (0,unbounded) namespaces -->

+    </choice>

+    <attribute name="Id" type="ID" use="optional"/>

+  </complexType>

+  <element name="KeyName" type="string"/>

+  <element name="MgmtData" type="string"/>

+  <element name="KeyValue" type="ds:KeyValueType"/>

+  <complexType name="KeyValueType" mixed="true">

+    <choice>

+      <element ref="ds:DSAKeyValue"/>

+      <element ref="ds:RSAKeyValue"/>

+      <any namespace="##other" processContents="lax"/>

+    </choice>

+  </complexType>

+  <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>

+  <complexType name="RetrievalMethodType">

+    <sequence>

+      <element ref="ds:Transforms" minOccurs="0"/>

+    </sequence>

+    <attribute name="URI" type="anyURI"/>

+    <attribute name="Type" type="anyURI" use="optional"/>

+  </complexType>

+  <!-- Start X509Data -->

+  <element name="X509Data" type="ds:X509DataType"/>

+  <complexType name="X509DataType">

+    <sequence maxOccurs="unbounded">

+      <choice>

+        <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>

+        <element name="X509SKI" type="base64Binary"/>

+        <element name="X509SubjectName" type="string"/>

+        <element name="X509Certificate" type="base64Binary"/>

+        <element name="X509CRL" type="base64Binary"/>

+        <any namespace="##other" processContents="lax"/>

+      </choice>

+    </sequence>

+  </complexType>

+  <complexType name="X509IssuerSerialType">

+    <sequence>

+      <element name="X509IssuerName" type="string"/>

+      <element name="X509SerialNumber" type="integer"/>

+    </sequence>

+  </complexType>

+  <!-- End X509Data -->

+  <!-- Begin PGPData -->

+  <element name="PGPData" type="ds:PGPDataType"/>

+  <complexType name="PGPDataType">

+    <choice>

+      <sequence>

+        <element name="PGPKeyID" type="base64Binary"/>

+        <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>

+        <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+      </sequence>

+      <sequence>

+        <element name="PGPKeyPacket" type="base64Binary"/>

+        <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+      </sequence>

+    </choice>

+  </complexType>

+  <!-- End PGPData -->

+  <!-- Begin SPKIData -->

+  <element name="SPKIData" type="ds:SPKIDataType"/>

+  <complexType name="SPKIDataType">

+    <sequence maxOccurs="unbounded">

+      <element name="SPKISexp" type="base64Binary"/>

+      <any namespace="##other" processContents="lax" minOccurs="0"/>

+    </sequence>

+  </complexType>

+  <!-- End SPKIData -->

+  <!-- End KeyInfo -->

+  <!-- Start Object (Manifest, SignatureProperty) -->

+  <element name="Object" type="ds:ObjectType"/>

+  <complexType name="ObjectType" mixed="true">

+    <sequence minOccurs="0" maxOccurs="unbounded">

+      <any namespace="##any" processContents="lax"/>

+    </sequence>

+    <attribute name="Id" type="ID" use="optional"/>

+    <attribute name="MimeType" type="string" use="optional"/>

+    <attribute name="Encoding" type="anyURI" use="optional"/>

+    <!-- add a grep facet -->

+  </complexType>

+  <element name="Manifest" type="ds:ManifestType"/>

+  <complexType name="ManifestType">

+    <sequence>

+      <element ref="ds:Reference" maxOccurs="unbounded"/>

+    </sequence>

+    <attribute name="Id" type="ID" use="optional"/>

+  </complexType>

+  <element name="SignatureProperties" type="ds:SignaturePropertiesType"/>

+  <complexType name="SignaturePropertiesType">

+    <sequence>

+      <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>

+    </sequence>

+    <attribute name="Id" type="ID" use="optional"/>

+  </complexType>

+  <element name="SignatureProperty" type="ds:SignaturePropertyType"/>

+  <complexType name="SignaturePropertyType" mixed="true">

+    <choice maxOccurs="unbounded">

+      <any namespace="##other" processContents="lax"/>

+      <!-- (1,1) elements from (1,unbounded) namespaces -->

+    </choice>

+    <attribute name="Target" type="anyURI" use="required"/>

+    <attribute name="Id" type="ID" use="optional"/>

+  </complexType>

+  <!-- End Object (Manifest, SignatureProperty) -->

+  <!-- Start Algorithm Parameters -->

+  <simpleType name="HMACOutputLengthType">

+    <restriction base="integer"/>

+  </simpleType>

+  <!-- Start KeyValue Element-types -->

+  <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>

+  <complexType name="DSAKeyValueType">

+    <sequence>

+      <sequence minOccurs="0">

+        <element name="P" type="ds:CryptoBinary"/>

+        <element name="Q" type="ds:CryptoBinary"/>

+      </sequence>

+      <element name="G" type="ds:CryptoBinary" minOccurs="0"/>

+      <element name="Y" type="ds:CryptoBinary"/>

+      <element name="J" type="ds:CryptoBinary" minOccurs="0"/>

+      <sequence minOccurs="0">

+        <element name="Seed" type="ds:CryptoBinary"/>

+        <element name="PgenCounter" type="ds:CryptoBinary"/>

+      </sequence>

+    </sequence>

+  </complexType>

+  <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>

+  <complexType name="RSAKeyValueType">

+    <sequence>

+      <element name="Modulus" type="ds:CryptoBinary"/>

+      <element name="Exponent" type="ds:CryptoBinary"/>

+    </sequence>

+  </complexType>

+  <!-- End KeyValue Element-types -->

+  <!-- End Signature -->

+</schema>

diff --git a/moaSig/common/src/main/resources/resources/schemas/xmldsig-filter2.xsd b/moaSig/common/src/main/resources/resources/schemas/xmldsig-filter2.xsd
new file mode 100644
index 0000000..330eafd
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/xmldsig-filter2.xsd
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="utf-8"?>

+<!-- documented out for compatibility with Xerces-2.0.2

+   <!DOCTYPE schema

+    PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"

+   [

+     <!ATTLIST schema

+       xmlns:xf CDATA #FIXED 'http://www.w3.org/2002/06/xmldsig-filter2'>

+     <!ENTITY xf 'http://www.w3.org/2002/06/xmldsig-filter2'>

+     <!ENTITY % p ''>

+     <!ENTITY % s ''>

+    ]>

+-->

+

+   <schema xmlns="http://www.w3.org/2001/XMLSchema"

+           xmlns:xf="http://www.w3.org/2002/06/xmldsig-filter2"

+           targetNamespace="http://www.w3.org/2002/06/xmldsig-filter2"

+           version="0.1" elementFormDefault="qualified">

+

+   <element name="XPath"

+            type="xf:XPathType"/>

+

+   <complexType name="XPathType">

+    <simpleContent>

+      <extension base="string">

+        <attribute name="Filter">

+           <simpleType>

+             <restriction base="string">

+               <enumeration value="intersect"/>

+               <enumeration value="subtract"/>

+               <enumeration value="union"/>

+             </restriction>

+           </simpleType>

+        </attribute>

+      </extension>

+    </simpleContent>

+   </complexType>

+

+   </schema>
\ No newline at end of file
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/AllTests.java
new file mode 100644
index 0000000..569c24c
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/AllTests.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa;
+
+import test.at.gv.egovernment.moa.util.DOMUtilsTest;
+import test.at.gv.egovernment.moa.util.DateTimeUtilsTest;
+import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest;
+import test.at.gv.egovernment.moa.util.SSLUtilsTest;
+import test.at.gv.egovernment.moa.util.XPathUtilsTest;
+
+//import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author patrick
+ * @version $Id$
+ */
+public class AllTests {
+
+  public static Test suite() {
+    TestSuite suite = new TestSuite();
+    
+//    suite.addTestSuite(DOMUtilsTest.class);
+//    suite.addTestSuite(DateTimeUtilsTest.class);
+//    suite.addTestSuite(XPathUtilsTest.class);
+//    suite.addTestSuite(KeyStoreUtilsTest.class);
+//    suite.addTestSuite(SSLUtilsTest.class);
+
+    return suite;
+  }
+
+  public static void main(String[] args) {
+    try {
+      //TestRunner.run(AllTests.class);
+    } catch (Exception e) {
+      e.printStackTrace();
+    }
+  }
+}
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
new file mode 100644
index 0000000..5d1c537
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa;
+
+import java.io.FileInputStream;
+import java.io.StringReader;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+
+import org.xml.sax.InputSource;
+
+import junit.framework.TestCase;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Base class for MOA test cases.
+ * 
+ * Provides some utility functions.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOATestCase extends TestCase {
+
+  protected static final String TESTDATA_ROOT = "data/test/";
+
+  /**
+   * Constructor for MOATestCase.
+   * @param arg0
+   */
+  public MOATestCase(String name) {
+    super(name);
+  }
+
+  /**
+   * Parse an XML file non-validating.
+   */
+  public static Document parseXml(String fileName) throws Exception {
+    return DOMUtils.parseDocument(
+      new FileInputStream(fileName),
+      false,
+      null,
+      null);
+  }
+
+  /**
+   * Parse an XML validating with a given file name.
+   * 
+   * Uses the local schema resources.
+   */
+  public static Document parseXmlValidating(String fileName) throws Exception {
+    return DOMUtils.parseDocument(
+      new FileInputStream(fileName),
+      true,
+      Constants.ALL_SCHEMA_LOCATIONS,
+      null);
+  }
+
+  /**
+   * Parse an XML from a String.
+   */
+  public static Document parseXmlString(String xml) throws Exception {
+    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+    DocumentBuilder builder;
+    
+    factory.setNamespaceAware(true);
+    builder = factory.newDocumentBuilder();
+
+    return builder.parse(new InputSource(new StringReader(xml)));
+  }
+
+}
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
new file mode 100644
index 0000000..1a2b690
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+import java.io.FileInputStream;
+import java.util.Map;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import test.at.gv.egovernment.moa.*;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DOMUtilsTest extends MOATestCase {
+  private static final String TESTDATA_BASE = TESTDATA_ROOT + "xml/";
+  private static boolean grammarsInitialized = false;
+
+  /**
+   * Constructor for DOMUtilsTest.
+   * @param name
+   */
+  public DOMUtilsTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    if (!grammarsInitialized) {
+      // preparse XML schema
+      DOMUtils.addSchemaToPool(
+        getClass().getResourceAsStream(Constants.XML_SCHEMA_LOCATION),
+        Constants.XML_NS_URI);
+      // preparse XMLDsig Filter2 schema
+      DOMUtils.addSchemaToPool(
+        getClass().getResourceAsStream(Constants.DSIG_FILTER2_SCHEMA_LOCATION),
+        Constants.DSIG_FILTER2_NS_URI);
+      // preparse XMLDsig schema
+      DOMUtils.addSchemaToPool(
+        getClass().getResourceAsStream(Constants.DSIG_SCHEMA_LOCATION),
+        Constants.DSIG_NS_URI);
+      // preparse MOA schema
+      DOMUtils.addSchemaToPool(
+        getClass().getResourceAsStream(Constants.MOA_SCHEMA_LOCATION),
+        Constants.MOA_NS_URI);
+      grammarsInitialized = true;
+    }
+  }
+
+  private Document parse(String fileName) throws Exception {
+    return DOMUtils.parseDocument(
+      new FileInputStream(fileName),
+      true,
+      Constants.ALL_SCHEMA_LOCATIONS,
+      null);
+  }
+
+  public void testParseCreateXMLSignature() throws Exception {
+    parse(TESTDATA_BASE + "CreateXMLSignature/TestGeneratorCX2.005.Req.xml");
+    parse(TESTDATA_BASE + "CreateXMLSignature/Req000.xml");
+    parse(TESTDATA_BASE + "CreateXMLSignature/Req001.xml");
+    parse(TESTDATA_BASE + "CreateXMLSignature/Req002.xml");
+    parse(TESTDATA_BASE + "CreateXMLSignature/Req004.xml");
+  }
+
+  public void testParseVerifyCMSSignature() throws Exception {
+    parse(TESTDATA_BASE + "VerifyCMSSignature/Req000.xml");
+  }
+
+  public void testParseVerifyXMLSignature() throws Exception {
+    parse(TESTDATA_BASE + "VerifyXMLSignature/Req000.xml");
+    parse(TESTDATA_BASE + "VerifyXMLSignature/Req001.xml");
+    parse(TESTDATA_BASE + "VerifyXMLSignature/Req002.xml");
+    parse(TESTDATA_BASE + "VerifyXMLSignature/TestGeneratorVX.002.Req.xml");
+    //parse(TESTDATA_BASE + "VerifyXMLSignature/TestGeneratorVX.006.Req.xml");
+    parse(TESTDATA_BASE + "VerifyXMLSignature/VerifySAMLRequest.xml");
+  }
+  
+  public void testParseInfobox() throws Exception {
+    parse(TESTDATA_BASE + "Infobox/InfoboxReadResponseMOA4.xml");
+    parse(TESTDATA_BASE + "Infobox/InfoboxReadResponse.xml");  
+  }
+ 
+
+  private Document parsePlain(String fileName) throws Exception {
+    return DOMUtils.parseDocument(
+      new FileInputStream(fileName),
+      false,
+      null,
+      null);
+  }
+
+  public void testValidateCreateXMLSignature() throws Exception {
+    Document doc;
+    boolean valid;
+
+    // test a valid request
+    doc = parsePlain(TESTDATA_BASE + "CreateXMLSignature/Req000.xml");
+    valid =
+      DOMUtils.validateElement(
+        doc.getDocumentElement(),
+        Constants.ALL_SCHEMA_LOCATIONS,
+        null);
+    assertTrue(valid);
+
+    // test an invalid request
+    doc = parsePlain(TESTDATA_BASE + "CreateXMLSignature/invalid.xml");
+    try {
+      valid =
+        DOMUtils.validateElement(
+          doc.getDocumentElement(),
+          Constants.ALL_SCHEMA_LOCATIONS,
+          null);
+      fail();
+    } catch (Exception e) {
+    }
+  }
+
+  public void testGetNamespaceDeclarations() throws Exception {
+    Document doc;
+    NodeList nl;
+    Element elem;
+    Map nsDecls;
+
+    doc = parse(TESTDATA_BASE + "VerifyXMLSignature/Req002.xml");
+    nl = doc.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Reference");
+    elem = (Element) nl.item(0);
+    nsDecls = DOMUtils.getNamespaceDeclarations(elem);
+
+    assertEquals(2, nsDecls.size());
+    assertEquals(Constants.DSIG_NS_URI, nsDecls.get("dsig"));
+    assertEquals(Constants.MOA_NS_URI, nsDecls.get(""));
+  }
+
+}
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
new file mode 100644
index 0000000..e3468b8
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.TimeZone;
+
+import junit.framework.TestCase;
+
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DateTimeUtilsTest extends TestCase {
+
+  /**
+   * Constructor for DateTimeUtilsTest.
+   * @param arg0
+   */
+  public DateTimeUtilsTest(String arg0) {
+    super(arg0);
+  }
+
+  public void testParseDateTimeValid() throws Exception {
+    Date date;
+    DateFormat format = new SimpleDateFormat("dd.MM.yyyy HH:mm:ss");
+    
+    String dateStr;
+    
+    format.setTimeZone(TimeZone.getTimeZone("GMT"));    
+    date = DateTimeUtils.parseDateTime("+1971-12-12T06:30:15");
+    date.setTime(date.getTime() + TimeZone.getDefault().getRawOffset());
+    dateStr = format.format(date);
+    assertEquals("12.12.1971 06:30:15", dateStr);
+    
+    date = DateTimeUtils.parseDateTime("2000-01-01T23:59:59.012Z");
+    dateStr = format.format(date);
+    assertEquals("01.01.2000 23:59:59", dateStr);
+    
+    date = DateTimeUtils.parseDateTime("2003-05-20T12:17:30-05:00");
+    dateStr = format.format(date);
+    assertEquals("20.05.2003 17:17:30", dateStr);
+    
+    
+    date = DateTimeUtils.parseDateTime("2002-02-02T02:02:02.33+04:30");
+    dateStr = format.format(date);
+    assertEquals("01.02.2002 21:32:02", dateStr);
+  }
+  
+  public void testParseDateTimeInvalid() {
+    try {    
+      DateTimeUtils.parseDateTime("+1971-12-12T6:30:15");
+      fail();
+    } catch (ParseException e) {
+    }
+    
+    try {    
+      DateTimeUtils.parseDateTime("2000-01-0123:59:59.999999Z");
+      fail();
+    } catch (ParseException e) {
+    }
+    
+    try {    
+      DateTimeUtils.parseDateTime("2003-05-20T12:17:3005:00");
+      fail();
+    } catch (ParseException e) {
+    }
+    
+    try {    
+      DateTimeUtils.parseDateTime(" 2002-02-02T02:02:02.33+04:00");
+      fail();
+    } catch (ParseException e) {
+    }
+
+  }
+  
+  public void testBuildDateTimeGMTMinus3() {
+  	String should = "2002-01-01T01:01:01-03:00";
+  	doTestBuildDateTime(2002, 1, 1, 1, 1, 1, "GMT-03:00", should);
+  }
+  public void testBuildDateTimeMEZSommerzeit() {
+  	String should = "2002-07-31T23:59:59+02:00";
+  	doTestBuildDateTime(2002, 7, 31, 23, 59, 59, "GMT+01:00", should);
+  }
+  public void testBuildDateTimeGMT() {
+  	String should = "2002-01-01T01:01:01";
+  	doTestBuildDateTime(2002, 1, 1, 1, 1, 1, "GMT+00:00", should);
+  }
+  private void doTestBuildDateTime(
+  	int year, int month, int day, 
+  	int hour, int min, int sec, 
+  	String timeZone, String dateTimeShould) {
+  		
+//  	Calendar cal = new GregorianCalendar(TimeZone.getTimeZone(timeZone));
+//  	cal.set(year,month, day, hour, min, sec);
+//  	cal.set(Calendar.MILLISECOND, 0);
+//  	String dateTimeBuilt = DateTimeUtils.buildDateTime(cal, false);
+//  	assertEquals(dateTimeShould, dateTimeBuilt);
+  }
+
+}
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
new file mode 100644
index 0000000..2433eca
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.KeyStore;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+import junit.framework.TestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class KeyStoreUtilsTest extends TestCase {
+	private String tmpDir = "tmp/KeyStoreUtilsTest";
+	private String tmpDirURL = "file:" + tmpDir;
+
+  public KeyStoreUtilsTest(String arg0) {
+    super(arg0);
+  }
+  
+  protected void setUp() throws Exception {
+    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    new File(tmpDir).mkdirs();
+  }
+  protected void tearDown() throws Exception {
+  	new File(tmpDir).delete();
+  }
+  public void testCreateKeyStoreJKS() throws Exception {
+  	String[] certFilenames = new String[] {
+  		"data/test/security/server-certs/baltimore.cer"
+  	};
+  	KeyStore ks = KeyStoreUtils.createKeyStore("jks", certFilenames);
+  	assertEquals(1, ks.size());
+  	X509Certificate cert = (X509Certificate)ks.getCertificate("0");
+  	assertEquals(3424, cert.getSerialNumber().intValue());
+  }
+  public void testCreateKeyStorePKCS12() throws Exception {
+  	String[] certFilenames = new String[] {
+  		"data/test/security/server-certs/baltimore.cer"
+  	};
+  	KeyStore ks = KeyStoreUtils.createKeyStore("pkcs12", certFilenames);
+  	assertEquals(1, ks.size());
+  	X509Certificate cert = (X509Certificate)ks.getCertificate("0");
+  	assertEquals(3424, cert.getSerialNumber().intValue());
+  }
+  public void testCreateKeyStoreFromCertificateDirectory() throws Exception {
+    // copy certificate files to a temporary directory, 
+    // omitting the "CVS" directory in the source directory
+  	copyCertificates("data/test/security/server-certs", tmpDir);
+  	KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL);
+  	assertEquals(2, ks.size());
+  	X509Certificate cert0 = (X509Certificate)ks.getCertificate("0");
+  	X509Certificate cert1 = (X509Certificate)ks.getCertificate("1");
+  	assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue());
+  }
+  private void copyCertificates(String from, String to) throws IOException {
+		String[] fromList = new File(from).list();
+		for (int i = 0; i < fromList.length; i++) {
+      File fromFile = new File(from + File.separator + fromList[i]);
+      if (fromFile.isFile()) {
+      	String toFile = to + "/" + fromList[i];
+      	FileInputStream in = new FileInputStream(fromFile);
+      	FileOutputStream out = new FileOutputStream(toFile);
+      	for (int ch = in.read(); ch >= 0; ch = in.read())
+      		out.write(ch);
+      	out.close();
+      	in.close();
+      }
+    }
+    
+  }
+  public void testLoadKeyStore() throws Exception {
+  	String keyStoreURL = "file:data/test/security/client-certs/sicher-demo(buergerkarte).p12";
+  	KeyStore ks = KeyStoreUtils.loadKeyStore("pkcs12", keyStoreURL, "buergerkarte");
+  	assertEquals(1, ks.size());
+  	Enumeration aliases = ks.aliases();
+  	String alias = (String)aliases.nextElement();
+  	X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
+  	assertEquals(new BigInteger("1044289238331").intValue(), cert.getSerialNumber().intValue());
+  }
+
+}
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
new file mode 100644
index 0000000..2b5094f
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+
+import java.net.URL;
+import java.security.KeyStore;
+import java.security.Security;
+
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSocketFactory;
+
+import junit.framework.TestCase;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.SSLUtils;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtilsTest extends TestCase {
+
+  public SSLUtilsTest(String arg0) {
+    super(arg0);
+  }
+
+	
+  protected void setUp() throws Exception {
+    //System.setProperty("javax.net.debug", "all");
+    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+    System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5");
+  }
+
+	public void testGetSSLSocketFactoryBaltimoreOK() throws Exception {
+		doTestGetSSLSocketFactory(
+			"GET",
+			"https://www.baltimore.com/",
+			false,
+			"file:data/test/security/cacerts+gt_cybertrust_root",
+			"changeit",
+			true);
+	}
+	public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception {
+		doTestGetSSLSocketFactory(
+			"GET",
+			"https://www.baltimore.com/",
+			false,
+			"file:data/test/security/cacerts",
+			"changeit", 
+			false);
+	}
+	public void testGetSSLSocketFactoryVerisignOK() throws Exception {
+		doTestGetSSLSocketFactory(
+			"GET",
+			"https://www.verisign.com/",
+			false,
+			"file:data/test/security/cacerts",
+			"changeit",
+			true);
+	}
+	public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception {
+		doTestGetSSLSocketFactory(
+			"GET",
+			"https://www.verisign.com/",
+			false,
+			null,
+			null,
+			true);
+	}
+	public void testGetSSLSocketFactoryLocalhostOK() throws Exception {
+		String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
+		doTestGetSSLSocketFactory(
+			"GET",
+			urlString,
+			true,
+			"file:data/test/security/server.keystore.tomcat",
+			"changeit",
+			true);
+	}
+	public void testGetSSLSocketFactoryLocalhostNOK() throws Exception {
+		String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
+		doTestGetSSLSocketFactory(
+			"GET",
+			urlString,
+			true,
+			null,
+			null,
+			false);
+	}
+		
+	public void doTestGetSSLSocketFactory(
+		String requestMethod,
+		String urlString, 
+		boolean useHostnameVerifierHack,
+		String truststoreurl,
+		String trustpassword,
+		boolean shouldOk
+		) throws Exception {
+
+		doTestGetSSLSocketFactory(
+			requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk);
+		}
+	public void doTestGetSSLSocketFactory(
+		String requestMethod,
+		String urlString, 
+		boolean useHostnameVerifierHack,
+		String truststoreurl,
+		String trustpassword,
+		String keystoretype,
+		String keystoreurl,
+		String keypassword,
+		boolean shouldOk
+		) throws Exception {
+
+		KeyStore truststore = null;
+		if (truststoreurl != null)
+			truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword);
+		SSLSocketFactory sf = SSLUtils.getSSLSocketFactory(
+			truststore, keystoretype, keystoreurl, keypassword);
+		System.out.println(requestMethod + " " + urlString);
+
+		URL url = new URL(urlString);
+		HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
+		conn.setRequestMethod(requestMethod);
+		conn.setDoInput(true);
+		conn.setDoOutput(true);
+		conn.setUseCaches(false);
+		conn.setAllowUserInteraction(false);		
+  	conn.setSSLSocketFactory(sf);
+  	if (useHostnameVerifierHack)
+  		conn.setHostnameVerifier(new HostnameVerifierHack());
+  	try {
+			conn.connect();
+			assertTrue(shouldOk);
+			assertEquals(200, conn.getResponseCode());
+			conn.disconnect();
+  	}
+  	catch (SSLException ex) {
+  		assertFalse(shouldOk);
+  	}
+	}
+//	private byte[] readTruststore(String filename) throws IOException {
+//		if (filename == null)
+//			return null;
+//		FileInputStream in = new FileInputStream(filename);
+//		byte[] buffer = new byte[in.available()];
+//		in.read(buffer);
+//		in.close();
+//		return buffer;
+//	}
+  private class HostnameVerifierHack implements HostnameVerifier {
+    public boolean verify(String arg0, String arg1) {
+      return true;
+    }
+	}
+}
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java
new file mode 100644
index 0000000..2ded896
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+
+import java.net.URLEncoder;
+
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+
+import junit.framework.TestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class URLDecoderTest extends TestCase {
+
+  public void test() throws Exception {
+    String s = "immerZUA0129<>%==$$%&/()@?{()=} \\\"";
+    String senc = URLEncoder.encode(s);
+    String sdec = URLDecoder.decode(senc, "ISO-8859-1");
+    assertEquals(s, sdec);
+  }
+  public void testUTF8() throws Exception {
+    String s = new String(FileUtils.readFile("data/test/xml/CreateXMLSignature/CreateXMLSignatureResponse.xml"));
+    String senc = URLEncoder.encode(s);
+    String sdec = URLDecoder.decode(senc, "UTF-8");
+    String sutf8 = FileUtils.readFile("data/test/xml/CreateXMLSignature/CreateXMLSignatureResponse.xml", "UTF-8");
+    assertEquals(sutf8, sdec);
+  }
+}
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java
new file mode 100644
index 0000000..5f72c8a
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+import junit.framework.TestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class URLEncoderTest extends TestCase {
+
+  public void testUnchangedString() throws Exception {
+    String s = "AZaz0123456789.-*_";
+    String senc = URLEncoder.encode(s, "UTF-8");
+    assertEquals(s, senc);
+  }
+  public void testAumlUTF8() throws Exception {
+    String s = "ä";
+    String senc = URLEncoder.encode(s, "UTF-8");
+    assertEquals("%C3%A4", senc);
+  }
+  public void testEncodeDecode() throws Exception {
+    String s = "AZaz09.-*_ <>%=$%&/()@?{}[]\\\"";
+    String senc = URLEncoder.encode(s, "UTF-8");
+    String sdec = URLDecoder.decode(senc, "UTF-8");
+    assertEquals(s, sdec);
+  }
+  public void testCertInfo() throws Exception {
+    String s = new String(FileUtils.readFile("data/test/xml/VerifyXMLSignature/CertInfoVerifyXMLSignatureRequest.xml", "UTF-8"));
+    String senc = URLEncoder.encode(s, "UTF-8");
+    String sdec = URLDecoder.decode(senc, "UTF-8");
+    assertEquals(s, sdec);
+  }
+  /*public void testJDK14() throws Exception {
+    String s = new String(FileUtils.readFile("data/test/xml/VerifyXMLSignature/CertInfoVerifyXMLSignatureRequest.xml", "UTF-8"));
+    String senc = URLEncoder.encode(s, "UTF-8");
+    String senc14 = java.net.URLEncoder.encode(s, "UTF-8");
+    assertEquals(senc, senc14);
+  }*/
+
+}
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java
new file mode 100644
index 0000000..dfe7a53
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+import java.io.FileInputStream;
+import java.io.InputStream;
+
+import org.apache.xerces.parsers.DOMParser;
+import org.apache.xerces.parsers.XMLGrammarPreparser;
+import org.apache.xerces.util.SymbolTable;
+import org.apache.xerces.util.XMLGrammarPoolImpl;
+import org.apache.xerces.xni.grammars.Grammar;
+import org.apache.xerces.xni.grammars.XMLGrammarDescription;
+import org.apache.xerces.xni.parser.XMLInputSource;
+import org.xml.sax.InputSource;
+
+import test.at.gv.egovernment.moa.MOATestCase;
+
+import at.gv.egovernment.moa.util.Constants;
+
+
+/**
+ * Experimentation with Xerces grammar caching.
+ * 
+ * Used the Xerces sample 'XMLGrammarBuilder' as a starting point. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLGrammarBuilderTest extends MOATestCase {
+
+  private static final String GRAMMAR_POOL =
+    org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX
+      + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY;
+
+  protected static final String NAMESPACES_FEATURE_ID =
+    "http://xml.org/sax/features/namespaces";
+  protected static final String VALIDATION_FEATURE_ID =
+    "http://xml.org/sax/features/validation";
+  protected static final String SCHEMA_VALIDATION_FEATURE_ID =
+    "http://apache.org/xml/features/validation/schema";
+  protected static final String SCHEMA_FULL_CHECKING_FEATURE_ID =
+    "http://apache.org/xml/features/validation/schema-full-checking";
+
+  private static final int BIG_PRIME = 2039;
+  private SymbolTable symbolTable;
+  private XMLGrammarPoolImpl grammarPool;
+
+  /**
+   * Constructor for XMLGrammarBuilderTest.
+   * @param name
+   */
+  public XMLGrammarBuilderTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    XMLGrammarPreparser preparser;
+
+    // set up symbol table and grammar pool
+    symbolTable = new SymbolTable(BIG_PRIME);
+    grammarPool = new XMLGrammarPoolImpl();
+    preparser = new XMLGrammarPreparser(symbolTable);
+    preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null);
+    preparser.setProperty(GRAMMAR_POOL, grammarPool);
+    preparser.setFeature(NAMESPACES_FEATURE_ID, true);
+    preparser.setFeature(VALIDATION_FEATURE_ID, true);
+    // now we can still do schema features just in case, 
+    // so long as it's our configuraiton......
+    preparser.setFeature(SCHEMA_VALIDATION_FEATURE_ID, true);
+    preparseSchemaResource(
+      preparser,
+      Constants.DSIG_SCHEMA_LOCATION,
+      "/resources/schemas/xmldsig-core-schema.xsd");
+  }
+
+  private static Grammar preparseSchemaResource(
+    XMLGrammarPreparser preparser,
+    String systemId,
+    String resource)
+    throws Exception {
+
+    InputStream is = XMLGrammarBuilderTest.class.getResourceAsStream(resource);
+    return preparser.preparseGrammar(
+      XMLGrammarDescription.XML_SCHEMA,
+      new XMLInputSource(null, systemId, null, is, null));
+  }
+
+  public void testParseValidating() throws Exception {
+    DOMParser parser = new DOMParser(symbolTable, grammarPool);
+
+    parser.setFeature(NAMESPACES_FEATURE_ID, true);
+    parser.setFeature(VALIDATION_FEATURE_ID, true);
+    parser.setFeature(SCHEMA_VALIDATION_FEATURE_ID, true);
+
+    parser.parse(
+      new InputSource(
+        new FileInputStream(TESTDATA_ROOT + "xml/dsigTransform/base64.xml")));
+    parser.getDocument();
+  }
+
+}
diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
new file mode 100644
index 0000000..15e6a62
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.util;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+import test.at.gv.egovernment.moa.MOATestCase;
+
+import at.gv.egovernment.moa.util.XPathUtils;
+
+
+/**
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPathUtilsTest extends MOATestCase {
+
+  private Document doc1;
+
+  /**
+   * Constructor for XPathUtilsTest.
+   * @param name
+   */
+  public XPathUtilsTest(String name) {
+    super(name);
+  }
+
+  /**
+   * @see TestCase#setUp()
+   */
+  protected void setUp() throws Exception {
+    super.setUp();
+    doc1 =
+      parseXml(TESTDATA_ROOT + "xml/VerifyXMLSignature/Req000.xml");
+  }
+
+  public void testSelectNodeList() throws Exception {
+    NodeList nodes;
+
+    nodes =
+      XPathUtils.selectNodeList(
+        doc1.getDocumentElement(),
+        doc1.getDocumentElement(),
+        "/VerifyXMLSignatureRequest");
+    assertEquals(1, nodes.getLength());
+    nodes =
+      XPathUtils.selectNodeList(
+        doc1.getDocumentElement(),
+        "//dsig:Signature");
+    assertEquals(1, nodes.getLength());
+  }
+
+}
diff --git a/moaSig/gradle/wrapper/gradle-wrapper.jar b/moaSig/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000..b761216
--- /dev/null
+++ b/moaSig/gradle/wrapper/gradle-wrapper.jar
diff --git a/moaSig/gradle/wrapper/gradle-wrapper.properties b/moaSig/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 0000000..f3853f0
--- /dev/null
+++ b/moaSig/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,6 @@
+#Thu Oct 22 16:18:12 CEST 2015
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-2.8-bin.zip
diff --git a/moaSig/gradlew b/moaSig/gradlew
new file mode 100755
index 0000000..91a7e26
--- /dev/null
+++ b/moaSig/gradlew
@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn ( ) {
+    echo "$*"
+}
+
+die ( ) {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+esac
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched.
+if $cygwin ; then
+    [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+fi
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >&-
+APP_HOME="`pwd -P`"
+cd "$SAVED" >&-
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
+function splitJvmOpts() {
+    JVM_OPTS=("$@")
+}
+eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
+JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+
+exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
diff --git a/moaSig/gradlew.bat b/moaSig/gradlew.bat
new file mode 100644
index 0000000..aec9973
--- /dev/null
+++ b/moaSig/gradlew.bat
@@ -0,0 +1,90 @@
+@if "%DEBUG%" == "" @echo off

+@rem ##########################################################################

+@rem

+@rem  Gradle startup script for Windows

+@rem

+@rem ##########################################################################

+

+@rem Set local scope for the variables with windows NT shell

+if "%OS%"=="Windows_NT" setlocal

+

+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.

+set DEFAULT_JVM_OPTS=

+

+set DIRNAME=%~dp0

+if "%DIRNAME%" == "" set DIRNAME=.

+set APP_BASE_NAME=%~n0

+set APP_HOME=%DIRNAME%

+

+@rem Find java.exe

+if defined JAVA_HOME goto findJavaFromJavaHome

+

+set JAVA_EXE=java.exe

+%JAVA_EXE% -version >NUL 2>&1

+if "%ERRORLEVEL%" == "0" goto init

+

+echo.

+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.

+echo.

+echo Please set the JAVA_HOME variable in your environment to match the

+echo location of your Java installation.

+

+goto fail

+

+:findJavaFromJavaHome

+set JAVA_HOME=%JAVA_HOME:"=%

+set JAVA_EXE=%JAVA_HOME%/bin/java.exe

+

+if exist "%JAVA_EXE%" goto init

+

+echo.

+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%

+echo.

+echo Please set the JAVA_HOME variable in your environment to match the

+echo location of your Java installation.

+

+goto fail

+

+:init

+@rem Get command-line arguments, handling Windowz variants

+

+if not "%OS%" == "Windows_NT" goto win9xME_args

+if "%@eval[2+2]" == "4" goto 4NT_args

+

+:win9xME_args

+@rem Slurp the command line arguments.

+set CMD_LINE_ARGS=

+set _SKIP=2

+

+:win9xME_args_slurp

+if "x%~1" == "x" goto execute

+

+set CMD_LINE_ARGS=%*

+goto execute

+

+:4NT_args

+@rem Get arguments from the 4NT Shell from JP Software

+set CMD_LINE_ARGS=%$

+

+:execute

+@rem Setup the command line

+

+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar

+

+@rem Execute Gradle

+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%

+

+:end

+@rem End local scope for the variables with windows NT shell

+if "%ERRORLEVEL%"=="0" goto mainEnd

+

+:fail

+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of

+rem the _cmd.exe /c_ return code!

+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1

+exit /b 1

+

+:mainEnd

+if "%OS%"=="Windows_NT" endlocal

+

+:omega

diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle
new file mode 100644
index 0000000..7e46f0a
--- /dev/null
+++ b/moaSig/moa-sig-lib/build.gradle
@@ -0,0 +1,15 @@
+
+dependencies {
+	compile fileTree(dir: '../libs', include: '*.jar')
+	compile project(':common')
+	
+	compile 'log4j:log4j:1.2.17'
+	compile 'commons-logging:commons-logging:1.2'
+	compile 'commons-io:commons-io:2.4'
+	compile 'org.apache.axis:axis-jaxrpc:1.4'
+	compile 'org.xerial:sqlite-jdbc:3.8.11.2'
+	compile 'javax.xml.bind:jaxb-api:2.2.12'
+	compile 'com.sun.xml.bind:jaxb-core:2.2.11'
+	compile 'org.postgresql:postgresql:9.4-1204-jdbc42'
+}
+
diff --git a/moaSig/moa-sig-lib/gradle/wrapper/gradle-wrapper.jar b/moaSig/moa-sig-lib/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000..b761216
--- /dev/null
+++ b/moaSig/moa-sig-lib/gradle/wrapper/gradle-wrapper.jar
diff --git a/moaSig/moa-sig-lib/gradle/wrapper/gradle-wrapper.properties b/moaSig/moa-sig-lib/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 0000000..473a847
--- /dev/null
+++ b/moaSig/moa-sig-lib/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,6 @@
+#Thu Oct 22 16:17:43 CEST 2015
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-2.8-bin.zip
diff --git a/moaSig/moa-sig-lib/gradlew b/moaSig/moa-sig-lib/gradlew
new file mode 100755
index 0000000..91a7e26
--- /dev/null
+++ b/moaSig/moa-sig-lib/gradlew
@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn ( ) {
+    echo "$*"
+}
+
+die ( ) {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+esac
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched.
+if $cygwin ; then
+    [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+fi
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >&-
+APP_HOME="`pwd -P`"
+cd "$SAVED" >&-
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
+function splitJvmOpts() {
+    JVM_OPTS=("$@")
+}
+eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
+JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+
+exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
diff --git a/moaSig/moa-sig-lib/gradlew.bat b/moaSig/moa-sig-lib/gradlew.bat
new file mode 100644
index 0000000..aec9973
--- /dev/null
+++ b/moaSig/moa-sig-lib/gradlew.bat
@@ -0,0 +1,90 @@
+@if "%DEBUG%" == "" @echo off

+@rem ##########################################################################

+@rem

+@rem  Gradle startup script for Windows

+@rem

+@rem ##########################################################################

+

+@rem Set local scope for the variables with windows NT shell

+if "%OS%"=="Windows_NT" setlocal

+

+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.

+set DEFAULT_JVM_OPTS=

+

+set DIRNAME=%~dp0

+if "%DIRNAME%" == "" set DIRNAME=.

+set APP_BASE_NAME=%~n0

+set APP_HOME=%DIRNAME%

+

+@rem Find java.exe

+if defined JAVA_HOME goto findJavaFromJavaHome

+

+set JAVA_EXE=java.exe

+%JAVA_EXE% -version >NUL 2>&1

+if "%ERRORLEVEL%" == "0" goto init

+

+echo.

+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.

+echo.

+echo Please set the JAVA_HOME variable in your environment to match the

+echo location of your Java installation.

+

+goto fail

+

+:findJavaFromJavaHome

+set JAVA_HOME=%JAVA_HOME:"=%

+set JAVA_EXE=%JAVA_HOME%/bin/java.exe

+

+if exist "%JAVA_EXE%" goto init

+

+echo.

+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%

+echo.

+echo Please set the JAVA_HOME variable in your environment to match the

+echo location of your Java installation.

+

+goto fail

+

+:init

+@rem Get command-line arguments, handling Windowz variants

+

+if not "%OS%" == "Windows_NT" goto win9xME_args

+if "%@eval[2+2]" == "4" goto 4NT_args

+

+:win9xME_args

+@rem Slurp the command line arguments.

+set CMD_LINE_ARGS=

+set _SKIP=2

+

+:win9xME_args_slurp

+if "x%~1" == "x" goto execute

+

+set CMD_LINE_ARGS=%*

+goto execute

+

+:4NT_args

+@rem Get arguments from the 4NT Shell from JP Software

+set CMD_LINE_ARGS=%$

+

+:execute

+@rem Setup the command line

+

+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar

+

+@rem Execute Gradle

+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%

+

+:end

+@rem End local scope for the variables with windows NT shell

+if "%ERRORLEVEL%"=="0" goto mainEnd

+

+:fail

+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of

+rem the _cmd.exe /c_ return code!

+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1

+exit /b 1

+

+:mainEnd

+if "%OS%"=="Windows_NT" endlocal

+

+:omega

diff --git a/moaSig/moa-sig-lib/src/main/java/META-INF/MANIFEST.MF b/moaSig/moa-sig-lib/src/main/java/META-INF/MANIFEST.MF
new file mode 100644
index 0000000..5e94951
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0

+Class-Path: 

+

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAApplicationException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAApplicationException.java
new file mode 100644
index 0000000..305c227
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAApplicationException.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss;
+/**
+ * Base class of application specific MOA exceptions.
+ * 
+ * Application exceptions are exceptions that originate from application
+ * code (e.g. inconsistent data provided by the user, no permission to access
+ * certain resources, etc.)
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOAApplicationException extends MOAException {
+  
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 1042877795934327684L;
+
+/**
+   * Create a new <code>MOAApplicationException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * exception.
+   * @param parameters Additional message parameters.
+   */
+  public MOAApplicationException(String messageId, Object[] parameters) {
+    super(messageId, parameters);
+  }
+
+  /**
+   * Create a new <code>MOAApplicationException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * <code>MOAApplicationException</code>.
+   * @param parameters Additional message parameters.
+   * @param wrapped The exception wrapped by this
+   * <code>MOAApplicationException</code>.
+   */
+  public MOAApplicationException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+    super(messageId, parameters, wrapped);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java
new file mode 100644
index 0000000..803f3fd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.util.Constants;
+
+
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * Base class of MOA specific exceptions.
+ * 
+ * This class has the ability to wrap other exceptions which may be seen
+ * as the root cause for this exception. A similar mechanism is in place
+ * since JDK1.4 (see the <code>getClause()</code> method) but will not be used
+ * because of required compatibility with JDK1.3.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class MOAException extends Exception {
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 7115301799538771949L;
+/** The message ID. */
+  private String messageId;
+  /** The wrapped <code>Throwable</code>. */
+  private Throwable wrapped;
+
+  /**
+   * Create a <code>MOAException</code>.
+   * 
+   * @param messageId The message ID of the message contained in the created
+   * <code>MOAException</code>.
+   * @param parameters The parameters needed to fill in the message arguments.
+   */
+  public MOAException(String messageId, Object[] parameters) {
+    super(MessageProvider.getInstance().getMessage(messageId, parameters));
+    this.messageId = messageId;
+  }
+
+  /**
+   * Create a <code>MOAException</code>.
+   * 
+   * @param messageId The message ID of the message contained in the created
+   * <code>MOAException</code>.
+   * @param parameters The parameters needed to fill in the message arguments.
+   * @param wrapped The exception wrapped by the created
+   * <code>MOAException</code>.
+   */
+  public MOAException(String messageId, Object[] parameters, Throwable wrapped) {
+	  // TODO: remove wrapped again from super constructor
+    super(MessageProvider.getInstance().getMessage(messageId, parameters), wrapped);
+    this.messageId = messageId;
+    this.wrapped = wrapped;
+  }
+
+  /**
+   * Returns the message ID of this exception.
+   * 
+   * @return The message ID as provided in the constructor.
+   */
+  public String getMessageId() {
+    return messageId;
+  }
+
+  /**
+   * Returns the exception wrapped by this <code>MOAException</code>.
+   * 
+   * @return The exception wrapped by this exception. Possibly
+   * <code>null</code>, if none was provided at construction time.
+   */
+  public Throwable getWrapped() {
+    return wrapped;
+  }
+
+  /**
+   * Convert this <code>MOAException</code> to an <code>ErrorResponse</code>
+   * element from the MOA namespace.
+   * 
+   * @return An <code>ErrorResponse</code> element, containing the subelements
+   * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
+   */
+  public Element toErrorResponse() {
+    DocumentBuilder builder;
+    DOMImplementation impl;
+    Document doc;
+    Element errorResponse;
+    Element errorCode;
+    Element info;
+
+    // create a new document
+    try {
+      builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+      impl = builder.getDOMImplementation();
+    } catch (ParserConfigurationException e) {
+      return null;
+    }
+
+    // build the ErrorResponse element
+    doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
+    errorResponse = doc.getDocumentElement();
+
+    // add MOA namespace declaration
+    errorResponse.setAttributeNS(
+      Constants.XMLNS_NS_URI,
+      "xmlns",
+      Constants.MOA_NS_URI);
+
+    // build the child elements    
+    errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
+    errorCode.appendChild(doc.createTextNode(messageId));
+    info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
+    info.appendChild(doc.createTextNode(getMessage()));
+    errorResponse.appendChild(errorCode);
+    errorResponse.appendChild(info);
+    return errorResponse;
+  }
+  
+  /**
+   * Print a stack trace of this exception to <code>System.err</code>.
+   * 
+   * @see java.lang.Throwable#printStackTrace()
+   */
+  public void printStackTrace() {
+    printStackTrace(System.err);
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stack trace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
+   */
+  public void printStackTrace(PrintStream s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stacktrace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
+   */
+  public void printStackTrace(PrintWriter s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java
new file mode 100644
index 0000000..a3c8565
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java
@@ -0,0 +1,191 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Base class of MOA specific runtime exceptions.
+ * 
+ * This class has the ability to wrap other exceptions which may be seen
+ * as the root cause for this exception. A similar mechanism is in place
+ * since JDK1.4 (see the <code>getClause()</code> method) but will not be used
+ * because of required compatibility with JDK1.3.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOARuntimeException extends RuntimeException {
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 8516197293435621864L;
+/** The message ID. */
+  private String messageId;
+  /** The wrapped <code>Throwable</code>. */
+  private Throwable wrapped;
+
+  /**
+   * Create a <code>MOAException</code>.
+   * 
+   * @param messageId The message ID of the message contained in the created
+   * <code>MOAException</code>.
+   * @param parameters The parameters needed to fill in the message arguments.
+   */
+  public MOARuntimeException(String messageId, Object[] parameters) {
+    super(MessageProvider.getInstance().getMessage(messageId, parameters));
+    this.messageId = messageId;
+  }
+
+  /**
+   * Create a <code>MOAException</code>.
+   * 
+   * @param messageId The message ID of the message contained in the created
+   * <code>MOAException</code>.
+   * @param parameters The parameters needed to fill in the message arguments.
+   * @param wrapped The exception wrapped by the created
+   * <code>MOAException</code>.
+   */
+  public MOARuntimeException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+
+    super(MessageProvider.getInstance().getMessage(messageId, parameters));
+    this.messageId = messageId;
+    this.wrapped = wrapped;
+  }
+
+  /**
+   * Returns the message ID of this exception.
+   * 
+   * @return The message ID as provided in the constructor.
+   */
+  public String getMessageId() {
+    return messageId;
+  }
+
+  /**
+   * Returns the exception wrapped by this <code>MOARuntimeException</code>.
+   * 
+   * @return The exception wrapped by this exception. Possibly
+   * <code>null</code>, if none was provided at construction time.
+   */
+  public Throwable getWrapped() {
+    return wrapped;
+  }
+
+  /**
+   * Convert this <code>MOARuntimeException</code> to an <code>ErrorResponse</code>
+   * element from the MOA namespace.
+   * 
+   * @return An <code>ErrorResponse</code> element, containing the subelements
+   * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
+   */
+  public Element toErrorResponse() {
+    DocumentBuilder builder;
+    DOMImplementation impl;
+    Document doc;
+    Element errorResponse;
+    Element errorCode;
+    Element info;
+
+    // create a new document
+    try {
+      builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+      impl = builder.getDOMImplementation();
+    } catch (ParserConfigurationException e) {
+      return null;
+    }
+
+    // build the ErrorResponse element
+    doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
+    errorResponse = doc.getDocumentElement();
+
+    // add MOA namespace declaration
+    errorResponse.setAttributeNS(
+      Constants.XMLNS_NS_URI,
+      "xmlns",
+      Constants.MOA_NS_URI);
+
+    // build the child elements    
+    errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
+    errorCode.appendChild(doc.createTextNode(messageId));
+    info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
+    info.appendChild(doc.createTextNode(getMessage()));
+    errorResponse.appendChild(errorCode);
+    errorResponse.appendChild(info);
+    return errorResponse;
+  }
+  
+  /**
+   * Print a stack trace of this exception to <code>System.err</code>.
+   * 
+   * @see java.lang.Throwable#printStackTrace()
+   */
+  public void printStackTrace() {
+    printStackTrace(System.err);
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stack trace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
+   */
+  public void printStackTrace(PrintStream s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stacktrace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
+   */
+  public void printStackTrace(PrintWriter s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOASystemException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOASystemException.java
new file mode 100644
index 0000000..67c1908
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOASystemException.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss;
+/**
+ * Base class of technical MOA exceptions.
+ * 
+ * Technical exceptions are exceptions that originate from system failure (e.g.,
+ * a database connection fails, a component is not available, etc.)
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOASystemException extends MOAException {
+
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 655642019638205185L;
+
+/**
+   * Create a new <code>MOASystemException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * exception.
+   * @param parameters Additional message parameters.
+   */
+  public MOASystemException(String messageId, Object[] parameters) {
+    super(messageId, parameters);
+  }
+
+  /**
+   * Create a new <code>MOASystemException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * <code>MOASystemException</code>.
+   * @param parameters Additional message parameters.
+   * @param wrapped The exception wrapped by this
+   * <code>MOASystemException</code>.
+   */
+  public MOASystemException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+    super(messageId, parameters, wrapped);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java
new file mode 100644
index 0000000..6cbdf7d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.server.init.ConfiguratorImpl;
+
+/**
+ * Configures the SP/SS API.
+ * 
+ * Also handles dynamic configuration updates. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class Configurator {
+
+  /** The default implementation class. */
+  private static final String DEFAULT_IMPLEMENTATION =
+    "at.gv.egovernment.moa.spss.server.init.ConfiguratorImpl";
+
+  /** The single instance of this class. */
+  private static Configurator instance = null;
+
+  public static synchronized Configurator getInstance() {
+    if (instance == null) {
+      try {
+        /*DiscoverClass discover = new DiscoverClass();
+        instance =
+          (Configurator) discover.newInstance(
+            Configurator.class,
+            DEFAULT_IMPLEMENTATION);*/
+        return new ConfiguratorImpl();
+      } catch (Exception e) {
+        // this can not happen since we provide a valid default 
+        // implementation
+      }
+    }
+    return instance;
+  }
+
+  /**
+   * Initialize the SP/SS configuration.
+   * 
+   * Only a single call to this method will have an effect. Use 
+   * <code>update()</code> for reflecting changes in the configuration instead. 
+   * 
+   * @throws MOAException An error occurred updating the SP/SS configuration.
+   */  
+  public abstract void init() throws MOAException;
+  
+  /**
+   * Update the SP/SS configuration.
+   * 
+   * This will only have an effect after the system has been initialized once
+   * using <code>init()</code>.
+   * 
+   * @throws MOAException An error occurred updating the SP/SS configuration.
+   */
+  public abstract void update() throws MOAException;
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
new file mode 100644
index 0000000..4c57b13
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -0,0 +1,1139 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api;
+
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.common.X509IssuerSerial;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+import at.gv.egovernment.moa.spss.api.impl.SPSSFactoryImpl;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * An abstract factory for creating MOA SP/SS API objects.
+ * 
+ * Use <code>getInstance()</code> to get a concrete factory instance. Using
+ * this instance, concrete MOA SP/SS API object can be created.
+ * 
+ * @author Patrick Peck
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public abstract class SPSSFactory {
+
+  /** The default implementation of this class. */
+  private static final String DEFAULT_IMPLEMENTATION =
+    "at.gv.egovernment.moa.spss.api.impl.SPSSFactoryImpl";
+
+  /** The single instance of this class. */
+  private static SPSSFactory instance = null;
+
+  /**
+   * Returns the single instance of this class.
+   * 
+   * @return The single instance of this class.
+   */
+  public static synchronized SPSSFactory getInstance() {
+    if (instance == null) {
+      try {
+        /*DiscoverClass discover = new DiscoverClass();
+        instance =
+          (SPSSFactory) discover.newInstance(
+            SPSSFactory.class,
+            DEFAULT_IMPLEMENTATION);*/
+        return new SPSSFactoryImpl();
+      } catch (Exception e) {
+        // this can not happen since we provide a valid default 
+        // implementation
+      }
+    }
+    return instance;
+  }
+
+  //
+  // Factory methods for creating XML signatures
+  //
+
+  /**
+   * Create a new <code>CreateXMLSignatureRequest</code> object.
+   * 
+   * @param keyIdentifier The identifier for the key group to use for signing.
+   * @param singleSignatureInfos A <code>List</code> of 
+   * <code>SingleSignatureInfo</code> objects containing information about a
+   * single signature to be created.
+   * @return The <code>CreateXMLSignatureRequest</code> containing the above
+   * data.
+   * 
+   * @pre keyIdentifier != null && keyIdentifier.length() > 0
+   * @pre singleSignatureInfos != null
+   * @pre forall Object o in singleSignatureInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.SingleSignatureInfo 
+   * @post return != null
+   */
+  public abstract CreateXMLSignatureRequest createCreateXMLSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos);
+
+  /**
+   * Create a new <code>CreateCMSSignatureRequest</code> object.
+   * 
+   * @param keyIdentifier The identifier for the key group to use for signing.
+   * @param singleSignatureInfos A <code>List</code> of 
+   * <code>SingleSignatureInfo</code> objects containing information about a
+   * single signature to be created.
+   * @return The <code>CreateCMSSignatureRequest</code> containing the above
+   * data.
+   * 
+   * @pre keyIdentifier != null && keyIdentifier.length() > 0
+   * @pre singleSignatureInfos != null
+   * @pre forall Object o in singleSignatureInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.SingleSignatureInfo 
+   * @post return != null
+   */
+  public abstract CreateCMSSignatureRequest createCreateCMSSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos);
+  
+  /**
+   * Create a new <code>SingleSignatureInfo</code> object.
+   * 
+   * @param dataObjectInfos The data objects that will be signed (including
+   * transformations).
+   * @param createSignatureInfo Information about the signature environment. May
+   * be <code>null</code>.
+   * @param securityLayerConform If <code>true</code>, a Security Layer conform
+   * signature manifest is created, otherwise not.
+   * @return The <code>SingleSignatureInfo</code> containing the above data.
+   * 
+   * @pre dataObjectInfos != null && dataObjectInfos.size() > 0
+   * @pre forall Object o in dataObjectInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo
+   * @post return != null
+   */
+  public abstract SingleSignatureInfo createSingleSignatureInfo(
+    List dataObjectInfos,
+    CreateSignatureInfo createSignatureInfo, boolean securityLayerConform);
+  
+  /**
+   * Create a new <code>SingleSignatureInfo</code> object.
+   * 
+   * @param dataObjectInfo The data object that will be signed.
+   * @param securityLayerConform If <code>true</code>, a Security Layer conform
+   * signature manifest is created, otherwise not.
+   * @return The <code>SingleSignatureInfo</code> containing the above data.
+   * 
+   * @post return != null
+   */
+  public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(	
+    at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,
+    boolean securityLayerConform);
+  
+
+  
+
+  /**
+   * Create a new <code>DataObjectInfo</code> object.
+   * 
+   * @param structure The type of signature to create.
+   * @param childOfManifest If <code>true</code>, references will be returned
+   * as children of an XMLDsig manifest. Otherwise, they will be returned as 
+   * children of the signature itself.
+   * @param dataObject The data object that will be signed.
+   * @param createTransformsInfoProfile Additional transformations to apply
+   * to the data object.
+   * @return The <code>DataObjectInfo</code> containing the above data.
+   * 
+   * @pre DataObjectInfo.STRUCTURE_DETACHED.equals(structure) ||
+   *      DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)
+   * @pre dataObject != null
+   * @pre createTransformsInfoProfile != null
+   * @post return != null
+   */
+  public abstract DataObjectInfo createDataObjectInfo(
+    String structure,
+    boolean childOfManifest,
+    Content dataObject,
+    CreateTransformsInfoProfile createTransformsInfoProfile);
+
+  /**
+   * Create a new <code>DataObjectInfo</code> object.
+   * 
+   * @param structure The type of signature to create.
+   * @param dataObject The data object that will be signed.
+   * @return The <code>DataObjectInfo</code> containing the above data.
+   * 
+   * @pre DataObjectInfo.STRUCTURE_DETACHED.equals(structure) ||
+   *      DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)
+   * @pre dataObject != null
+   * @post return != null
+   */
+  public abstract at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo(
+    String structure,
+    CMSDataObject dataObject);
+  
+  /**
+   * Create a new <code>CreateTransformsInfoProfile</code> object containing a
+   * reference to a locally stored profile.
+   * 
+   * @param profileID The profile ID to resolve during signature creation. 
+   * @return The <code>CreateTransformsInfoProfile</code> containing the given
+   * profile ID.
+   * 
+   * @pre profileID != null && profileID.length() > 0
+   * @post return != null
+   */
+  public abstract CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID);
+
+  /**
+   * Create a new <code>CreateTransformsInfoProfile</code> object by providing 
+   * the profile data explicitly.
+   * 
+   * @param transformsInfo The transformations to apply to the associated 
+   * data object.
+   * @param supplements Supplemental information for the transformation. May be
+   * <code>null</code>.
+   * @return The <code>CreateTransformsInfoProfile</code> containing the above
+   * data.
+   * 
+   * @pre transformsInfo != null
+   * @pre supplements != null implies 
+   *        forall Object o in supplements | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation
+   * @post return != null
+   */
+  public abstract CreateTransformsInfoProfile createCreateTransformsInfoProfile(
+    CreateTransformsInfo transformsInfo,
+    List supplements);
+
+  /**
+   * Create a new <code>CreateTransformsInfo</code> object.
+   * 
+   * @param transforms The <code>Transform</code>s to apply to the associated
+   * data object. May be <code>null</code>.
+   * @param finalDataMetaInfo Information about the type of the transformed
+   * data.
+   * @return The <code>CreateTransformsInfo</code> containing the above data.
+   * 
+   * @pre transforms != null implies transforms.size > 0
+   * @pre transforms != null implies 
+   *        forall Object o in transforms | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.common.Transform
+   * @pre finalDataMetaInfo != null
+   * @post return != null
+   */
+  public abstract CreateTransformsInfo createCreateTransformsInfo(
+    List transforms,
+    MetaInfo finalDataMetaInfo);
+
+  /**
+   * Create a new <code>CreateSignatureInfo</code> object.
+   * 
+   * @param createSignatureEnvironment The signature environment that will
+   * contain the signature.
+   * @param createSignatureEnvironmentProfile Additional information about
+   * the signture environment.
+   * @return The <code>CreateSignatureInfo</code> containing the above data.
+   * 
+   * @pre createSignatureEnvironment != null
+   * @pre createSignatureEnvironmentProfile != null
+   * @post return != null
+   */
+  public abstract CreateSignatureInfo createCreateSignatureInfo(
+    Content createSignatureEnvironment,
+    CreateSignatureEnvironmentProfile createSignatureEnvironmentProfile);
+
+  /**
+   * Create a new <code>CreateSignatureEnvironmentProfile</code> object 
+   * containing a reference to a locally stored profile.
+   * 
+   * @param profileID The profile ID to resolve during signature creation.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> containing
+   * the given profile ID.
+   *  
+   * @pre profileID != null && profileID.length() > 0
+   * @post return != null
+   */
+  public abstract CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(String profileID);
+
+  /**
+   * Create a new <code>CreateSignatureEnvironmentProfile</code> object by 
+   * providing the profile data explicitly. 
+   * 
+   * @param createSignatureLocation The location where the signature will be
+   * inserted.
+   * @param supplements Additional information about the signature environment.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> containing the
+   * above data.
+   * 
+   * @pre createSignatureLocation != null
+   * @pre supplements != null 
+   * @pre forall Object o in supplements | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation
+   * @post return != null
+   */
+  public abstract CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(
+    CreateSignatureLocation createSignatureLocation,
+    List supplements);
+
+  /**
+   * Create a new <code>CreateSignatureLocation</code> object.
+   * 
+   * @param xPathExpression The XPath expression to select the signature
+   * parent element within the signature environment.
+   * @param index The index of the node, after which the signature will be
+   * inserted.
+   * @param namespaceDeclarations The namespace prefix to URI mapping to apply
+   * while evaluating the XPath expression. 
+   * @return The <code>CreateSignatureLocation</code> containing the above data.
+   * 
+   * @pre xPathExpression != null
+   * @pre index >= 0
+   * @pre namespaceDeclarations != null
+   */
+  public abstract CreateSignatureLocation createCreateSignatureLocation(
+    String xPathExpression,
+    int index,
+    Map namespaceDeclarations);
+
+  /**
+   * Create a new <code>CreateXMLSignatureResponse</code> object.
+   * 
+   * @param responseElements The elements of the response, either 
+   * <code>SignatureEnvironmentResponse</code> objects, or 
+   * <code>ErrorResponse</code> objects.
+   * @return The new <code>CreateXMLSignatureResponse</code> containing the
+   * above data.
+   * 
+   * @pre responseElements != null && responseElements.size() > 0
+   * @pre forall Object o in responseElements | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureResponseElement
+   * @post return != null
+   */
+  public abstract CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements);
+
+  
+  /**
+   * Create a new <code>CreateCMSSignatureResponse</code> object.
+   * 
+   * @param responseElements The elements of the response, either 
+   * <code>CMSSignatureResponse</code> objects, or 
+   * <code>ErrorResponse</code> objects.
+   * @return The new <code>CreateCMSSignatureResponse</code> containing the
+   * above data.
+   * 
+   * @pre responseElements != null && responseElements.size() > 0
+   * @pre forall Object o in responseElements | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse
+   * @post return != null
+   */
+  public abstract CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements);
+  
+  
+  /**
+   * Create a new <code>SignatureEnvironmentResponse</code> object.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * signature.
+   * @return The <code>SignatureEnvironmentResponse</code> containing the
+   * <code>signatureEnvironment</code>.
+   * 
+   * @pre signatureEnvironment != null
+   * @post return != null
+   */
+  public abstract CMSSignatureResponse createCMSSignatureResponse(String base64value);
+  
+  /**
+   * Create a new <code>SignatureEnvironmentResponse</code> object.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * signature.
+   * @return The <code>SignatureEnvironmentResponse</code> containing the
+   * <code>signatureEnvironment</code>.
+   * 
+   * @pre signatureEnvironment != null
+   * @post return != null
+   */
+  public abstract SignatureEnvironmentResponse createSignatureEnvironmentResponse(Element signatureEnvironment);
+
+  /**
+   * Create a new <code>ErrorResponse</code> object.
+   * 
+   * @param code The numerical error code.
+   * @param info Verbose error information.
+   * @return The new <code>ErrorResponse</code> containing the above data.
+   * 
+   * @pre code > 0
+   * @pre info != null
+   * @post return != null
+   */
+  public abstract ErrorResponse createErrorResponse(int code, String info);
+
+  //
+  // Factory methods for verifying CMS signatures
+  //
+
+  /**
+   * Create a new <code>VerifyCMSSignatureRequest</code> object.
+   * 
+   * @param signatories The indexes of the signatories whose signature is to
+   * be verified.
+   * @param dateTime The date for which the verification is to be performed.
+   * May be <code>null</code>.
+   * @param cmsSignature The CMS signature.
+   * @param dataObject The signed data. May be <code>null</code>.
+   * @param trustProfileID The ID of the trust profile containing the trusted
+   * root certificates.
+   * @return The <code>VerifyCMSSignatureRequest</code> containing the above
+   * data.
+   * 
+   * @pre signatories != null && signatories.length > 0
+   * @pre signaturies != VerifyCMSSignatureRequest.ALL_SIGNATORIES implies
+   *        for (int i = 0;  i < signatories.length; i++)
+   *          signatories[i] >= 1
+   * @pre cmsSignature != null
+   * @pre trustProfileID != null && trustProfileID.length() > 0
+   * @post return != null
+   */
+  public abstract VerifyCMSSignatureRequest createVerifyCMSSignatureRequest(
+    int[] signatories,
+    Date dateTime,
+    InputStream cmsSignature,
+    CMSDataObject dataObject,
+    String trustProfileID);
+
+  /**
+   * Create a new <code>CMSDataObject</code> object from data at a given URI.
+   * 
+   * @param metaInfo Type information about the <code>CMSDataObject</code>.
+   * May be <code>null</code>.
+   * @param content The CMS content containing the data.
+   * @return The new <code>CMSDataObject</code> containing the data.
+   * 
+   * @pre referenceURI != null
+   * @pre content != null
+   * @post return != null
+   */
+  public abstract CMSDataObject createCMSDataObject(
+    MetaInfo metaInfo,
+    CMSContent content,
+    BigDecimal excludeByteRangeFrom,
+    BigDecimal excludeByteRangeTo);
+
+  /**
+   * Create a new <code>CMSContent</code> object from the data contained at the
+   * given URI.
+   * 
+   * @param referenceURI The URI identifying the data. Must be resolvable.
+   * @return The <code>CMSContent</code> containing a reference to the signed
+   * data.
+   * 
+   * @pre referenceURI != null
+   * @post return != null
+   */
+  public abstract CMSContent createCMSContent(String referenceURI);
+
+  /**
+   * Create a new <code>CMSContent</code> object from a byte stream.
+   * 
+   * @param binaryContent The byte stream containing the signed data.
+   * @return The new <code>CMSContent</code> containing the data from the
+   * byte stream.
+   * 
+   * @pre binaryContent != null
+   * @post return != null
+   */
+  public abstract CMSContent createCMSContent(InputStream binaryContent);
+
+  /**
+   * Create a new <code>VerifyCMSSignatureResponse</code> object.
+   * 
+   * @param responseElements Verification information about each signature.
+   * @return The new <code>VerifyCMSSignatureResponse</code> containing the
+   * status of signature verification for each signature contained in the
+   * request.
+   * 
+   * @pre responseElements != null && responseElements.size() > 0 
+   * @pre forall Object o in responseElements |
+   *        o instanceof at.gv.egovernment.moa.spss.api.cmssign.VerifyCMSSignatureResponseElement
+   * @post return != null
+   */
+  public abstract VerifyCMSSignatureResponse createVerifyCMSSignatureResponse(List responseElements);
+
+  /**
+   * Create a new <code>VerifyCMSSignatureResponseElement</code> object.
+   * 
+   * @param signerInfo Information about the signer certificate.
+   * @param signatureCheck Result of the singature value check.
+   * @param certificateCheck Result of the certificate status check.
+    * @return The new <code>VerifyCMSSignatureResponseElement</code> containing
+   * the above data.
+   * 
+   * @pre signerInfo != null && signatureCheck != null && 
+   *      certificateCheck != null
+   * @post return != null
+   */
+  public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
+    SignerInfo signerInfo,
+    CheckResult signatureCheck,
+    CheckResult certificateCheck);
+
+  //
+  // Factory methods for verifying XML signatures
+  //
+
+  /**
+   * Create a new <code>VerifyXMLSignatureRequest</code> object.
+   * 
+   * @param dateTime The date for which the verification is to be performed.
+   * May be <code>null</code>.
+   * @param verifySignatureInfo Information about the signature environment and
+   * the location of the signature.
+   * @param supplementProfiles Supplemental information for the signature 
+   * environment. May be <code>null</code>.
+   * @param signatureManifestParams Additional information for checking the
+   * signature manifest. May be <code>null</code>.
+   * @param returnHashInputData If <code>true</code>, hash input data will
+   * be returned in the response, otherwise not.
+   * @param trustProfileID The ID of the trust profile containing the trusted
+   * root certificates.
+   * @return The new <code>VerifyXMLSignatureRequest</code> containing the
+   * above data.
+   * 
+   * @pre verifySignatureInfo != null
+   * @pre supplementProfiles != null implies
+   *        forall Object o in supplementProfiles | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile
+   * @pre trustProfileID != null && trustProfileID.length() > 0
+   * @post return != null
+   */
+  public abstract VerifyXMLSignatureRequest createVerifyXMLSignatureRequest(
+    Date dateTime,
+    VerifySignatureInfo verifySignatureInfo,
+    List supplementProfiles,
+    SignatureManifestCheckParams signatureManifestParams,
+    boolean returnHashInputData,
+    String trustProfileID);
+
+  /**
+   * Create a new <code>VerifySignatureInfo</code> object.
+   * 
+   * @param verifySignatureEnvironment The signature environment containing
+   * the signature to be verified.
+   * @param verifySignatureLocation The location of the signature within the
+   * signature environment.
+   * @return The new <code>VerifySignatureInfo</code> containing the above data.
+   * 
+   * @pre verifySignatureEnvironment != null
+   * @pre verifySignatureLocation != null
+   * @post return != null
+   */
+  public abstract VerifySignatureInfo createVerifySignatureInfo(
+    Content verifySignatureEnvironment,
+    VerifySignatureLocation verifySignatureLocation);
+
+  /**
+   * Create a new <code>VerifySignatureLocation</code> object.
+   * 
+   * @param xPathExpression The XPath expression to select the signature 
+   * element within the signature environment.
+   * @param namespaceDeclarations The namespace prefix to URI mapping to apply
+   * while evaluating the XPath expression. 
+   * @return The new <code>VerifySignatureLocation</code> containing the above
+   * data.
+   * 
+   * @pre xPathExpression != null
+   * @pre namespaceDeclarations != null
+   * @post return != null
+   */
+  public abstract VerifySignatureLocation createVerifySignatureLocation(
+    String xPathExpression,
+    Map namespaceDeclarations);
+
+  /**
+   * Create a new <code>SupplementProfile</code> object containing a reference 
+   * to a locally stored profile.
+   * 
+   * @param profileID The profile ID to resolve during signature verification.
+   * @return The <code>SupplementProfile</code> containing the profile ID.
+   * 
+   * @pre profileID != null && profileID.length() > 0
+   * @post return != null
+   */
+  public abstract SupplementProfile createSupplementProfile(String profileID);
+
+  /**
+   * Create a new <code>SupplementProfile</code> object by providing the profile
+   * data explicitly.
+   * 
+   * @param supplementProfile The profile data.
+   * @return The <code>SupplementProfile</code> containing the profile data.
+   */
+  public abstract SupplementProfile createSupplementProfile(XMLDataObjectAssociation supplementProfile);
+
+  /**
+   * Create a new <code>SignatureManifestCheckParams</code> object.
+   * 
+   * @param referenceInfos Information for checking the validity of a 
+   * a reference. 
+   * @param returnReferenceInputData If <code>true</code>, the input data to
+   * the calculation of reference digest values will be returned in the 
+   * response, otherwise not.
+   * @return The <code>SignatureManifestCheckParams</code> containing the
+   * above data.
+   * 
+   * @pre referenceInfos != null && referenceInfos.size() > 0
+   * @pre forall Object o in referenceInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo
+   * @post return != null
+   */
+  public abstract SignatureManifestCheckParams createSignatureManifestCheckParams(
+    List referenceInfos,
+    boolean returnReferenceInputData);
+
+  /**
+   * Create a new <code>ReferenceInfo</code> object.
+   * 
+   * @param verifyTransformsInfoProfiles The transformation profiles valid for
+   * the associated reference.
+   * @return The <code>ReferenceInfo</code> containing the transformation 
+   * profiles.
+   * 
+   * @pre verifyTransformsInfoProfiles != null && 
+   *        verifyTransformsInfoProfiles.size() > 0
+   * @pre forall Object o in verifyTransformsInfoProfiles |
+   *        o instanceof at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile
+   * @post return != null
+   */
+  public abstract ReferenceInfo createReferenceInfo(List verifyTransformsInfoProfiles);
+
+  /**
+   * Create a new <code>VerifyTransformsInfoProfile</code> object containing
+   * a reference to a locally stored profile.
+   * 
+   * @param profileID The profile ID to resolve during signature verification.
+   * @return The <code>VerifyTransformsInfoProfile</code> containing the
+   * given profile ID.
+   * 
+   * @pre profileID != null && profileID.length() > 0
+   * @post return != null
+   */
+  public abstract VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(String profileID);
+
+  /**
+   * Create a new <code>VerifyTransformsInfoProfile</code> object by providing
+   * the profile data explicitly.
+   * 
+   * @param transforms A valid chain of transformations for the reference.
+   * May be <code>null</code>.
+   * @param transformParameters Additional transformation information.
+   * @return The <code>VerifyTransformsInfoProfile</code> containing the above
+   * data.
+   * 
+   * @pre transforms != null implies 
+   *        (transforms.size() > 0 && 
+   *           forall Object o in transforms | o instanceof Transform)
+   * @pre transformParameters != null implies 
+   *        forall Object o in transformParameters | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter
+   * @post return != null
+   */
+  public abstract VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(
+    List transforms,
+    List transformParameters);
+
+  /**
+   * Create a new <code>TransformParameter</code> object with the data
+   * contained at the given URI.
+   * 
+   * @param URI The URI identifying the data. The URI will be resolved during
+   * signature verification.
+   * @return The <code>TransformParameter</code> containing the URI of the
+   * data.
+   * 
+   * @pre URI != null
+   * @post return != null
+   */
+  public abstract TransformParameter createTransformParameter(String URI);
+
+  /**
+   * Creata a new <code>TransformParameter</code> object containing the
+   * binary data.
+   * 
+   * @param URI The URI identifying the data.
+   * @param binaryData The binary data. 
+   * @return The <code>TransformParameter</code> containig the binary data.
+   * 
+   * @pre URI != null
+   * @pre binary != null
+   * @post return != null
+   */
+  public abstract TransformParameter createTransformParameter(
+    String URI,
+    InputStream binaryData);
+
+  /**
+   * Create a new <code>TransformParameter</code> object containing the hash
+   * value of the transformation data.
+   * 
+   * @param URI The URI identifying the data. It will be resolved during
+   * signature verification.
+   * @param digestMethod The digest method used for calculating the digest
+   * value.
+   * @param digestValue The hash value of the transformation data.
+   * @return The <code>TransformParameter</code> containing the above data.
+   * 
+   * @pre URI != null
+   * @pre digestMethod != null
+   * @pre digestValue != null
+   */
+  public abstract TransformParameter createTransformParameter(
+    String URI,
+    String digestMethod,
+    byte[] digestValue);
+
+  /**
+   * Create a new <code>VerifyXMLSignatureResponse</code> object.
+   * 
+   * @param signerInfo Information about the signer certificate.
+   * @param hashInputDatas The signed data objects. May be <code>null</code>.
+   * @param referenceInputDatas The reference input data objects. 
+   * May be <code>null</code>.
+   * @param signatureCheck Status information about the signature check.
+   * @param signatureManifestCheck Status information about the signature
+   * manifest check.
+   * @param xmlDsigManifestChecks Status information about each XMLDsig manifest
+   * check.
+   * @param certificateCheck Status information about the signer certificate
+   * check.
+   * @return The <code>VerifyXMLSignatureResponse</code> containing the above
+   * data.
+   * 
+   * @pre signerInfo != null
+   * @pre hashInputDatas != null implies 
+   *        forall Object o in hashInputDatas | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.common.Content
+   * @pre referenceInputDatas != null implies
+   *        forall Object o in referenceInputDatas | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.common.Content
+   * @pre signatureCheck != null
+   * @pre xmlDsigManifestChecks != null implies
+   *        forall Object o in xmlDsigManifestChecks | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.xmlverifyManifestRefsCheckResult
+   * @pre certificateCheck != null
+   * @post return != null
+   */
+  public abstract VerifyXMLSignatureResponse createVerifyXMLSignatureResponse(
+    SignerInfo signerInfo,
+    List hashInputDatas,
+    List referenceInputDatas,
+    ReferencesCheckResult signatureCheck,
+    ReferencesCheckResult signatureManifestCheck,
+    List xmlDsigManifestChecks,
+    CheckResult certificateCheck);
+
+  /**
+   * Create a new <code>ReferencesCheckResult</code> object.
+   * 
+   * @param code The status code.
+   * @param info Additional information about the reference check.
+   * @return The <code>ReferencesCheckResult</code> containing the above data.
+   * 
+   * @pre code >= 0
+   * @post return != null
+   */
+  public abstract ReferencesCheckResult createReferencesCheckResult(
+    int code,
+    ReferencesCheckResultInfo info);
+
+  /**
+   * Create a new <code>ReferencesCheckResultInfo</code> object.
+   * 
+   * @param anyOtherInfo Arbitrary XML content describing the check result.
+   * May be <code>null</code>.
+   * @param failedReferences The indexes of the failed references. May be 
+   * <code>null</code>.
+   * @return The <code>ReferencesCheckResultInfo</code> containing the above
+   * data.
+   * 
+   * @post return != null
+   */
+  public abstract ReferencesCheckResultInfo createReferencesCheckResultInfo(
+    NodeList anyOtherInfo,
+    int[] failedReferences);
+
+  /**
+   * Create a new <code>ManifestRefsCheckResult</code> object.
+   * 
+   * @param code The status code.
+   * @param info Additional information about the manifest check. May be
+   * <code>null</code>.
+   * @return The <code>ManifestRefsCheckResult</code> containing the above
+   * data.
+   * 
+   * @pre code >= 0
+   * @post return != null
+   */
+  public abstract ManifestRefsCheckResult createManifestRefsCheckResult(
+    int code,
+    ManifestRefsCheckResultInfo info);
+
+  /**
+   * Create a new <code>ManifestRefsCheckResultInfo</code> object.
+   * 
+   * @param anyOtherInfo Arbitrary XML content describing the check result.
+   * May be <code>null</code>.
+   * @param failedReferences The indexes of the failed references. May be 
+   * <code>null</code>.
+   * @param referringSigReference The index of the reference in the signature.
+   * @return The <code>ManifestRefsCheckResultInfo</code> containing the 
+   * above data.
+   * 
+   * @pre referringSigReference > 0
+   * @post return != null
+   */
+  public abstract ManifestRefsCheckResultInfo createManifestRefsCheckResultInfo(
+    NodeList anyOtherInfo,
+    int[] failedReferences,
+    int referringSigReference);
+
+  //
+  // Factory methods for common objects
+  //
+
+  /**
+   * Create a new <code>Content</code> object referencing data via a URI.
+   * 
+   * @param referenceURI The URI pointing to the content.
+   * @return The <code>Content</code> object containing the reference.
+   * 
+   * @pre referenceURI != null && referenceURI.length() > 0
+   * @post return != null
+   */
+  public abstract Content createContent(String referenceURI);
+
+  /**
+   * Create a new <code>Content</code> object containing binary data.
+   * 
+   * @param binaryData An <code>InputStream</code> containing the binary data.
+   * @param referenceURI An URI identifying the data. May be <code>null</code>.
+   * @return The <code>Content</code> object containing the data.
+   * 
+   * @pre binaryData != null
+   * @post return != null
+   */
+  public abstract Content createContent(
+    InputStream binaryData,
+    String referenceURI);
+
+  /**
+    * Create a new <code>Content</code> object containing location reference data.
+    * 
+    * @param locationReferenceURI a URI pointing to the actual remote location of the content.
+    * 
+    * @param referenceURI An URI identifying the data. May be <code>null</code>.
+    * 
+    * @return The <code>Content</code> object containing the data.
+    * 
+    * @pre locationReferenceURI != null
+    * @post return != null
+    */
+   public abstract Content createContent(
+     String locationReferenceURI,
+     String referenceURI);
+
+  /**
+   * Create a new <code>Content</code> object containing XML data.
+   * 
+   * @param xmlData The XML data contained in the new <code>Content</code>.
+   * @param referenceURI An URI identifying the data. May be <code>null</code>.
+   * @return The <code>Content</code> object containing the data.
+   * 
+   * @pre xmlData != null
+   * @post return != null
+   */
+  public abstract Content createContent(NodeList xmlData, String referenceURI);
+
+  /**
+   * Create a new <code>XMLDataObjectAssociation</code> object.
+   * 
+   * @param metaInfo Information about the content type. May be 
+   * <code>null</code>.
+   * @param content The <code>Content</code> object containing the data.
+   * @return The <code>XMLDataObjectAssociation</code> containing the above
+   * data.
+   * 
+   * @pre content != null
+   * @pre content.getContentType() == Content.CONTENT_XML ||
+   *      content.getContentType() == Contetn.CONTENT_BINARY
+   * @pre content.getReference() != null
+   * @post return != null
+   */
+  public abstract XMLDataObjectAssociation createXMLDataObjectAssociation(
+    MetaInfo metaInfo,
+    Content content);
+
+  /**
+   * Create a new <code>MetaInfo</code> object.
+   * 
+   * @param mimeType The MIME type part of the meta information.
+   * @param description Descriptive meta information. May be <code>null</code>.
+   * @param otherInfo XML meta information. May be <code>null</code>.
+   * @param type Type information for XML signature creation. May be <code>null</code>.
+   * @return The <code>MetaInfo</code> object containing the above data.
+   * 
+   * @pre mimeType != null && mimeType.length() > 0
+   * @pre otherInfo != null implies 
+   *        forall Node n in otherInfo | n.getNodeType() == Node.ELEMENT  
+   */
+  public abstract MetaInfo createMetaInfo(
+    String mimeType,
+    String description,
+    NodeList otherInfo,
+    String type);
+
+  /**
+   * Create a <code>CanonicalizationTransform</code> type of <code>Transform</code>.
+   * 
+   * @param algorithmURI The algorithm URI of the canonicalization.
+   * @return The created <code>CanonicalizationTransform</code> object.
+   * 
+   * @pre CanonicalizationTransform.CANONICAL_XML.equals(algorithmURI) ||
+   *      CanonicalizationTransform.CANONICAL_XML_WITH_COMMENTS.equals(algorithmURI)
+   * @post return != null
+   */
+  public abstract Transform createCanonicalizationTransform(String algorithmURI);
+
+  /**
+   * Create an <code>ExclusiveCanonicalizationTransform</code> type of
+   * <code>Transform</code>.
+   * 
+   * @param algorithmURI The algorithm URI of the exclusive canonicalization.
+   * @param inclusiveNamespacePrefixes The prefixes of the namespaces to
+   * treat according to canonical XML.
+   * @return The new <code>ExclusiveCanonicalizationTransform</code>
+   * 
+   * @pre ExclusiveCanonicalizationTransform.EXCLUSIVE_CANONICAL_XML.equals(algorithmURI) ||
+   *      ExclusiveCanonicalizationTransform.EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS.equals(algorithmURI)
+   * @pre inclusiveNamespacePrefixes != null
+   * @pre forall Object o in inclusiveNamespacePrefixes | o instanceof String 
+   * @post return != null
+   */
+  public abstract Transform createExclusiveCanonicalizationTransform(
+    String algorithmURI,
+    List inclusiveNamespacePrefixes);
+
+  /**
+   * Create a <code>Base64Transform</code> type of <code>Transform</code>.
+   * 
+   * @return A <code>Transform</code> denoting a Base64 decoding.
+   * 
+   * @post return != null
+   */
+  public abstract Transform createBase64Transform();
+
+  /**
+   * Create a <code>EnvelopedSignatureTransform</code> type of 
+   * <code>Transform</code>.
+   * 
+   * @return A <code>Transform</code> denoting an enveloped signature.
+   * 
+   * @post return != null
+   */
+  public abstract Transform createEnvelopedSignatureTransform();
+
+  /**
+   * Create an <code>XSLTTransform</code> type of <code>Transform</code>.
+   * 
+   * @param styleSheet The XSLT stylesheet contained in the 
+   * <code>Transform</code>.
+   * @return A <code>Transform</code> containing the XSLT stylesheet.
+   * 
+   * @post return != null
+   */
+  public abstract Transform createXSLTTransform(Element styleSheet);
+
+  /**
+   * Create an <code>XPathTransform</code> type of <code>Transform</code>.
+   * 
+   * @param xPathExpression The XPath expression to use in the created
+   * <code>Transform</code>. 
+   * @param namespaceDeclarations The namespace prefix to URI mapping to
+   * apply on evaluation of the XPath expression.
+   * @return The <code>XPathTransform</code> containing the above data.
+   * 
+   * @pre xPathExpression != null
+   * @pre namespaceDeclarations != null
+   * @post return != null
+   */
+  public abstract Transform createXPathTransform(
+    String xPathExpression,
+    Map namespaceDeclarations);
+
+  /**
+   * Create a new <code>XPathFilter2Transform</code> type of 
+   * <code>Transform</code>. 
+   * 
+   * @param xPathFilters The filters contained in the newly created
+   * <code>XPathFilter2Transform</code>.
+   * @return The <code>XPathFilter2Transform</code> containing the given 
+   * filters.
+   * 
+   * @pre xPathFilters != null && 
+   *      forall Object o in xPathFilters | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.XPathFilter 
+   * @post return != null
+   */
+  public abstract Transform createXPathFilter2Transform(List xPathFilters);
+
+  /**
+   * Create a new <code>XPathFilter</code> object.
+   * 
+   * @param filterType The type of filter.
+   * @param xPathExpression The XPath expression contained in this filter.
+   * @param namespaceDeclarations The namespace prefix to URI mapping to apply
+   * on evaluation of the XPath expression.
+   * @return The <code>XPathFilter</code> containing the above data.
+   * 
+   * @pre XPathFilter.SUBTRACT_TYPE.equals(filterType)  ||
+   *      XPathFilter.INTERSECT_TYPE.equals(filterType) ||
+   *      XPathFilter.UNION_TYPE.equals(filterType)
+   * @pre xPathExpression != null
+   * @pre namespaceDeclarations != null
+   * @post return != null
+   */
+  public abstract XPathFilter createXPathFilter(
+    String filterType,
+    String xPathExpression,
+    Map namespaceDeclarations);
+
+  /**
+   * Create a new <code>CheckResult</code> object.
+   * 
+   * @param code The check code.
+   * @param info Verbose information about the check. May be <code>null</code>.
+   * @return The <code>CheckResult</code> containing the above data.
+   * 
+   * @pre code >= 0
+   * @post return != null
+   */
+  public abstract CheckResult createCheckResult(int code, NodeList info);
+
+  
+  
+  /**
+   * Create a new <code>SignerInfo</code> object.
+   * 
+   * @param signerCertificate The signer certificate in binary form.
+   * @param qualifiedCertificate <code>true</code>, if the signer certificate is
+   * a qualified certificate, otherwise <code>false</code>.
+   * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+   * @param publicAuthority <code>true</code>, if the signer certificate is a
+   * public authority certificate, otherwise <code>false</code>.
+   * @param publicAuthorityID The identification of the public authority
+   * (if <code>publicAuthority</code> is <code>true</code>). May be 
+   * <code>null</code>.
+   * @param sscd <code>true</code>, if the TSL check verifies the 
+   * 		signature based on a SSDC, otherwise <code>false</code>.
+   * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+   * @param issuerCountryCode contains the signer certificate issuer country code.
+   * @return The <code>SignerInfo</code> containing the above data.
+   * 
+   * @pre signerCertSubjectName != null
+   * @pre signerCertIssuerSerial != null
+   * @pre signerCertificate != null
+   */
+  public abstract SignerInfo createSignerInfo(
+    X509Certificate signerCertificate,
+    boolean qualifiedCertificate,
+    boolean qcSourceTSL,
+    boolean publicAuthority,
+    String publicAuthorityID,
+    boolean sscd,
+    boolean sscdSourceTSL,
+    String issuerCountryCode);
+  
+  /**
+   * Create a new <code>X509IssuerSerial</code> object.
+   * 
+   * @param issuerName The distinguished name of the issuer.
+   * @param issuerSerial The certificate serial number.
+   * @return The <code>X509IssuerSerial</code> containing the above data.
+   * 
+   * @pre issuerName != null
+   * @pre issuerSerial != null
+   */
+  public abstract X509IssuerSerial createX509IssuerSerial(
+    String issuerName,
+    BigInteger issuerSerial);
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java
new file mode 100644
index 0000000..dfdd13d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api;
+
+import at.gv.egovernment.moa.spss.MOAException;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.SignatureCreationServiceImpl;
+
+/**
+ * Interface providing functions for signature creation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class SignatureCreationService {
+
+  /** The default implementation class. */
+  private static final String DEFAULT_IMPLEMENTATION =
+    "at.gv.egovernment.moa.spss.server.invoke.SignatureCreationServiceImpl";
+  
+  /** The single instance of this class. */  
+  private static SignatureCreationService instance = null;
+
+  /**
+   * Get an instance of the <code>SignatureCreationService</code>.
+   * 
+   * @return A concrete instance of the <code>SignatureCreationService</code>.
+   */
+  public static synchronized SignatureCreationService getInstance() {
+    if (instance == null) {
+      try {
+    	  /*
+        DiscoverClass discover = new DiscoverClass();
+        instance =
+          (SignatureCreationService) discover.newInstance(
+            SignatureCreationService.class,
+            DEFAULT_IMPLEMENTATION);*/
+        return new SignatureCreationServiceImpl();
+      } catch (Exception e) {
+        // this can not happen since we provide a valid default 
+        // implementation
+      }
+    }
+    return instance;
+  }
+  
+  /**
+   * Create an XML signature.
+   * 
+   * @param request Information on how to create the signature.
+   * @return A <code>CreateXMLSignatureResponse</code> containing the 
+   * signature.
+   * @throws MOAException Error in server side MOA module.
+   */
+  public abstract CreateXMLSignatureResponse createXMLSignature(CreateXMLSignatureRequest request)
+    throws MOAException;
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java
new file mode 100644
index 0000000..85e2a97
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.SignatureVerificationServiceImpl;
+
+/**
+ * Interface providing functions for verifying signatures.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class SignatureVerificationService {
+
+  /** The default implementation class. */
+  private static final String DEFAULT_IMPLEMENTATION =
+    "at.gv.egovernment.moa.spss.server.invoke.SignatureVerificationServiceImpl";
+
+  /** The single instance of this class. */
+  private static SignatureVerificationService instance = null;
+
+  /**
+   * Get an instance of the <code>SignatureVerificationService</code>.
+   * 
+   * @return A concrete instance of the 
+   * <code>SignatureVerificationService</code>.
+   */
+  public static synchronized SignatureVerificationService getInstance() {
+    if (instance == null) {
+      try {
+        /*DiscoverClass discover = new DiscoverClass();
+        instance =
+          (SignatureVerificationService) discover.newInstance(
+            SignatureVerificationService.class,
+            DEFAULT_IMPLEMENTATION);*/
+        return new SignatureVerificationServiceImpl();
+      } catch (Exception e) {
+        // this can not happen since we provide a valid default 
+        // implementation
+      }
+    }
+    return instance;
+  }
+
+  /**
+   * Verify a CMS signature.
+   * 
+   * @param request Detailed information on the verification that should be
+   * performed.
+   * @return A <code>VerifyCMSSignatureResponse</code> object that contains
+   * information about the performed verification.
+   * @throws MOAException Error in server side MOA module.
+   */
+  public abstract VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request)
+    throws MOAException;
+  /**
+   * Verfiy an XML Signature.
+   * 
+   * @param request  information on the verification that should be performed.
+   * @return A <code>VerifyXMLSignatureResponse</code> object that contains
+   * information about the performed verification.
+   * @throws MOAException Error in server side MOA module.
+   */
+  public abstract VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
+    throws MOAException;
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java
new file mode 100644
index 0000000..10db676
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+
+/**
+ * Contains the signature if the signature creation was successful.
+ *  
+ * @version $Id$
+ */
+public interface CMSSignatureResponse
+  extends CreateCMSSignatureResponseElement {
+  /** 
+   * Gets the CMS signature (Base64 encoded).
+   * 
+   * @return The CMS signature
+   */
+  public String getCMSSignature();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java
new file mode 100644
index 0000000..9d5cd7a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import java.util.List;
+
+
+/**
+ * Object that encapsulates a request to create a CMS Signature.
+ * 
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureRequest {
+  /**
+   * Gets the identifier for the keys to be used for the signature.
+   * 
+   * @return The identifier for the keys to be used.
+   */
+  public String getKeyIdentifier();
+  /**
+   * Gets the information of the singleSignatureInfo elements. 
+   * 
+   * @return The information of singleSignatureInfo elements.
+   */
+  public List getSingleSignatureInfos();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java
new file mode 100644
index 0000000..6062a11
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import java.util.List;
+
+/**
+ * Object that encapsulates the response on to a 
+ * <code>CreateCMSSignatureRequest</code> to create an XML signature.
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureResponse {
+  /**
+   * Gets the response elements.
+   * 
+   * @return The response elements.
+   */
+  public List getResponseElements();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java
new file mode 100644
index 0000000..8e4e611
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+/**
+ * Base class for <code>CMSSignature</code> and 
+ * <code>ErrorResponse</code> elements in a 
+ * <code>CreateXMLSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureResponseElement {
+  /**
+   * Indicates that this object contains a <code>CMSSignature</code>.
+   */
+  public static final int CMS_SIGNATURE = 0;
+  /**
+   * Indicates that this objet contains an <code>ErrorResponse</code>.
+   */
+  public static final int ERROR_RESPONSE = 1;
+  
+  /**
+   * Gets the type of response object.
+   * 
+   * @return The type of response object, either 
+   * <code>CMS_SIGNATURE</code> or <code>ERROR_RESPONSE</code>.
+   */
+  public int getResponseType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java
new file mode 100644
index 0000000..b9f3630
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+
+/**
+ * Encapsulates information required to create a single signature.
+ * 
+ * @version $Id$
+ */
+public interface DataObjectInfo {
+  /**
+   * Indicates that a detached signature will be created.
+   */
+  public static final String STRUCTURE_DETACHED = "detached"; 
+  /**
+   * Indicates that an enveloping signature will be created.
+   */
+  public static final String STRUCTURE_ENVELOPING = "enveloping";
+
+  /**
+   * Gets the structure of the signature.
+   * 
+   * @return The structure of the signature.
+   */
+  public String getStructure();
+
+  /**
+   * Gets information related to a single data object.
+   * 
+   * @return Information related to a single data object.
+   */
+  public CMSDataObject getDataObject();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
new file mode 100644
index 0000000..1f87a50
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+
+
+/**
+ * Encapsulates data to create a single signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SingleSignatureInfo {
+  /**
+   * Gets the dataObjectInfo information.
+   * 
+   * @return The dataObjectInfo information.
+   */
+  public DataObjectInfo getDataObjectInfo();
+  
+  /**
+   * Check whether a Security Layer conform signature manifest will be created.
+   * 
+   * @return <code>true</code>, if a Security Layer conform signature manifest 
+   * will be created, <code>false</code> otherwise.
+   */
+  public boolean isSecurityLayerConform();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContent.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContent.java
new file mode 100644
index 0000000..4c2c1cc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContent.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+/**
+ * Base class for objects containing CMS content.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CMSContent {
+  /**
+   * Indicates that this object contains a reference to the CMS content.
+   */
+  public static final int REFERENCE_CONTENT = 0;
+  /**
+   * Indicates that this object contains the CMS content explicitly.
+   */
+  public static final int EXPLICIT_CONTENT = 1;
+  
+  /**
+   * Gets the type of the contained content.
+   * 
+   * @return The type of content, either <code>REFERENCE_CONTENT</code> or
+   * <code>EXPLICIT_CONTENT</code>.
+   */
+  public int getContentType();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentExcplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentExcplicit.java
new file mode 100644
index 0000000..7fc6029
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentExcplicit.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import java.io.InputStream;
+
+/**
+ * Encapsulates binary CMS content.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CMSContentExcplicit extends CMSContent {
+  /**
+   * Gets the content as a stream.
+   * 
+   * @return A stream containing the binary content.
+   */
+  public InputStream getBinaryContent();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentReference.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentReference.java
new file mode 100644
index 0000000..ade197d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentReference.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+/**
+ * Encapsulates CMS content that is referenced by an URI.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CMSContentReference extends CMSContent {
+  /**
+   * Gets the reference URI from wher the content can be retrieved.
+   * 
+   * @return The reference URI.
+   */
+  public String getReference();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java
new file mode 100644
index 0000000..f9a6846
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import java.math.BigDecimal;
+
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * A data object used for verification of CMS signatures.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CMSDataObject {
+  /**
+   * Gets the meta information of the content.
+   * 
+   * @return An object containig the meta information.
+   */
+  public MetaInfo getMetaInfo();
+  /**
+   * Gets the actual content of the data object.
+   * 
+   * @return The actual content.
+   */
+  public CMSContent getContent();
+  
+  
+  public BigDecimal getExcludeByteRangeFrom();
+  
+  public BigDecimal getExcludeByteRangeTo();
+  
+  }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java
new file mode 100644
index 0000000..225f685
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import java.io.InputStream;
+import java.util.Date;
+
+/**
+ * Object that encapsulates a request to verify a CMS signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyCMSSignatureRequest {
+  /**
+   * Indicates, that signature checks for all signatories must be returned.
+   */
+  public static int[] ALL_SIGNATORIES = new int[] { -1 };
+  /**
+   * Gets the positions of signatories whose signature must be verified.
+   * 
+   * @return The positions of signatories.
+   */
+  public int[] getSignatories();
+  /**
+   * Gets the date and time for which the signature verification has to 
+   * be performed.
+   * 
+   * @return Date and time for which the signature verification has
+   * to be performed.
+   */
+  public Date getDateTime();
+  /**
+   * Gets the binary CMS signature.
+   * 
+   * @return An <code>InputStream</code> from which the binary CMS signature
+   * can be read.
+   */
+  public InputStream getCMSSignature();
+  /** 
+   * Gets the data object necessary for the verification.
+   * 
+   * @return The data object necessary for verification.
+   */
+  public CMSDataObject getDataObject();
+  /**
+   * Gets the profile ID of trusted certificates to be used for signature
+   * verification.
+   * 
+   * @return The profile ID of trusted certificates.
+   */
+  public String getTrustProfileId();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponse.java
new file mode 100644
index 0000000..33924cb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponse.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import java.util.List;
+
+
+/**
+ * Object that encapsulates the response on a request to verify a CMS
+ * signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyCMSSignatureResponse {
+  /**
+   * Gets the response elements.
+   * 
+   * @return The response elements. 
+   */
+  public List getResponseElements();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
new file mode 100644
index 0000000..a1135ba
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Contains detailed information about the verification of a signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyCMSSignatureResponseElement {
+  /**
+   * Gets a SignerInfo element according to CMS.
+   * 
+   * @return The SignerInfo element according to CMS.
+   */
+  public SignerInfo getSignerInfo();
+  /**
+   * Gets the result of the signature verification.
+   * 
+   * @return The result of the signature verification.
+   */
+  public CheckResult getSignatureCheck();
+  /**
+   * Gets the result of the certificate verification.
+   * 
+   * @return The result of the certificate verification.
+   */
+  public CheckResult getCertificateCheck();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Base64Transform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Base64Transform.java
new file mode 100644
index 0000000..6050d5b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Base64Transform.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * A <code>Transform</code> performing a Base64 decoding.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface Base64Transform extends Transform {
+  /** Algorithm URI of the Base64 <code>Transform</code> type. */
+  public static final String BASE64_DECODING =
+    "http://www.w3.org/2000/09/xmldsig#base64";
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java
new file mode 100644
index 0000000..988c5bc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A canonicalization type of <code>Transform</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CanonicalizationTransform extends Transform {
+  /** Algorithm URI of canonical XML. */
+  public static final String CANONICAL_XML = Constants.C14N_URI;
+  /** Algorithm URI of canonical XML with comments. */
+  public static final String CANONICAL_XML_WITH_COMMENTS =
+    Constants.C14N_WITH_COMMENTS_URI;
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckResult.java
new file mode 100644
index 0000000..5c94981
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckResult.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Object encapsulating the result of a signature verification.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CheckResult {
+  /**
+   * Gets the result code.
+   * 
+   * @return The result code.
+   */
+  public int getCode();
+  /**
+   * Gets descriptive information.
+   * 
+   * @return Descriptive information.
+   */
+  public NodeList getInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Content.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Content.java
new file mode 100644
index 0000000..efde1eb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Content.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Encapsulates content data.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public interface Content {
+
+  /**
+   * Indicates that this object contains a URI reference to some content. 
+   */
+  public static final int REFERENCE_CONTENT = 0;
+
+  /**
+   * Indicates that this object contains binary content.
+   */
+  public static final int BINARY_CONTENT = 1;
+
+  /**
+   * Indicates that this object contains XML content.
+   */
+  public static final int XML_CONTENT = 2;
+ 
+  /**
+   * Indicates that this object contains a location reference content.
+   */
+  public static final int LOCREF_CONTENT = 3;
+
+  /**
+   * Gets the type of content contained in this object.
+   * 
+   * @return The type of content, one of <code>BINARY_CONTENT</code>, <code>XML_CONTENT</code>, <code>
+   *         REFERENCE_CONTENT</code> or <code>LOCREF_CONTENT</code>.
+   */
+  public int getContentType();
+
+  /**
+   * Gets the reference to the content data (a URI).
+   * 
+   * @return The reference to the content data.
+   */
+  public String getReference();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentBinary.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentBinary.java
new file mode 100644
index 0000000..77ec9dd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentBinary.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.io.InputStream;
+
+/**
+ * Encapsulates binary content.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ContentBinary extends Content {
+  /**
+   * Get the binary content.
+   * 
+   * @return An <code>InputStream</code> from which the binary content can
+   * be read.
+   */
+  public InputStream getBinaryContent();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentLocRef.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentLocRef.java
new file mode 100644
index 0000000..d1ef096
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentLocRef.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Encapsulates location reference content.
+ * 
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public interface ContentLocRef extends Content 
+{
+  /**
+   * Gets the location reference URI pointing to the actual remote location of the content.
+   * 
+   * @return the location reference URI.
+   */
+  public String getLocationReferenceURI();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentReference.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentReference.java
new file mode 100644
index 0000000..8c4a658
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentReference.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Content containing a reference to content data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ContentReference extends Content {
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentXML.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentXML.java
new file mode 100644
index 0000000..d41f6a6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentXML.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Encapsulates arbitrary XML content.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ContentXML extends Content {
+  /**
+   * Gets the XML content stored in this object.
+   * 
+   * @return The XML content.
+   */
+  public NodeList getXMLContent();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ElementSelector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ElementSelector.java
new file mode 100644
index 0000000..b446c5f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ElementSelector.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.Map;
+
+/**
+ * A class containing data for selecting single elements using an XPath 
+ * expression.
+ * 
+ * Derived classes are used to point to the <code>CreateSignatureLocation</code>
+ * and the <code>VerifySignatureLocation</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ElementSelector {
+  /**
+   * Gets the XPath expression pointing to a single element.
+   * 
+   * @return The XPath expression to select the signature parent element.
+   */
+  public String getXPathExpression();
+  /**
+   * Gets the namespace prefix to URI mapping to use when evaluating the XPath.
+   * 
+   * @return The namespace prefix to URI mapping.
+   */
+  public Map getNamespaceDeclarations();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/EnvelopedSignatureTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/EnvelopedSignatureTransform.java
new file mode 100644
index 0000000..8e6de87
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/EnvelopedSignatureTransform.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * An enveloped signature type of <code>Transform</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface EnvelopedSignatureTransform extends Transform {
+  /**
+   * Algorithm URI of the enveloped signature type of <code>Transform</code>.
+   */
+  public static final String ENVELOPED_SIGNATURE =
+    "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java
new file mode 100644
index 0000000..5c2b633
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * An exclusive canonicalization type of <code>Transform</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ExclusiveCanonicalizationTransform extends Transform {
+  /** Algorithm URI of exclusive canonical XML. */
+  public static final String EXCLUSIVE_CANONICAL_XML = Constants.EXC_C14N_URI;
+  /** Algorithm URI of exclusive canonical XML with comments. */
+  public static final String EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS =
+    Constants.EXC_C14N_WITH_COMMENTS_URI;
+
+  /**
+   * Sets the namespace prefixes that are handled in the same manner as in
+   * canonical XML.
+   * 
+   * @return The inclusive namespace prefixes.
+   */
+  public List getInclusiveNamespacePrefixes();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java
new file mode 100644
index 0000000..8c940cd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Interface specifying accessors for two attributes needed for returning 
+ * <code>HashInputData</code> and <code>ReferenceInputData</code> information
+ * as part of <code>VerifyXMLSignatureResponse</code>.
+ * 
+ * @author Gregor Karlinger
+ * 
+ * @version $Id$
+ */
+public interface InputData extends Content
+{
+  /**
+   * Possible value returned by {@link #getPartOf}. 
+   */
+  public static String CONTAINER_SIGNEDINFO_ = "SignedInfo";
+
+  /**
+   * Possible value returned by {@link #getPartOf}. 
+   */
+  public static String CONTAINER_XMLDSIGMANIFEST_ = "XMLDSIGManifest";
+  
+  /**
+   * Value returned by {link getReferringReferenceNumber}, signalling that the
+   * attribute is not used.
+   */
+  public static int REFERER_NONE_ = -1;
+  
+  /**
+   * Returns a <code>String</code> signalling what kind of container the 
+   * XMLDSIG <code>Reference</code> this <code>InputData</code> belongs 
+   * to is part of.
+   * 
+   * @return the kind of container. 
+   */
+  public String getPartOf();
+  
+  /**
+   * If this <code>InputData</code> belongs to an XMLDSIG <code>Reference</code>
+   * being part of either a XMLDSIGManifest or a SignatureManifest, this method
+   * returns a positive int value signalling the particular <code>Reference</code>
+   * of the XMLDSIG <code>SignedInfo</code> referring to the XMLDSIGManifest or
+   * SignatureManifest respectively.
+   */
+  public int getReferringReferenceNumber();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/MetaInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/MetaInfo.java
new file mode 100644
index 0000000..2413229
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/MetaInfo.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Object encapsulating descriptive meta information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface MetaInfo {
+  /**
+   * Gets the mime type of the associated object.
+   * 
+   * @return The mimetype of the associated object.
+   */
+  public String getMimeType();
+  /**
+   * Gets the descriptive information (URI).
+   * 
+   * @return URI referencing the descriptive information.
+   */
+  public String getDescription();
+  /**
+   * Gets the elemental informations.
+   * 
+   * @return The elemental informations.
+   */  
+  public NodeList getAnyElements();
+  /**
+   * Gets the XML signature creation type information of the associated object.
+   * 
+   * @return the XML signature creation type information of the associated object.
+   */
+  public String getType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
new file mode 100644
index 0000000..777365a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.security.cert.X509Certificate;
+
+
+/**
+ * Contains information about the signer.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SignerInfo {
+  /**
+   * Gets the signer certificate.
+   * 
+   * @return The signer certificate.
+   */  
+  public X509Certificate getSignerCertificate();
+  /**
+   * Checks, whether the certificate contained in this object is qualified.
+   * 
+   * @return <code>true</code>, if the certificate is qualified, otherwise
+   * <code>false</code>.
+   */
+  public boolean isQualifiedCertificate();
+  
+  
+  /**
+   * Checks, whether the signature is based on a SSCD.
+   * 
+   * @return <code>true</code>, if the signature is based on a SSCD, otherwise
+   * <code>false</code>.
+   */
+  public boolean isSSCD();
+  
+  /**
+   * Returns the source of the SSCD check (TSL or Certificate)   * 
+   */
+  public String getSSCDSource();
+
+  /**
+   * Returns the source of the QC check (TSL or Certificate)   * 
+   */
+  public String getQCSource();
+
+  /**
+   * Returns the signer certificate issuer country code
+   * @return
+   */
+  public String getIssuerCountryCode();
+  /**
+   * Checks, whether the certificate contained in this object is a 
+   * public authority certificate.
+   * 
+   * @return <code>true</code>, if the certificate is a public authority 
+   * certificate, otherwise <code>false</code>.
+   */
+  public boolean isPublicAuthority();
+  /**
+   * Gets the public authority ID, if the certificate contained in this
+   * object is from a public authority.
+   * 
+   * @return The public authority ID.
+   */  
+  public String getPublicAuhtorityID();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
new file mode 100644
index 0000000..0e0c82c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
@@ -0,0 +1,82 @@
+/*

+ * Copyright 2003 Federal Chancellery Austria

+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal

+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.

+ *

+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by

+ * the European Commission - subsequent versions of the EUPL (the "Licence");

+ * You may not use this work except in compliance with the Licence.

+ * You may obtain a copy of the Licence at:

+ * http://www.osor.eu/eupl/

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the Licence is distributed on an "AS IS" basis,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the Licence for the specific language governing permissions and

+ * limitations under the Licence.

+ *

+ * This product combines work with different licenses. See the "NOTICE" text

+ * file for details on the various modules and licenses.

+ * The "NOTICE" text file is part of the distribution. Any derivative works

+ * that you distribute must include a readable copy of the "NOTICE" text file.

+ */

+

+

+package at.gv.egovernment.moa.spss.api.common;

+

+

+import iaik.xml.crypto.utils.URI;

+

+import java.util.Date;

+

+

+/**

+ * Contains TSL configuration information.

+ * 

+ * @author kstranacher

+ */

+public interface TSLConfiguration {

+	

+	/** Default URL of EU TSL */

+	public String DEFAULT_EU_TSL_URL = "https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml";

+	

+	/** Default period (1day=86400000 msec) for update schedule */

+	public String DEFAULT_UPDATE_SCHEDULE_PERIOD = "86400000";

+	

+	/** Default start time (2:00 AM) for update schedule */

+	public String DEFAULT_UPDATE_SCHEDULE_STARTTIME = "02:00:00";

+	

+	public String DEFAULT_WORKING_DIR = "tslworking";

+	

+  /**

+   * Gets the EU TSL URL.

+   * 

+   * @return The EU TSL URL.

+   */  

+  public String getEuTSLUrl();

+

+  /**

+   * 

+   * @return

+   */

+  public Date getUpdateScheduleStartTime();

+  

+  /**

+   * 

+   * @return

+   */

+  public long getUpdateSchedulePeriod();

+  

+  /**

+   * 

+   * @return

+   */

+  public String getWorkingDirectory();

+  

+  /**

+   * 

+   * @return

+   */

+  public URI getWorkingDirectoryAsURI();

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Transform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Transform.java
new file mode 100644
index 0000000..ad050b4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Transform.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Base class for XMLDsig <code>Transform</code> elements.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface Transform {
+  /**
+   * Gets the algorithm URI of this <code>Transform</code>.
+   * 
+   * @return The algorithm URI of this <code>Transform</code>.
+   */
+  public String getAlgorithmURI();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/X509IssuerSerial.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/X509IssuerSerial.java
new file mode 100644
index 0000000..39ec807
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/X509IssuerSerial.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.math.BigInteger;
+
+/**
+ * Contains an X.509 issuer distinguished name/serial number pair.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface X509IssuerSerial {
+  /**
+   * Gets the issuer distinguished name.
+   * 
+   * @return The issuer distinguished name.
+   */
+  public String getX509IssuerName();
+  /**
+   * Gets the issuer serial number.
+   * 
+   * @return The issuer serial number.
+   */
+  public BigInteger getX509SerialNumber();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XMLDataObjectAssociation.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XMLDataObjectAssociation.java
new file mode 100644
index 0000000..fe2a795
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XMLDataObjectAssociation.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+
+/**
+ * Object encapsulating arbitrary content and optional descriptive meta
+ * information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface XMLDataObjectAssociation {
+  /**
+   * Gets descriptive meta information.
+   * 
+   * @return The descriptive meta information.
+   */
+  public MetaInfo getMetaInfo();
+  /**
+   * Gets the actual content.
+   * 
+   * @return The content of this association.
+   */
+  public Content getContent();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter.java
new file mode 100644
index 0000000..06a49a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.Map;
+
+/**
+ * An XPath expression set operation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface XPathFilter {
+  /** Subtract this filter's node set from the resulting node set. */
+  public static final String SUBTRACT_TYPE = "subtract";
+  /** Intersect this filter's node set with the resulting node set. */
+  public static final String INTERSECT_TYPE = "intersect";
+  /** Compute the union of this filter's node set and the resulting node set. */
+  public static final String UNION_TYPE = "union";
+  
+  /**
+   * Gets the type of this <code>XPathFilter</code>.
+   * 
+   * @return The type of this <code>XPathFilter</code>.
+   */
+  public String getFilterType();
+  /**
+   * Gets the XPath expression for selecting the nodes.
+   * 
+   * @return The XPath expression for selecting the nodes.
+   */
+  public String getXPathExpression();
+  /**
+   * Gets The namespace prefix to URI mapping used during evaluation of the
+   * XPath expression.
+   * 
+   * @return The namespace prefix to URI mapping.
+   */
+  public Map getNamespaceDeclarations();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter2Transform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter2Transform.java
new file mode 100644
index 0000000..6f05710
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter2Transform.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.List;
+
+/**
+ * An XPath type of <code>Transform</code> containing multiple filters for
+ * performing set operations on XPath selections. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface XPathFilter2Transform extends Transform {
+  /** Algorithm URI for the XPath Filter2 <code>Transform</code>. */
+  public static final String XPATH_FILTER2 =
+    "http://www.w3.org/2002/06/xmldsig-filter2";
+
+  /**
+   * Gets the <code>XPathFilter</code>s contained in this 
+   * <code>XPathFilter2Transform</code>.
+   * 
+   * @return The <code>XPathFilter</code>s.
+   */
+  public List getFilters();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathTransform.java
new file mode 100644
index 0000000..99eda2a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathTransform.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.Map;
+
+/**
+ * A <code>Transform</code> performing an XPath selection.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface XPathTransform extends Transform {
+  /** Algorithm URI of the XPath <code>Transform</code>. */
+  public static final String XPATH =
+    "http://www.w3.org/TR/1999/REC-xpath-19991116";
+
+  /**
+   * Gets the XPath expression used for selection.
+   * 
+   * @return The XPath expression used for selection.
+   */
+  public String getXPathExpression();
+  /**
+   * Gets The namespace prefix to URI mapping used during evaluation of the
+   * XPath expression.
+   * 
+   * @return The namespace prefix to URI mapping.
+   */
+  public Map getNamespaceDeclarations();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XSLTTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XSLTTransform.java
new file mode 100644
index 0000000..8cb6c8e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XSLTTransform.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.Element;
+
+/**
+ * A <code>Transform</code> containing an XSLT stylesheet.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface XSLTTransform extends Transform {
+  /** Algorithm URI for the XSLT type of <code>Transform</code>. */
+  public static final String XSLT =
+    "http://www.w3.org/TR/1999/REC-xslt-19991116";
+
+  /**
+   * Gets the XSLT stylesheet element used for the transformation.
+   * 
+   * @return The XSLT stylesheet element used for the transformation.
+   */
+  public Element getStylesheet();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/Base64TransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/Base64TransformImpl.java
new file mode 100644
index 0000000..f708bab
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/Base64TransformImpl.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Base64Transform;
+
+/**
+ * Default implementation of <code>Base64Transform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class Base64TransformImpl
+  extends TransformImpl
+  implements Base64Transform {
+
+  /**
+   * Create a new <code>Base64TransformImpl</code> object.
+   */
+  public Base64TransformImpl() {
+    setAlgorithmURI(BASE64_DECODING);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentExplicitImpl.java
new file mode 100644
index 0000000..8dede90
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentExplicitImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
+
+/**
+ * Default implementation of <code>CMSContentExplicit</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CMSContentExplicitImpl implements CMSContentExcplicit {
+  
+  /** The binary content, as a stream. */
+  private InputStream binaryContent;
+
+  /**
+   * Sets the binary content as a stream.
+   * 
+   * @param content The binary content as a stream.
+   */
+  public void setBinaryContent(InputStream content) {
+    this.binaryContent = content;
+  }
+
+  public InputStream getBinaryContent() {
+    return binaryContent;
+  }
+
+  /**
+   * Gets the type of content.
+   * 
+   * @return EXPLICIT_CONTENT
+   */
+  public int getContentType() {
+    return EXPLICIT_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentReferenceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentReferenceImpl.java
new file mode 100644
index 0000000..fb90c5f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentReferenceImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
+
+/**
+ * Default implementation of <code>CMSContentReference</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CMSContentReferenceImpl implements CMSContentReference {
+  
+  /** The reference pointing to the actual data. */
+  private String reference;
+
+  /**
+   * Sets the reference URI.
+   * 
+   * @param referenceURI The URI pointing to the content data.
+   */
+  public void setReference(String referenceURI) {
+    this.reference = referenceURI;
+  }
+
+  public String getReference() {
+    return reference;
+  }
+
+  /**
+   * Gets the content type.
+   * 
+   * @return REFERENCE_CONTENT
+   */
+  public int getContentType() {
+    return REFERENCE_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java
new file mode 100644
index 0000000..20a9b56
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.math.BigDecimal;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * Default implementation of <code>CMLSDataObject</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CMSDataObjectImpl implements CMSDataObject {
+  
+  /** The <code>MetaInfo</code> associated with the CMS data object. */
+  private MetaInfo metaInfo;
+  /** The <code>CMSContent</code> contained in this data object. */
+  private CMSContent cmsContent;
+  
+  private BigDecimal excludeByteRangeFrom;
+  private BigDecimal excludeByteRangeTo;
+
+  /**
+   * Sets the meta information associated with the CMS data object.
+   * 
+   * @param metaInfo The meta information.
+   */
+  public void setMetaInfo(MetaInfo metaInfo) {
+    this.metaInfo = metaInfo;
+  }
+
+  public MetaInfo getMetaInfo() {
+    return metaInfo;
+  }
+
+  /**
+   * Sets the data of this <code>CMSDataObject</code>.
+   * 
+   * @param cmsContent The actual data of this <code>CMSDataObject</code>.
+   */
+  public void setContent(CMSContent cmsContent) {
+    this.cmsContent = cmsContent;
+  }
+
+  public CMSContent getContent() {
+    return cmsContent;
+  }
+
+  public void setExcludeByteRangeFrom(BigDecimal excludeByteRangeFrom) {
+  	this.excludeByteRangeFrom = excludeByteRangeFrom;
+  }
+  
+  public BigDecimal getExcludeByteRangeFrom() {
+	  return excludeByteRangeFrom;
+  }
+  
+  public void setExcludeByteRangeTo(BigDecimal excludeByteRangeTo) {
+	  this.excludeByteRangeTo = excludeByteRangeTo;
+  }
+  
+  public BigDecimal getExcludeByteRangeTo() {
+	  return excludeByteRangeTo;
+  }	
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java
new file mode 100644
index 0000000..b512dd0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+
+/**
+ * Default implementation of <code>CMSSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public class CMSSignatureResponseImpl
+  implements CMSSignatureResponse {
+
+  /** The base64 value of the CMS signature. */
+  private String cmsSignature;
+
+  /** 
+   * Sets the CMS signature.
+   * 
+   * @param cmsSignature The Base64 encoded value CMS signature.
+   */
+  public void setCMSSignature(String cmsSignature) {
+    this.cmsSignature = cmsSignature;
+  }
+
+  public String getCMSSignature() {
+    return cmsSignature;
+  }
+
+  /**
+   * Gets the type of <code>CreateCMSSignatureResponseElement</code>.
+   * 
+   * @return CMS_SIGNATURE
+   */
+  public int getResponseType() {
+    return CMS_SIGNATURE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CanonicalizationTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CanonicalizationTransformImpl.java
new file mode 100644
index 0000000..f8efe26
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CanonicalizationTransformImpl.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.CanonicalizationTransform;
+
+/**
+ * Default implementation of <code>CanonicalizationTransform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CanonicalizationTransformImpl
+  extends TransformImpl
+  implements CanonicalizationTransform {
+    
+  /**
+   * Create a new <code>CanonicalizationTransformImpl</code> object.
+   * 
+   * @param algorithmURI Algorithm URI of the canonicalization 
+   * <code>Transform</code> type. 
+   */
+  public CanonicalizationTransformImpl(String algorithmURI) {
+    setAlgorithmURI(algorithmURI);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckResultImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckResultImpl.java
new file mode 100644
index 0000000..5bb6e60
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckResultImpl.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+
+/**
+ * Default implementation of <code>CheckResult</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CheckResultImpl implements CheckResult {
+  /** The result code. */
+  private int code;
+  
+  /** Additional information. */ 
+  private NodeList info;
+
+  /**
+   * Sets a result code.
+   * 
+   * @param code The result code.
+   */
+  public void setCode(int code) {
+    this.code = code;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.CheckResult#getCode()
+   */
+  public int getCode() {
+    return code;
+  }
+
+  /**
+   * Sets a descriptive information.
+   * 
+   * @param info The descriptive information.
+   */
+  public void setInfo(NodeList info) {
+    this.info = info;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.CheckResult#getInfo()
+   */
+  public NodeList getInfo() {
+    return info;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentBinaryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentBinaryImpl.java
new file mode 100644
index 0000000..7fe1cf9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentBinaryImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+
+/**
+ * Default implementation of <code>ContentBinary</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ContentBinaryImpl extends ContentImpl implements ContentBinary {
+
+  /** The binary content as a stream. */ 
+  private InputStream binaryContent;
+
+  /**
+   * Sets the binary content as a stream.
+   * 
+   * @param binaryContent The binary content as a stream.
+   */
+  public void setBinaryContent(InputStream binaryContent) {
+    this.binaryContent = binaryContent;
+  }
+
+  public InputStream getBinaryContent() {
+    return binaryContent;
+  }
+
+  /**
+   * Gets the type of content.
+   * 
+   * @return BINARY_CONTENT
+   */
+  public int getContentType() {
+    return BINARY_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentImpl.java
new file mode 100644
index 0000000..d061747
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentImpl.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+
+/**
+ * Default base class for <code>Content</code> implementations.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class ContentImpl implements Content {
+  /** The reference pointing to the content data. */
+  private String reference;
+
+  /**
+   * Sets the reference pointing to the content data.
+   * 
+   * @param referenceURI The URI of the content data.
+   */
+  public void setReference(String referenceURI) {
+    this.reference = referenceURI;
+  }
+
+  public String getReference() {
+    return reference;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentLocRefImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentLocRefImpl.java
new file mode 100644
index 0000000..aa01a93
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentLocRefImpl.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.ContentLocRef;
+
+/**
+ * Default implementation of <code>ContentLocRef</code>.
+ * 
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class ContentLocRefImpl extends ContentImpl implements ContentLocRef 
+{
+  /**
+   * The location reference URI pointing to the actual remote location of the content. 
+   */
+  private String locationReferenceURI_;
+  
+  /** 
+   * @see at.gv.egovernment.moa.spss.api.common.ContentLocRef#getLocationReferenceURI()
+   */
+  public String getLocationReferenceURI()
+  {
+    return locationReferenceURI_;
+  }
+  
+  /**
+   * Sets the location reference URI pointing to the actual remote location of the content. 
+   * 
+   * @param locationReferenceURI the location reference URI.
+   */
+  public void setLocationReferenceURI(String locationReferenceURI)
+  {
+    locationReferenceURI_ = locationReferenceURI;
+  }
+  
+  /**
+   * Gets the type of content.
+   * 
+   * @return LOCREF_CONTENT.
+   */
+  public int getContentType() {
+    return LOCREF_CONTENT;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentReferenceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentReferenceImpl.java
new file mode 100644
index 0000000..ab5c3b4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentReferenceImpl.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.ContentReference;
+
+/**
+ * Default implementation of <code>ContentReference</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ContentReferenceImpl
+  extends ContentImpl
+  implements ContentReference {
+
+  /**
+   * Gets the type of content.
+   * 
+   * @return REFERENCE_CONTENT
+   */
+  public int getContentType() {
+    return REFERENCE_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentXMLImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentXMLImpl.java
new file mode 100644
index 0000000..dcc1935
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentXMLImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+
+/**
+ * Default implementation of <code>ContentXML</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ContentXMLImpl extends ContentImpl implements ContentXML {
+
+  /** The nodes making up the XML content. */
+  private NodeList xmlContent;
+  
+  /**
+   * Sets the nodes making up the XML content.
+   * 
+   * @param xmlContent The XML content.
+   */
+  public void setXMLContent(NodeList xmlContent) {
+    this.xmlContent = xmlContent;
+  }
+
+  public NodeList getXMLContent() {
+    return xmlContent;
+  }
+
+  /**
+   * Gets the type of content.
+   * 
+   * @return XML_CONTENT
+   */
+  public int getContentType() {
+    return XML_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java
new file mode 100644
index 0000000..e8408bc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+
+/**
+ * Default implementation of <code>CreateCMSSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateCMSSignatureRequestImpl
+  implements CreateCMSSignatureRequest {
+
+  /** The identifier for selecting the private keys for creating the signature.*/
+  private String keyIdentifier;
+  /** Information for creating a single signature. */
+  private List singleSignatureInfos = new ArrayList();
+
+  /**
+   * Sets the identifier for selecting the private keys for creating the 
+   * signature.
+   * 
+   * @param keyIdentifier The identifier for selecting the private keys.
+   */
+  public void setKeyIdentifier(String keyIdentifier) {
+    this.keyIdentifier = keyIdentifier;
+  }
+
+  public String getKeyIdentifier() {
+    return keyIdentifier;
+  }
+
+  /**
+   * Sets the information for creating single signatures.
+   * 
+   * @param singleSignaureInfos The information for creating single signatures.
+   */
+  public void setSingleSignatureInfos(List singleSignaureInfos) {
+    this.singleSignatureInfos =
+      singleSignaureInfos != null
+        ? Collections.unmodifiableList(new ArrayList(singleSignaureInfos))
+        : null;
+  }
+
+  public List getSingleSignatureInfos() {
+    return singleSignatureInfos;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java
new file mode 100644
index 0000000..d596058
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+
+/**
+ * Default implementation of <code>CreateCMSSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseImpl
+  implements CreateCMSSignatureResponse {
+
+  /** The elements contained in the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Sets the elements contained in the response.
+   * 
+   * @param responseElements The response elements.
+   */
+  public void setResponseElements(List responseElements) {
+    this.responseElements =
+      responseElements != null
+        ? Collections.unmodifiableList(new ArrayList(responseElements))
+        : null;
+  }
+
+  public List getResponseElements() {
+    return responseElements;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
new file mode 100644
index 0000000..9fe8eaf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+
+/**
+ * Default implementation of 
+ * <codeCreateSignatureEnvironmentProfileExplicit</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateSignatureEnvironmentProfileExplicitImpl
+  implements CreateSignatureEnvironmentProfileExplicit {
+
+  /** The insertion location of the signature to be created. */
+  private CreateSignatureLocation createSignatureLocation;
+
+  /** Supplemental information for evaluating the signature environment. */
+  private List supplements;
+
+  /**
+   * Sets the insertion location of the signature to be created.
+   * 
+   * @param createSignatureLocation The insertion location of the signature to 
+   * be created.
+   */
+  public void setCreateSignatureLocation(CreateSignatureLocation createSignatureLocation) {
+    this.createSignatureLocation = createSignatureLocation;
+  }
+
+  public CreateSignatureLocation getCreateSignatureLocation() {
+    return createSignatureLocation;
+  }
+
+  /**
+   * Sets the supplemental information for evaluating the signature
+   * environment.
+   * 
+   * @param supplements The supplemental information.
+   */
+  public void setSupplements(List supplements) {
+    this.supplements =
+      supplements != null
+        ? Collections.unmodifiableList(new ArrayList(supplements))
+        : null;
+  }
+
+  public List getSupplements() {
+    return supplements;
+  }
+
+  /**
+   * Gets the type of profile.
+   * 
+   * @return EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE
+   */
+  public int getCreateSignatureEnvironmentProfileType() {
+    return EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileIDImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileIDImpl.java
new file mode 100644
index 0000000..5edbf4f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileIDImpl.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileID;
+
+/**
+ * Default implementation of <code>CreateSignatureEnvironmentProfileID</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateSignatureEnvironmentProfileIDImpl
+  implements CreateSignatureEnvironmentProfileID {
+
+  /** The profile ID. */
+  private String createSignatureEnvironmentProfileID;
+
+  /**
+   * Sets the profile ID.
+   * 
+   * @param profileID The profile ID.
+   */
+  public void setCreateSignatureEnvironmentProfileID(String profileID) {
+    this.createSignatureEnvironmentProfileID = profileID;
+  }
+
+  public String getCreateSignatureEnvironmentProfileID() {
+    return createSignatureEnvironmentProfileID;
+  }
+
+  /**
+   * Gets the type of profile.
+   * 
+   * @return ID_CREATESIGNATUREENVIRONMENTPROFILE
+   */
+  public int getCreateSignatureEnvironmentProfileType() {
+    return ID_CREATESIGNATUREENVIRONMENTPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureInfoImpl.java
new file mode 100644
index 0000000..7111633
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureInfoImpl.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+
+/**
+ * Default implementation of <code>CreateSignatureInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateSignatureInfoImpl implements CreateSignatureInfo {
+  
+  /** The signature environment that will contain the newly created 
+   * signature. */
+  private Content createSignatureEnvironment;
+
+  /** Additional information about the signature environment. */
+  private CreateSignatureEnvironmentProfile createSignatureEnvironmentProfile;
+
+  /**
+   * Sets the signature environment that will contain the newly created 
+   * signature.
+   * 
+   * @param createSignatureEnvironment The signature environment.
+   */
+  public void setCreateSignatureEnvironment(Content createSignatureEnvironment) {
+    this.createSignatureEnvironment = createSignatureEnvironment;
+  }
+
+  public Content getCreateSignatureEnvironment() {
+    return createSignatureEnvironment;
+  }
+
+  /**
+   * Sets the signature environment profile containing additional information
+   * about the signature environment.
+   * 
+   * @param profile The signature environment profile.
+   */
+  public void setCreateSignatureEnvironmentProfile(CreateSignatureEnvironmentProfile profile) {
+    this.createSignatureEnvironmentProfile = profile;
+  }
+
+  public CreateSignatureEnvironmentProfile getCreateSignatureEnvironmentProfile() {
+    return createSignatureEnvironmentProfile;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureLocationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureLocationImpl.java
new file mode 100644
index 0000000..6f3101f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureLocationImpl.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+
+/**
+ * Default implementation of <code>CreateSignatureLocation</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateSignatureLocationImpl
+  extends ElementSelectorImpl
+  implements CreateSignatureLocation {
+
+  /** The index of the newly created signature. */
+  private int index;
+
+  /**
+   * Sets the index of the newly created signature.
+   * 
+   * @param index The index of the newly created signature.
+   */
+  public void setIndex(int index) {
+    this.index = index;
+  }
+
+  public int getIndex() {
+    return index;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoImpl.java
new file mode 100644
index 0000000..d53f103
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoImpl.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+
+/**
+ * Default implementation of <code>CreateTransformsInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateTransformsInfoImpl implements CreateTransformsInfo {
+  /** The dsig:Transforms. */
+  private List transforms;
+  /** Meta information about the data resulting from the transforms. */
+  private MetaInfo finalDataMetaInfo;
+
+  /**
+   * Sets the transforms.
+   * 
+   * @param transforms The transforms.
+   */
+  public void setTransforms(List transforms) {
+    this.transforms =
+      transforms != null
+        ? Collections.unmodifiableList(new ArrayList(transforms))
+        : null;
+  }
+
+  public List getTransforms() {
+    return transforms;
+  }
+
+  /**
+   * Sets the meta information about the data resulting from the transforms.
+   * 
+   * @param finalDataMetaInfo The meta information.
+   */
+  public void setFinalDataMetaInfo(MetaInfo finalDataMetaInfo) {
+    this.finalDataMetaInfo = finalDataMetaInfo;
+  }
+
+  public MetaInfo getFinalDataMetaInfo() {
+    return finalDataMetaInfo;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileExplicitImpl.java
new file mode 100644
index 0000000..b6b9d52
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileExplicitImpl.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit;
+
+/**
+ * Default implementation of <code>CreateTransformsInfoProfileExplicit</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateTransformsInfoProfileExplicitImpl
+  implements CreateTransformsInfoProfileExplicit {
+
+  /** Transformation information. */
+  private CreateTransformsInfo transformsInfo;
+  /** Additional data for the transformations. */
+  private List supplements = new ArrayList();
+
+  /**
+   * Sets the transformation information.
+   * 
+   * @param transformsInfo The transformation information.
+   */
+  public void setCreateTransformsInfo(CreateTransformsInfo transformsInfo) {
+    this.transformsInfo = transformsInfo;
+  }
+
+  public CreateTransformsInfo getCreateTransformsInfo() {
+    return transformsInfo;
+  }
+
+  /**
+   * Sets the additional data for the transformations.
+   * 
+   * @param supplements The additional data.
+   */
+  public void setSupplements(List supplements) {
+    this.supplements =
+      supplements != null
+        ? Collections.unmodifiableList(new ArrayList(supplements))
+        : null;
+  }
+
+  public List getSupplements() {
+    return supplements;
+  }
+
+  /**
+   * Gets the type of profile.
+   * 
+   * @return EXPLICIT_CREATETRANSFORMSINFOPROFILE
+   */
+  public int getCreateTransformsInfoProfileType() {
+    return EXPLICIT_CREATETRANSFORMSINFOPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileIDImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileIDImpl.java
new file mode 100644
index 0000000..55d0ca6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileIDImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileID;
+
+/**
+ * Default implementation of <code>CreateTransformsInfoProfileID</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateTransformsInfoProfileIDImpl
+  implements CreateTransformsInfoProfileID {
+
+  /** The profile ID. */
+  private String createTransformsID;
+
+  /**
+   * Sets the profile ID.
+   * @param createTransformsID The profile ID.
+   */
+  public void setCreateTransformsInfoProfileID(String createTransformsID) {
+    this.createTransformsID = createTransformsID;
+  }
+
+  public String getCreateTransformsInfoProfileID() {
+    return createTransformsID;
+  }
+
+  /**
+   * Gets the type of profile.
+   * 
+   * @return ID_CREATETRANSFORMSINFOPROFILE
+   */
+  public int getCreateTransformsInfoProfileType() {
+    return ID_CREATETRANSFORMSINFOPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureRequestImpl.java
new file mode 100644
index 0000000..aaffaa7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureRequestImpl.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+
+/**
+ * Default implementation of <code>CreateXMLSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateXMLSignatureRequestImpl
+  implements CreateXMLSignatureRequest {
+
+  /** The identifier for selecting the private keys for creating the signature.*/
+  private String keyIdentifier;
+  /** Information for creating a single signature. */
+  private List singleSignatureInfos = new ArrayList();
+
+  /**
+   * Sets the identifier for selecting the private keys for creating the 
+   * signature.
+   * 
+   * @param keyIdentifier The identifier for selecting the private keys.
+   */
+  public void setKeyIdentifier(String keyIdentifier) {
+    this.keyIdentifier = keyIdentifier;
+  }
+
+  public String getKeyIdentifier() {
+    return keyIdentifier;
+  }
+
+  /**
+   * Sets the information for creating single signatures.
+   * 
+   * @param singleSignaureInfos The information for creating single signatures.
+   */
+  public void setSingleSignatureInfos(List singleSignaureInfos) {
+    this.singleSignatureInfos =
+      singleSignaureInfos != null
+        ? Collections.unmodifiableList(new ArrayList(singleSignaureInfos))
+        : null;
+  }
+
+  public List getSingleSignatureInfos() {
+    return singleSignatureInfos;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureResponseImpl.java
new file mode 100644
index 0000000..7a8359f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureResponseImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+
+/**
+ * Default implementation of <code>CreateXMLSignatureResponse</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateXMLSignatureResponseImpl
+  implements CreateXMLSignatureResponse {
+
+  /** The elements contained in the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Sets the elements contained in the response.
+   * 
+   * @param responseElements The response elements.
+   */
+  public void setResponseElements(List responseElements) {
+    this.responseElements =
+      responseElements != null
+        ? Collections.unmodifiableList(new ArrayList(responseElements))
+        : null;
+  }
+
+  public List getResponseElements() {
+    return responseElements;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java
new file mode 100644
index 0000000..702086b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+
+/**
+ * Default implementation of <code>DataObjectInfo</code> for CMS.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class DataObjectInfoCMSImpl implements DataObjectInfo {
+  /** The signature structure type. */
+  private String stucture;
+  /** The data object to be signed. */
+  private CMSDataObject dataObject;
+
+  /**
+   * Sets the signature structure type.
+   * 
+   * @param structure The signature structure type.
+   */
+  public void setStructure(String structure) {
+    this.stucture = structure;
+  }
+
+  public String getStructure() {
+    return stucture;
+  }
+
+
+  /**
+   * Sets the data object to be signed.
+   * 
+   * @param dataObject The data object to be signed.
+   */
+  public void setDataObject(CMSDataObject dataObject) {
+    this.dataObject = dataObject;
+  }
+
+  public CMSDataObject getDataObject() {
+    return dataObject;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoImpl.java
new file mode 100644
index 0000000..7a25a97
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoImpl.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+
+/**
+ * Default implementation of <code>DataObjectInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class DataObjectInfoImpl implements DataObjectInfo {
+  /** The signature structure type. */
+  private String stucture;
+  /** Whether a reference will be placed in the signature itself or in the
+   * manifest */
+  private boolean childOfManifest;
+  /** The data object to be signed. */
+  private Content dataObject;
+  /** The profile containing additional information for the transformations. */
+  private CreateTransformsInfoProfile createTransformsInfoProfile;
+
+  /**
+   * Sets the signature structure type.
+   * 
+   * @param structure The signature structure type.
+   */
+  public void setStructure(String structure) {
+    this.stucture = structure;
+  }
+
+  public String getStructure() {
+    return stucture;
+  }
+
+  /**
+   * Sets whether a reference will be placed in the signature itself or in the
+   * manifest.
+   * 
+   * @param childOfManifest Whether to put the reference in the signature of
+   * in the manifest. 
+   */
+  public void setChildOfManifest(boolean childOfManifest) {
+    this.childOfManifest = childOfManifest;
+  }
+
+  public boolean isChildOfManifest() {
+    return childOfManifest;
+  }
+
+  /**
+   * Sets the data object to be signed.
+   * 
+   * @param dataObject The data object to be signed.
+   */
+  public void setDataObject(Content dataObject) {
+    this.dataObject = dataObject;
+  }
+
+  public Content getDataObject() {
+    return dataObject;
+  }
+
+  /**
+   * Sets additional information for the transformations.
+   * 
+   * @param profile The profile containing additional information for the
+   * transformations.
+   */
+  public void setCreateTransformsInfoProfile(CreateTransformsInfoProfile profile) {
+    this.createTransformsInfoProfile = profile;
+  }
+
+  public CreateTransformsInfoProfile getCreateTransformsInfoProfile() {
+    return createTransformsInfoProfile;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ElementSelectorImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ElementSelectorImpl.java
new file mode 100644
index 0000000..7de0660
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ElementSelectorImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.spss.api.common.ElementSelector;
+
+/**
+ * Default implementation of <code>ElementSelector</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ElementSelectorImpl implements ElementSelector {
+  /** The XPath expression pointing to the element. */
+  private String xPathExpression;
+  /** The namespace declarations to apply for evaluating the XPath */
+  private Map namespaceDeclarations = new HashMap();
+
+  /**
+   * Sets the XPath expression pointing to the element.
+   * 
+   * @param xPathExpression XPath expression pointing to the element.
+   */
+  public void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * Sets namespace declarations to apply for evaluating the XPath.
+   * 
+   * @param namespaceDeclarations The namespace declarations to apply for 
+   * evaluating the XPath.
+   */
+  public void setNamespaceDeclarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/EnvelopedSignatureTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/EnvelopedSignatureTransformImpl.java
new file mode 100644
index 0000000..121037f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/EnvelopedSignatureTransformImpl.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.EnvelopedSignatureTransform;
+
+/**
+ * Default implementation of <code>EnvelopedSignatureTransform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class EnvelopedSignatureTransformImpl
+  extends TransformImpl
+  implements EnvelopedSignatureTransform {
+
+  /**
+   * Create a <code>EnvelopedSignatureTransformImpl</code>.
+   */
+  public EnvelopedSignatureTransformImpl() {
+    setAlgorithmURI(ENVELOPED_SIGNATURE);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ErrorResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ErrorResponseImpl.java
new file mode 100644
index 0000000..a2a59a7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ErrorResponseImpl.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+
+/**
+ * Default implementation of <code>ErrorResponse</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ErrorResponseImpl implements ErrorResponse {
+  /** The error code. */
+  private int code;
+  /** Verbose error message. */
+  private String info;
+
+  /**
+   * Sets the error code.
+   * 
+   * @param code The error code.
+   */
+  public void setErrorCode(int code) {
+    this.code = code;
+  }
+
+  public int getErrorCode() {
+    return code;
+  }
+
+  /**
+   * Sets the verbose error information.
+   * 
+   * @param info The verbose error information.
+   */
+  public void setInfo(String info) {
+    this.info = info;
+  }
+
+  public String getInfo() {
+    return info;
+  }
+
+  /**
+   * Gets the response type.
+   * 
+   * @return ERROR_RESPONSE 
+   */
+  public int getResponseType() {
+    return ERROR_RESPONSE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExclusiveCanonicalizationTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExclusiveCanonicalizationTransformImpl.java
new file mode 100644
index 0000000..eea09c0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExclusiveCanonicalizationTransformImpl.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.ExclusiveCanonicalizationTransform;
+
+/**
+ * Default implementation of <code>ExclusiveCanonicalizationTransform</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ExclusiveCanonicalizationTransformImpl
+  extends TransformImpl
+  implements ExclusiveCanonicalizationTransform {
+
+  /** The namespaces to treat according to canonical XML. */
+  private List inclusiveNamespacePrefixes;
+  
+  /** 
+   * Create a <code>ExclusiveCanonicalizationTransformImpl</code> object.
+   * 
+   * @param algorithmURI The algorithm URI identifying the transformation
+   * algorithm.
+   */
+  public ExclusiveCanonicalizationTransformImpl(String algorithmURI) {
+    setAlgorithmURI(algorithmURI);
+  }
+
+  /**
+   * Sets the namespaces to treat according to canonical XML.
+   * @param inclusiveNamespacePrefixes The namespaces to treat according to 
+   * canonical XML.
+   */
+  public void setInclusiveNamespacePrefixes(List inclusiveNamespacePrefixes) {
+    this.inclusiveNamespacePrefixes =
+      inclusiveNamespacePrefixes != null
+        ? Collections.unmodifiableList(new ArrayList(inclusiveNamespacePrefixes))
+        : null;
+  }
+
+  public List getInclusiveNamespacePrefixes() {
+    return inclusiveNamespacePrefixes;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java
new file mode 100644
index 0000000..27f6f85
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.spss.MOARuntimeException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+
+/**
+ * Content wrapper decorating a binary content with two additional attributes 
+ * needed for returning <code>HashInputData</code> and <code>ReferenceInputData
+ * </code> information as part of <code>VerifyXMLSignatureResponse</code>.
+ * 
+ * @author Gregor Karlinger
+ * 
+ * @version $Id$
+ */
+public class InputDataBinaryImpl implements ContentBinary, InputData
+{
+  /**
+   * The wrapped <code>Content</code>.
+   */
+  protected ContentBinary wrapped_;
+  
+  /**
+   * This attribute signals what kind of container the XMLDSIG <code>Reference</code>
+   * this <code>InputData</code> belongs to is part of. 
+   */
+  protected String partOf_;
+  
+  /**
+   * If this <code>InputData</code> belongs to an XMLDSIG <code>Reference</code>
+   * being part of either a XMLDSIGManifest or a SignatureManifest, this attribute
+   * (a positive int) signals the particular <code>Reference</code> of the XMLDSIG 
+   * <code>SignedInfo</code> referring to the XMLDSIGManifest or SignatureManifest
+   * respectively.
+   */
+  protected int referringReferenceNumber_;
+  
+  /**
+   * Creates a new instance.
+   * 
+   * @param wrapped The wrapped <code>Content</code>. Must be of type {@link Content#BINARY_CONTENT}.
+   * 
+   * @param partOf see {@link InputData}
+   * 
+   * @param referringReferenceNumber see {@link InputData}
+   */
+  public InputDataBinaryImpl(Content wrapped, String partOf, int referringReferenceNumber) throws MOARuntimeException
+  {
+    if (wrapped.getContentType() != Content.BINARY_CONTENT) throw new MOARuntimeException("9901", null);
+    
+    wrapped_ = (ContentBinary) wrapped;
+    partOf_ =  partOf;
+    referringReferenceNumber_ = referringReferenceNumber;
+  }
+  
+  /** 
+   * @see at.gv.egovernment.moa.spss.api.common.Content#getContentType()
+   */
+  public int getContentType()
+  {
+    return wrapped_.getContentType();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.Content#getReference()
+   */
+  public String getReference()
+  {
+    return wrapped_.getReference();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.ContentBinary#getBinaryContent()
+   */
+  public InputStream getBinaryContent()
+  {
+    return wrapped_.getBinaryContent();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.InputData#getPartOf()
+   */
+  public String getPartOf()
+  {
+    return partOf_;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.InputData#getReferringReferenceNumber()
+   */
+  public int getReferringReferenceNumber()
+  {
+    return referringReferenceNumber_;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java
new file mode 100644
index 0000000..432e1a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.MOARuntimeException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+
+/**
+ * Content wrapper decorating an XML content with two additional attributes 
+ * needed for returning <code>HashInputData</code> and <code>ReferenceInputData
+ * </code> information as part of <code>VerifyXMLSignatureResponse</code>.
+ * 
+ * @author Gregor Karlinger
+ * 
+ * @version $Id$
+ */
+public class InputDataXMLImpl implements ContentXML, InputData
+{
+  /**
+   * The wrapped <code>ContentXML</code>.
+   */
+  protected ContentXML wrapped_;
+  
+  /**
+   * This attribute signals what kind of container the XMLDSIG <code>Reference</code>
+   * this <code>InputData</code> belongs to is part of. 
+   */
+  protected String partOf_;
+  
+  /**
+   * If this <code>InputData</code> belongs to an XMLDSIG <code>Reference</code>
+   * being part of either a XMLDSIGManifest or a SignatureManifest, this attribute
+   * (a positive int) signals the particular <code>Reference</code> of the XMLDSIG 
+   * <code>SignedInfo</code> referring to the XMLDSIGManifest or SignatureManifest
+   * respectively.
+   */
+  protected int referringReferenceNumber_;
+  
+  /**
+   * Creates a new instance.
+   * 
+   * @param wrapped The wrapped <code>ContentBinary</code>. Must be of type {@link Content#XML_CONTENT}.
+   * 
+   * @param partOf see {@link InputData}
+   * 
+   * @param referringReferenceNumber see {@link InputData}
+   */
+  public InputDataXMLImpl(Content wrapped, String partOf, int referringReferenceNumber)
+  {
+    if (wrapped.getContentType() != Content.XML_CONTENT) throw new MOARuntimeException("9901", null);
+
+    wrapped_ = (ContentXML) wrapped;
+    partOf_ =  partOf;
+    referringReferenceNumber_ = referringReferenceNumber;
+  }
+  
+  /** 
+   * @see at.gv.egovernment.moa.spss.api.common.Content#getContentType()
+   */
+  public int getContentType()
+  {
+    return wrapped_.getContentType();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.Content#getReference()
+   */
+  public String getReference()
+  {
+    return wrapped_.getReference();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.ContentXML#getXMLContent()
+   */
+  public NodeList getXMLContent()
+  {
+    return wrapped_.getXMLContent();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.InputData#getPartOf()
+   */
+  public String getPartOf()
+  {
+    return partOf_;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.InputData#getReferringReferenceNumber()
+   */
+  public int getReferringReferenceNumber()
+  {
+    return referringReferenceNumber_;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultImpl.java
new file mode 100644
index 0000000..e5b7f40
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultImpl.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+
+/**
+ * Default implementation of <code>ManifestRefsCheckResult</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ManifestRefsCheckResultImpl implements ManifestRefsCheckResult {
+  /** The numerical check code. */
+  private int code;
+  /** Additional information about the check. */
+  private ManifestRefsCheckResultInfo info;
+
+  /**
+   * Sets the check code.
+   * 
+   * @param code A numerical representation of the result of the manifest check.
+   */
+  public void setCode(int code) {
+    this.code = code;
+  }
+
+  public int getCode() {
+    return code;
+  }
+
+  /**
+   * Sets a reference to the manifest.
+   * 
+   * @param info The reference to the manifest.
+   */
+  public void setInfo(ManifestRefsCheckResultInfo info) {
+    this.info = info;
+  }
+
+  public ManifestRefsCheckResultInfo getInfo() {
+    return info;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultInfoImpl.java
new file mode 100644
index 0000000..f0ef1c5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultInfoImpl.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+
+/**
+ * Default implementation of <code>ManifestRefsCheckResultInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ManifestRefsCheckResultInfoImpl
+  extends ReferencesCheckResultInfoImpl
+  implements ManifestRefsCheckResultInfo {
+
+  /** The position of the signature reference containing the reference to the 
+   * manifest being described by this object.*/
+  private int referringSignatureReference;
+
+  /**
+   * Sets the position of the signature reference containing the reference to 
+   * the manifest being described by this object.
+   * @param referringSignatureReference The position of the signature reference.
+   */
+  public void setReferringSignatureReference(int referringSignatureReference) {
+    this.referringSignatureReference = referringSignatureReference;
+  }
+
+  public int getReferringSignatureReference() {
+    return referringSignatureReference;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/MetaInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/MetaInfoImpl.java
new file mode 100644
index 0000000..e3a06c6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/MetaInfoImpl.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * Default implementation of <code>MetaInfo</code>.
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class MetaInfoImpl implements MetaInfo {
+  /** Information about the MIME type. */
+  private String mimeType;
+  /** URI pointing to a description of the content. */
+  private String description;
+  /** Descriptive XML content. */
+  private NodeList anyElements;
+  /** Type information for XML signature creation */
+  private String type;
+
+  /**
+   * Sets the MIME type.
+   * 
+   * @param mimeType The MIME type to set.
+   */
+  public void setMimeType(String mimeType) {
+    this.mimeType = mimeType;
+  }
+
+  public String getMimeType() {
+    return mimeType;
+  }
+
+  /**
+   * Sets the URI pointing to a description of the content.
+   * 
+   * @param description The URI pointing to a description of the content.
+   */
+  public void setDescription(String description) {
+    this.description = description;
+  }
+
+  public String getDescription() {
+    return description;
+  }
+
+  /**
+   * Sets descriptive XML content.
+   * 
+   * @param anyElements The elements to set.
+   */
+  public void setAnyElements(NodeList anyElements) {
+    this.anyElements = anyElements; 
+  }
+
+  public NodeList getAnyElements() {
+    return anyElements;
+  }
+
+  /**
+   * Sets the XML signature creation type information.
+   * 
+   * @param type the XML signature creation type information to set.
+   */
+  public void setType(String type) {
+    this.type = type;
+  }
+
+  public String getType() {
+    return type;
+  }
+
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferenceInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferenceInfoImpl.java
new file mode 100644
index 0000000..8bd81a7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferenceInfoImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+
+/**
+ * Default implementation of <code>ReferenceInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ReferenceInfoImpl implements ReferenceInfo {
+  /** Profile containing the transforms allowed in the signature. */
+  private List verifyTransformsInfoProfiles;
+
+  /**
+   * Sets the transforms profile used for verifying the transforms contained
+   * in the signature.
+   * 
+   * @param verifyTransformsInfoProfiles The profiles containing the transforms
+   * allowed in the signature. 
+   */
+  public void setVerifyTransformsInfoProfiles(List verifyTransformsInfoProfiles) {
+    this.verifyTransformsInfoProfiles =
+      verifyTransformsInfoProfiles != null
+        ? Collections.unmodifiableList(
+          new ArrayList(verifyTransformsInfoProfiles))
+        : null;
+  }
+
+  public List getVerifyTransformsInfoProfiles() {
+    return verifyTransformsInfoProfiles;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultImpl.java
new file mode 100644
index 0000000..d4cbab0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultImpl.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+
+/**
+ * Default implementation of <code>ReferencesCheckResult</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ReferencesCheckResultImpl implements ReferencesCheckResult {
+  /** The check code. */
+  private int code;
+  /** Additional information about the reference check. */
+  private ReferencesCheckResultInfo info;
+
+  /**
+   * Sets the check code.
+   * 
+   * @param code A numerical representation of the result of the reference 
+   * check.
+   */
+  public void setCode(int code) {
+    this.code = code;
+  }
+  
+  public int getCode() {
+    return code;
+  }
+
+  /**
+   * Sets additional information about the reference check.
+   * 
+   * @param manifestRefsCheckResultInfo Additional information about the 
+   * reference check.
+   */
+  public void setInfo(ReferencesCheckResultInfo manifestRefsCheckResultInfo) {
+    this.info = manifestRefsCheckResultInfo;
+  }
+  
+  public ReferencesCheckResultInfo getInfo() {
+    return info;
+  }  
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultInfoImpl.java
new file mode 100644
index 0000000..a696988
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultInfoImpl.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+
+/**
+ * Default implementation of <code>ReferencesCheckResultInfo</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ReferencesCheckResultInfoImpl
+  implements ReferencesCheckResultInfo {
+
+  /** Additional information about the references check. */
+  private NodeList anyOtherInfo;
+  /** The indexes of the failed references. */
+  private int[] failedReferences = new int[0];
+  
+  /**
+   * Sets additional information about the references check.
+   * @param anyOtherInfo Additional information about the references check.
+   */
+  public void setAnyOtherInfo(NodeList anyOtherInfo) {
+    this.anyOtherInfo = anyOtherInfo;
+  }
+  
+  public NodeList getAnyOtherInfo() {
+    return anyOtherInfo;
+  }
+
+  /**
+   * Sets the indexes of the failed references.
+   * 
+   * @param failedReferences The indexes of the failed references.
+   */
+  public void setFailedReferences(int[] failedReferences) {
+    this.failedReferences = failedReferences;
+  }
+
+  public int[] getFailedReferences() {
+    return failedReferences;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
new file mode 100644
index 0000000..ac3d4c9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -0,0 +1,656 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.common.X509IssuerSerial;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * Default implementation of <code>SPSSFactory</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SPSSFactoryImpl extends SPSSFactory {
+
+  public CreateXMLSignatureRequest createCreateXMLSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos) {
+    CreateXMLSignatureRequestImpl createXMLSignatureRequest =
+      new CreateXMLSignatureRequestImpl();
+    createXMLSignatureRequest.setKeyIdentifier(keyIdentifier);
+    createXMLSignatureRequest.setSingleSignatureInfos(singleSignatureInfos);
+    return createXMLSignatureRequest;
+  }
+  
+  public CreateCMSSignatureRequest createCreateCMSSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos) {
+	  CreateCMSSignatureRequestImpl createCMSSignatureRequest =
+		      new CreateCMSSignatureRequestImpl();
+	  createCMSSignatureRequest.setKeyIdentifier(keyIdentifier);
+	  createCMSSignatureRequest.setSingleSignatureInfos(singleSignatureInfos);
+	  return createCMSSignatureRequest;
+	  
+  }
+  
+  public CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements) {
+	  CreateCMSSignatureResponseImpl createCMSSignatureResponse = new CreateCMSSignatureResponseImpl();
+	  createCMSSignatureResponse.setResponseElements(responseElements);
+	  return createCMSSignatureResponse;
+  }
+  
+  
+  public CMSSignatureResponse createCMSSignatureResponse(String base64value) {
+	  CMSSignatureResponseImpl cmsSignatureResponse = new CMSSignatureResponseImpl();
+	  cmsSignatureResponse.setCMSSignature(base64value);
+	  
+	  return cmsSignatureResponse;
+  }
+  
+
+  public SingleSignatureInfo createSingleSignatureInfo(
+    List dataObjectInfos,
+    CreateSignatureInfo createSignatureInfo,
+    boolean securityLayerConform) {
+    SingleSignatureInfoImpl singleSignatureInfo = new SingleSignatureInfoImpl();
+    singleSignatureInfo.setDataObjectInfos(dataObjectInfos);
+    singleSignatureInfo.setCreateSignatureInfo(createSignatureInfo);
+    singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+    return singleSignatureInfo;
+  }
+  
+  public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
+		  at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,		    
+		    boolean securityLayerConform) {
+		    SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl();
+		    singleSignatureInfo.setDataObjectInfo(dataObjectInfo);
+		    singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+		    return singleSignatureInfo;
+		  }
+  
+  public DataObjectInfo createDataObjectInfo(
+    String structure,
+    boolean childOfManifest,
+    Content dataObject,
+    CreateTransformsInfoProfile createTransformsInfoProfile) {
+    DataObjectInfoImpl dataObjectInfo = new DataObjectInfoImpl();
+    dataObjectInfo.setStructure(structure);
+    dataObjectInfo.setChildOfManifest(childOfManifest);
+    dataObjectInfo.setDataObject(dataObject);
+    dataObjectInfo.setCreateTransformsInfoProfile(createTransformsInfoProfile);
+    return dataObjectInfo;
+  }
+  
+  public at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo(
+		    String structure,
+		    CMSDataObject dataObject) {
+		    DataObjectInfoCMSImpl dataObjectInfo = new DataObjectInfoCMSImpl();
+		    dataObjectInfo.setStructure(structure);
+		    dataObjectInfo.setDataObject(dataObject);
+		    return dataObjectInfo;
+		  }
+
+  public CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID) {
+
+    CreateTransformsInfoProfileIDImpl createTransformsInfoProfile =
+      new CreateTransformsInfoProfileIDImpl();
+    createTransformsInfoProfile.setCreateTransformsInfoProfileID(profileID);
+    return createTransformsInfoProfile;
+  }
+
+  public CreateTransformsInfoProfile createCreateTransformsInfoProfile(
+    CreateTransformsInfo transformsInfo,
+    List supplements) {
+    CreateTransformsInfoProfileExplicitImpl createTransformsInfoProfile =
+      new CreateTransformsInfoProfileExplicitImpl();
+    createTransformsInfoProfile.setCreateTransformsInfo(transformsInfo);
+    createTransformsInfoProfile.setSupplements(supplements);
+    return createTransformsInfoProfile;
+  }
+
+  public CreateTransformsInfo createCreateTransformsInfo(
+    List transforms,
+    MetaInfo finalDataMetaInfo) {
+    CreateTransformsInfoImpl createTransformsInfo =
+      new CreateTransformsInfoImpl();
+      
+    createTransformsInfo.setTransforms(transforms);
+    createTransformsInfo.setFinalDataMetaInfo(finalDataMetaInfo);
+    return createTransformsInfo;
+  }
+
+  public CreateSignatureInfo createCreateSignatureInfo(
+    Content createSignatureEnvironment,
+    CreateSignatureEnvironmentProfile createSignatureEnvironmentProfile) {
+    CreateSignatureInfoImpl createSignatureInfo = new CreateSignatureInfoImpl();
+    createSignatureInfo.setCreateSignatureEnvironment(
+      createSignatureEnvironment);
+    createSignatureInfo.setCreateSignatureEnvironmentProfile(
+      createSignatureEnvironmentProfile);
+    return createSignatureInfo;
+  }
+
+  public CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(
+    CreateSignatureLocation createSignatureLocation,
+    List supplements) {
+    CreateSignatureEnvironmentProfileExplicitImpl createSignatureEnvironmentProfile =
+      new CreateSignatureEnvironmentProfileExplicitImpl();
+    createSignatureEnvironmentProfile.setCreateSignatureLocation(
+      createSignatureLocation);
+    createSignatureEnvironmentProfile.setSupplements(supplements);
+    return createSignatureEnvironmentProfile;
+  }
+
+  public CreateSignatureLocation createCreateSignatureLocation(
+    String signatureLocationXPath,
+    int signatureLocationIndex,
+    Map namespaceDeclarations) {
+    CreateSignatureLocationImpl createSignatureLocation =
+      new CreateSignatureLocationImpl();
+    createSignatureLocation.setIndex(signatureLocationIndex);
+    createSignatureLocation.setNamespaceDeclarations(namespaceDeclarations);
+    createSignatureLocation.setXPathExpression(signatureLocationXPath);
+    return createSignatureLocation;
+  }
+
+  public CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(String profileID) {
+    CreateSignatureEnvironmentProfileIDImpl createSignatureEnvironmentProfile =
+      new CreateSignatureEnvironmentProfileIDImpl();
+    createSignatureEnvironmentProfile.setCreateSignatureEnvironmentProfileID(
+      profileID);
+    return createSignatureEnvironmentProfile;
+  }
+
+  public CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements) {
+    CreateXMLSignatureResponseImpl createXMLSignatureResponse =
+      new CreateXMLSignatureResponseImpl();
+    createXMLSignatureResponse.setResponseElements(responseElements);
+    return createXMLSignatureResponse;
+  }
+
+  public SignatureEnvironmentResponse createSignatureEnvironmentResponse(Element signatureEnvironment) {
+    SignatureEnvironmentResponseImpl signatureEnvironmentResponse =
+      new SignatureEnvironmentResponseImpl();
+    signatureEnvironmentResponse.setSignatureEnvironment(signatureEnvironment);
+    return signatureEnvironmentResponse;
+  }
+
+  public ErrorResponse createErrorResponse(int code, String info) {
+    ErrorResponseImpl errorResponse = new ErrorResponseImpl();
+    errorResponse.setErrorCode(code);
+    errorResponse.setInfo(info);
+    return errorResponse;
+  }
+
+  public VerifyCMSSignatureRequest createVerifyCMSSignatureRequest(
+    int[] signatories,
+    Date dateTime,
+    InputStream cmsSignature,
+    CMSDataObject dataObject,
+    String trustProfileID) {
+    VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest =
+      new VerifyCMSSignatureRequestImpl();
+    verifyCMSSignatureRequest.setDateTime(dateTime);
+    verifyCMSSignatureRequest.setCMSSignature(cmsSignature);
+    verifyCMSSignatureRequest.setDataObject(dataObject);
+    verifyCMSSignatureRequest.setTrustProfileId(trustProfileID);
+    verifyCMSSignatureRequest.setSignatories(signatories);
+    return verifyCMSSignatureRequest;
+  }
+
+  public CMSDataObject createCMSDataObject(
+    MetaInfo metaInfo,
+    CMSContent content,
+    BigDecimal excludeByteRangeFrom,
+    BigDecimal excludeByteRangeTo) {
+      
+    CMSDataObjectImpl cmsDataObject = new CMSDataObjectImpl();
+    cmsDataObject.setMetaInfo(metaInfo);
+    cmsDataObject.setContent(content);
+    cmsDataObject.setExcludeByteRangeFrom(excludeByteRangeFrom);
+    cmsDataObject.setExcludeByteRangeTo(excludeByteRangeTo);
+    
+    return cmsDataObject;
+  }
+  
+  public CMSContent createCMSContent(InputStream binaryContent) {
+    CMSContentExplicitImpl cmsContent = new CMSContentExplicitImpl();
+    
+    cmsContent.setBinaryContent(binaryContent);
+    return cmsContent;
+  }
+
+  public CMSContent createCMSContent(String referenceURI) {
+    CMSContentReferenceImpl cmsContent = new CMSContentReferenceImpl();
+    
+    cmsContent.setReference(referenceURI);
+    return cmsContent;
+  }  
+  
+
+  public CMSDataObject createCMSDataObject(
+    MetaInfo metaInfo,
+    String referenceURI) {
+    CMSDataObjectImpl cmsDataObject = new CMSDataObjectImpl();
+    CMSContentReferenceImpl cmsContent = new CMSContentReferenceImpl();
+    cmsDataObject.setMetaInfo(metaInfo);
+    cmsContent.setReference(referenceURI);
+    return cmsDataObject;
+  }
+
+  public VerifyCMSSignatureResponse createVerifyCMSSignatureResponse(List responseElements) {
+    VerifyCMSSinatureResponseImpl verifyCMSSignatureResponse =
+      new VerifyCMSSinatureResponseImpl();
+    verifyCMSSignatureResponse.setResponseElements(responseElements);
+    return verifyCMSSignatureResponse;
+  }
+
+  public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
+    SignerInfo signerInfo,
+    CheckResult signatureCheck,
+    CheckResult certificateCheck) {
+    VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement =
+      new VerifyCMSSignatureResponseElementImpl();
+    verifyCMSSignatureResponseElement.setSignerInfo(signerInfo);
+    verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck);
+    verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck);
+    
+    return verifyCMSSignatureResponseElement;
+  }
+
+  public VerifyXMLSignatureRequest createVerifyXMLSignatureRequest(
+    Date dateTime,
+    VerifySignatureInfo verifySignatureInfo,
+    List supplementProfiles,
+    SignatureManifestCheckParams signatureManifestParams,
+    boolean returnHashInputData,
+    String trustProfileID) {
+    VerifyXMLSignatureRequestImpl verifyXMLSignatureRequest =
+      new VerifyXMLSignatureRequestImpl();
+    verifyXMLSignatureRequest.setDateTime(dateTime);
+    verifyXMLSignatureRequest.setSignatureInfo(verifySignatureInfo);
+    verifyXMLSignatureRequest.setSupplementProfiles(supplementProfiles);
+    verifyXMLSignatureRequest.setSignatureManifestCheckParams(
+      signatureManifestParams);
+    verifyXMLSignatureRequest.setReturnHashInputData(returnHashInputData);
+    verifyXMLSignatureRequest.setTrustProfileId(trustProfileID);
+    return verifyXMLSignatureRequest;
+  }
+
+  public VerifySignatureInfo createVerifySignatureInfo(
+    Content verifySignatureEnvironment,
+    VerifySignatureLocation verifySignatureLocation) {
+    VerifySignatureInfoImpl verifySignatureInfo = new VerifySignatureInfoImpl();
+    verifySignatureInfo.setVerifySignatureEnvironment(
+      verifySignatureEnvironment);
+    verifySignatureInfo.setVerifySignatureLocation(verifySignatureLocation);
+    return verifySignatureInfo;
+  }
+
+  public VerifySignatureLocation createVerifySignatureLocation(
+    String xPathExpression,
+    Map namespaceDeclarations) {
+    VerifySignatureLocationImpl verifySignatureLocation =
+      new VerifySignatureLocationImpl();
+    verifySignatureLocation.setXPathExpression(xPathExpression);
+    verifySignatureLocation.setNamespaceDeclarations(namespaceDeclarations);
+    return verifySignatureLocation;
+  }
+
+  public SupplementProfile createSupplementProfile(String profileID) {
+    SupplementProfileIDImpl supplementProfileID = new SupplementProfileIDImpl();
+    supplementProfileID.setSupplementProfileID(profileID);
+    return supplementProfileID;
+  }
+
+  public SupplementProfile createSupplementProfile(XMLDataObjectAssociation supplementProfile) {
+    SupplementProfileExplicitImpl supplementProfileExplicit =
+      new SupplementProfileExplicitImpl();
+    supplementProfileExplicit.setSupplementProfile(supplementProfile);
+    return supplementProfileExplicit;
+  }
+
+  public SignatureManifestCheckParams createSignatureManifestCheckParams(
+    List referenceInfos,
+    boolean returnReferenceInputData) {
+    SignatureManifestCheckParamsImpl signatureManifestCheckParams =
+      new SignatureManifestCheckParamsImpl();
+    signatureManifestCheckParams.setReferenceInfos(referenceInfos);
+    signatureManifestCheckParams.setReturnReferenceInputData(
+      returnReferenceInputData);
+    return signatureManifestCheckParams;
+  }
+
+  public ReferenceInfo createReferenceInfo(List verifyTransformsInfoProfiles) {
+    ReferenceInfoImpl referenceInfo = new ReferenceInfoImpl();
+    referenceInfo.setVerifyTransformsInfoProfiles(verifyTransformsInfoProfiles);
+    return referenceInfo;
+  }
+
+  public VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(
+    List transforms,
+    List transformParameters) {
+    VerifyTransformsInfoProfileExplicitImpl verifyTransformsInfoProfile =
+      new VerifyTransformsInfoProfileExplicitImpl();
+    
+    verifyTransformsInfoProfile.setTransforms(transforms);
+    verifyTransformsInfoProfile.setTransformParameters(transformParameters);
+    
+    return verifyTransformsInfoProfile;
+  }
+
+  public VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(String profileID) {
+    VerifyTransformsInfoProfileIDImpl verifyTransformsInfoProfile =
+      new VerifyTransformsInfoProfileIDImpl();
+    verifyTransformsInfoProfile.setVerifyTransformsInfoProfileID(profileID);
+    return verifyTransformsInfoProfile;
+  }
+
+
+  public TransformParameter createTransformParameter(String URI, String digestMethod, byte[] digestValue) {
+    TransformPatameterHashImpl transformParameter =
+      new TransformPatameterHashImpl();
+    transformParameter.setURI(URI);
+    transformParameter.setDigestMethod(digestMethod);
+    transformParameter.setDigestValue(digestValue);
+    return transformParameter;
+  }
+
+  public TransformParameter createTransformParameter(
+    String URI,
+    InputStream binaryData) {
+    TransformParameterBinaryImpl transformParameter =
+      new TransformParameterBinaryImpl();
+    transformParameter.setURI(URI);
+    transformParameter.setBinaryContent(binaryData);
+    return transformParameter;
+  }
+
+  public TransformParameter createTransformParameter(String URI) {
+    TransformParameterURIImpl transformParameter =
+      new TransformParameterURIImpl();
+    transformParameter.setURI(URI);
+    return transformParameter;
+  }
+
+  public VerifyXMLSignatureResponse createVerifyXMLSignatureResponse(
+    SignerInfo signerInfo,
+    List hashInputDatas,
+    List referenceInputDatas,
+    ReferencesCheckResult signatureCheck,
+    ReferencesCheckResult signatureManifestCheck,
+    List xmlDsigManifestChecks,
+    CheckResult certificateCheck) {
+    VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse =
+      new VerifyXMLSignatureResponseImpl();
+    verifyXMLSignatureResponse.setSignerInfo(signerInfo);
+    verifyXMLSignatureResponse.setHashInputDatas(hashInputDatas);
+    verifyXMLSignatureResponse.setReferenceInputDatas(referenceInputDatas);
+    verifyXMLSignatureResponse.setSignatureCheck(signatureCheck);
+    verifyXMLSignatureResponse.setSignatureManifestCheck(
+      signatureManifestCheck);
+    verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks);
+    verifyXMLSignatureResponse.setCertificateCheck(certificateCheck);
+    
+    return verifyXMLSignatureResponse;
+  }
+
+  public ReferencesCheckResult createReferencesCheckResult(
+    int code,
+    ReferencesCheckResultInfo info) {
+    ReferencesCheckResultImpl referencesCheckResult =
+      new ReferencesCheckResultImpl();
+    referencesCheckResult.setCode(code);
+    referencesCheckResult.setInfo(info);
+    return referencesCheckResult;
+  }
+
+  public ReferencesCheckResultInfo createReferencesCheckResultInfo(
+    NodeList anyOtherInfo,
+    int[] failedReferences) {
+    ReferencesCheckResultInfoImpl referencesCheckResultInfo =
+      new ReferencesCheckResultInfoImpl();
+    referencesCheckResultInfo.setAnyOtherInfo(anyOtherInfo);
+    referencesCheckResultInfo.setFailedReferences(failedReferences);
+    return referencesCheckResultInfo;
+  }
+
+  public ManifestRefsCheckResult createManifestRefsCheckResult(
+    int code,
+    ManifestRefsCheckResultInfo info) {
+    ManifestRefsCheckResultImpl manifestRefsCheckResult =
+      new ManifestRefsCheckResultImpl();
+    manifestRefsCheckResult.setCode(code);
+    manifestRefsCheckResult.setInfo(info);
+    return manifestRefsCheckResult;
+  }
+  
+  public ManifestRefsCheckResultInfo createManifestRefsCheckResultInfo(
+    NodeList anyOtherInfo,
+    int[] failedReferences,
+    int referringSigReference) {
+    ManifestRefsCheckResultInfoImpl manifestRefsCheckResultInfo =
+      new ManifestRefsCheckResultInfoImpl();
+    manifestRefsCheckResultInfo.setAnyOtherInfo(anyOtherInfo);
+    manifestRefsCheckResultInfo.setReferringSignatureReference(
+      referringSigReference);
+    manifestRefsCheckResultInfo.setFailedReferences(failedReferences);
+    return manifestRefsCheckResultInfo;
+  }
+
+  public Content createContent(InputStream binaryData, String referenceURI) {
+    ContentBinaryImpl content = new ContentBinaryImpl();
+    content.setBinaryContent(binaryData);
+    content.setReference(referenceURI);
+    return content;
+  }
+
+  public Content createContent(String locationReferenceURI, String referenceURI) {
+    ContentLocRefImpl content = new ContentLocRefImpl();
+    content.setLocationReferenceURI(locationReferenceURI);
+    content.setReference(referenceURI);
+    return content;
+  }
+
+  public Content createContent(String referenceURI) {
+    ContentReferenceImpl content = new ContentReferenceImpl();
+    content.setReference(referenceURI);
+    return content;
+  }
+
+  public Content createContent(NodeList xmlData, String referenceURI) {
+    ContentXMLImpl content = new ContentXMLImpl();
+    content.setXMLContent(xmlData);
+    content.setReference(referenceURI);
+    return content;
+  }
+  
+  public XMLDataObjectAssociation createXMLDataObjectAssociation(
+    MetaInfo metaInfo,
+    Content xmlContent) {
+    XMLDataObjectAssociationImpl xmlDataObjectAssociation =
+      new XMLDataObjectAssociationImpl();
+    xmlDataObjectAssociation.setMetaInfo(metaInfo);
+    xmlDataObjectAssociation.setContent(xmlContent);
+    return xmlDataObjectAssociation;
+  }
+
+  public MetaInfo createMetaInfo(
+    String mimeType,
+    String description,
+    NodeList otherInfo,
+    String type) {
+    MetaInfoImpl metaInfo = new MetaInfoImpl();
+    metaInfo.setMimeType(mimeType);
+    metaInfo.setDescription(description);
+    metaInfo.setAnyElements(otherInfo);
+    metaInfo.setType(type);
+    return metaInfo;
+  }
+
+  public Transform createCanonicalizationTransform(String algorithmURI) {
+    CanonicalizationTransformImpl transform = new CanonicalizationTransformImpl(algorithmURI);
+    return transform;
+  }
+  
+  public Transform createExclusiveCanonicalizationTransform(String algorithmURI, List inclusiveNamespacePrefixes) {
+    ExclusiveCanonicalizationTransformImpl transform = new ExclusiveCanonicalizationTransformImpl(algorithmURI);
+    transform.setInclusiveNamespacePrefixes(inclusiveNamespacePrefixes);
+    return transform;
+  }
+  
+  public Transform createBase64Transform() {
+    Base64TransformImpl transform = new Base64TransformImpl();
+    return transform;
+  }
+
+  public Transform createEnvelopedSignatureTransform() {
+    EnvelopedSignatureTransformImpl transform =
+      new EnvelopedSignatureTransformImpl();
+    return transform;
+  }
+
+  public Transform createXSLTTransform(Element styleSheet) {
+    XSLTransformImpl transform = new XSLTransformImpl();
+    transform.setStylesheet(styleSheet);
+    return transform;
+  }
+
+  public Transform createXPathTransform(
+    String xPathExpression,
+    Map namespaceDeclarations) {
+    XPathTransformImpl transform = new XPathTransformImpl();
+    transform.setXPathExpression(xPathExpression);
+    transform.setNamespaceDelcarations(namespaceDeclarations);
+    return transform;
+  }
+
+  public Transform createXPathFilter2Transform(List xPathFilters) {
+    XPathFilter2TransformImpl transform = new XPathFilter2TransformImpl();
+    transform.setFilters(xPathFilters);
+    return transform;
+  }
+
+  public XPathFilter createXPathFilter(
+    String filterType,
+    String xPathExpression,
+    Map namespaceDeclarations) {
+    XPathFilterImpl xPathFilter = new XPathFilterImpl();
+    xPathFilter.setFilterType(filterType);
+    xPathFilter.setXPathExpression(xPathExpression);
+    xPathFilter.setNamespaceDelcarations(namespaceDeclarations);
+    return xPathFilter;
+  }
+
+  public CheckResult createCheckResult(int code, NodeList info) {
+    CheckResultImpl checkResult = new CheckResultImpl();
+    checkResult.setCode(code);
+    checkResult.setInfo(info);
+    return checkResult;
+  }
+  
+
+  public SignerInfo createSignerInfo(
+    X509Certificate signerCertificate,
+    boolean qualifiedCertificate,
+    boolean qcSourceTSL,
+    boolean publicAuthority,
+    String publicAuthorityID, 
+    boolean sscd,
+    boolean sscdSourceTSL,
+    String issuerCountryCode) {
+    SignerInfoImpl signerInfo = new SignerInfoImpl();
+    signerInfo.setSignerCertificate(signerCertificate);
+    signerInfo.setQualifiedCertificate(qualifiedCertificate);
+    signerInfo.setQCSourceTSL(qcSourceTSL);
+    signerInfo.setPublicAuthority(publicAuthority);
+    signerInfo.setPublicAuhtorityID(publicAuthorityID);
+    signerInfo.setSSCD(sscd);
+    signerInfo.setSSCDSourceTSL(sscdSourceTSL);
+    signerInfo.setIssuerCountryCode(issuerCountryCode);
+    return signerInfo;
+  }
+
+  public X509IssuerSerial createX509IssuerSerial(
+    String issuerName,
+    BigInteger serialNumber) {
+    X509IssuerSerialImpl x509IssuerSerial = new X509IssuerSerialImpl();
+    x509IssuerSerial.setX509IssuerName(issuerName);
+    x509IssuerSerial.setX509SerialNumber(serialNumber);
+    return x509IssuerSerial;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureEnvironmentResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureEnvironmentResponseImpl.java
new file mode 100644
index 0000000..4b50d89
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureEnvironmentResponseImpl.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+
+/**
+ * Default implementation of <code>SignatureEnvironmentResponse</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SignatureEnvironmentResponseImpl
+  implements SignatureEnvironmentResponse {
+
+  /** The signature environment containing the XML signature. */
+  private Element signatureEnvironment;
+
+  /** 
+   * Sets the XML structure which contains the signature.
+   * 
+   * @param signatureEnvironment A general XML structure containing the signature.
+   */
+  public void setSignatureEnvironment(Element signatureEnvironment) {
+    this.signatureEnvironment = signatureEnvironment;
+  }
+
+  public Element getSignatureEnvironment() {
+    return signatureEnvironment;
+  }
+
+  /**
+   * Gets the type of <code>CreateXMLSignatureResponseElement</code>.
+   * 
+   * @return SIGNATURE_ENVIRONMENT_RESPONSE
+   */
+  public int getResponseType() {
+    return SIGNATURE_ENVIRONMENT_RESPONSE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureManifestCheckParamsImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureManifestCheckParamsImpl.java
new file mode 100644
index 0000000..40e87e7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureManifestCheckParamsImpl.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+
+/**
+ * Default implementation of <code>SignatureManifestCheckParams</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SignatureManifestCheckParamsImpl
+  implements SignatureManifestCheckParams {
+
+  /** Referential information. */
+  private List referenceInfos;
+  /** Whether to return the signature source data. */
+  private boolean returnReferenceInputData = true;
+
+  /**
+   * Sets the referantial information.
+   * 
+   * @param referenceInfos The referential information.
+   */
+  public void setReferenceInfos(List referenceInfos) {
+    this.referenceInfos =
+      referenceInfos != null
+        ? Collections.unmodifiableList(new ArrayList(referenceInfos))
+        : null;
+  }
+
+  public List getReferenceInfos() {
+    return referenceInfos;
+  }
+  
+  /**
+   * Sets whether to return signature source data.
+   * 
+   * @param returnReferenceInputData Whether to return signature source data.
+   */
+  public void setReturnReferenceInputData(boolean returnReferenceInputData) {
+    this.returnReferenceInputData = returnReferenceInputData;
+  }
+
+  public boolean getReturnReferenceInputData() {
+    return returnReferenceInputData;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
new file mode 100644
index 0000000..7a108e8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.security.cert.X509Certificate;
+
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Default implementation of <code>SignerInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SignerInfoImpl implements SignerInfo {
+
+  /** The signer certificate. */
+  private X509Certificate signerCertificate;
+  /** Determines, whether <code>signerCertificate</code> is a qualified 
+   * certificate. */
+  private boolean qualifiedCertificate;
+  /** Determines, whether <code>signerCertificate</code> is from a public
+   * authority. */
+  private boolean publicAuthority;
+  /** The public authority ID of the <code>signerCertificate</code>. */
+  private String publicAuthorityID;
+
+  /** Determines, whether the signature is based on an SSCD */
+  private boolean sscd;
+  
+  /** Determines, if the SSCD check bases upon on TSL */
+  private boolean sscdSourceTSL;
+  
+  /** Determines, if the QC check bases upon on TSL */
+  private boolean qcSourceTSL;
+  
+  /** The certificate issuer country code */
+  private String issuerCountryCode;
+  
+  /**
+  * Sets the signer certificate.
+  * 
+  * @param signerCertificate The signer certificate.
+  */
+  public void setSignerCertificate(X509Certificate signerCertificate) {
+    this.signerCertificate = signerCertificate;
+  }
+
+  public X509Certificate getSignerCertificate() {
+    return signerCertificate;
+  }
+
+  /**
+   * Sets, whether the certificate contained in this object is qualified or not.
+   * 
+   * @param qualifiedCertificate Is <code>true</code>, if the certificate is 
+   * qualified, otherwise <code>false</code>.
+   */
+  public void setQualifiedCertificate(boolean qualifiedCertificate) {
+    this.qualifiedCertificate = qualifiedCertificate;
+  }
+
+  public boolean isQualifiedCertificate() {
+    return qualifiedCertificate;
+  }
+
+  /**
+   * Sets, whether the signature is based on an SSCS or not.
+   * 
+   * @param sscd Is <code>true</code>, if the signature is 
+   * based on an SSCD, otherwise <code>false</code>.
+   */
+  public void setSSCD(boolean sscd) {
+    this.sscd = sscd;
+  }
+  public boolean isSSCD() {
+	    return sscd;
+  }
+  
+  public void setSSCDSourceTSL(boolean sscdSourceTSL) {
+	  this.sscdSourceTSL = sscdSourceTSL;
+  }
+  
+  public String getSSCDSource() {
+	  if (sscdSourceTSL)
+		  return "TSL";
+	  else
+		  return "Certificate";
+  }
+  
+  public void setQCSourceTSL(boolean qcSourceTSL) {
+	  this.qcSourceTSL = qcSourceTSL;
+  }
+  
+  public String getQCSource() {
+	  if (qcSourceTSL)
+		  return "TSL";
+	  else
+		  return "Certificate";
+  }
+  
+  public void setIssuerCountryCode(String issuerCountryCode) {
+	    this.issuerCountryCode = issuerCountryCode;
+  }
+	  public String getIssuerCountryCode() {
+		    return issuerCountryCode;
+	  }
+	  
+  /**
+   * Sets, whether the certificate contained in this object is an 
+   * e-government certificate or not.
+   * 
+   * @param publicAuthority Is <code>true</code>, if the certificate is 
+   * public authority certificate, otherwise <code>false</code>.
+   */
+  public void setPublicAuthority(boolean publicAuthority) {
+    this.publicAuthority = publicAuthority;
+  }
+
+  public boolean isPublicAuthority() {
+    return publicAuthority;
+  }
+
+  /**
+   * Sets the public authority ID of the signer certificate.
+   * 
+   * @param publicAuhtorityID The public authority ID of the signer certificate.
+   */
+  public void setPublicAuhtorityID(String publicAuhtorityID) {
+    this.publicAuthorityID = publicAuhtorityID;
+  }
+
+  public String getPublicAuhtorityID() {
+    return publicAuthorityID;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
new file mode 100644
index 0000000..cb36515
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+
+/**
+ * @version $Id$
+ */
+public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
+
+  private DataObjectInfo dataObjectInfo = null;
+
+
+  private boolean securityLayerConform = true;
+
+  public void setDataObjectInfo(DataObjectInfo dataObjectInfo) {
+    this.dataObjectInfo = dataObjectInfo;
+  }
+
+  public DataObjectInfo getDataObjectInfo() {
+    return dataObjectInfo;
+  }
+
+
+
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoImpl.java
new file mode 100644
index 0000000..3d43068
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoImpl.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+
+/**
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SingleSignatureInfoImpl implements SingleSignatureInfo {
+
+  private List dataObjectInfos = new ArrayList();
+
+  private CreateSignatureInfo createSignatureInfo;
+
+  private boolean securityLayerConform = true;
+
+  public void setDataObjectInfos(List dataObjectInfos) {
+    this.dataObjectInfos =
+      dataObjectInfos != null
+        ? Collections.unmodifiableList(new ArrayList(dataObjectInfos))
+        : null;
+  }
+
+  public List getDataObjectInfos() {
+    return dataObjectInfos;
+  }
+
+  public void setCreateSignatureInfo(CreateSignatureInfo createSignatureInfo) {
+    this.createSignatureInfo = createSignatureInfo;
+  }
+
+  public CreateSignatureInfo getCreateSignatureInfo() {
+    return createSignatureInfo;
+  }
+
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileExplicitImpl.java
new file mode 100644
index 0000000..7f80388
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileExplicitImpl.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit;
+
+/**
+ * Default implementation of <code>SupplementProfileExplicit</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SupplementProfileExplicitImpl implements SupplementProfileExplicit {
+
+  /** Supplemental information for verifying a signature. */
+  private XMLDataObjectAssociation supplement;
+
+  /**
+   * Sets the supplemental information for verifying a signature.
+   * 
+   * @param supplement The supplemental information for verifying a signature.
+   */
+  public void setSupplementProfile(XMLDataObjectAssociation supplement) {
+    this.supplement = supplement;
+  }
+  
+  public XMLDataObjectAssociation getSupplementProfile() {
+    return supplement;
+  }
+
+  /**
+   * Gets the type of <code>SupplementProfile</code>.
+   * 
+   * @return EXPLICIT_SUPPLEMENTPROFILE
+   */
+  public int getSupplementProfileType() {
+    return EXPLICIT_SUPPLEMENTPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileIDImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileIDImpl.java
new file mode 100644
index 0000000..e73ce60
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileIDImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileID;
+
+/**
+ * Default implementation of <code>SupplementProfileID</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SupplementProfileIDImpl implements SupplementProfileID {
+  /** The profile ID. */
+  private String profileID;
+  
+  /**
+   * Sets the <code>SupplementProfile</code> profile ID.
+   * 
+   * @param profileID The profile ID.
+   */
+  public void setSupplementProfileID(String profileID) {
+    this.profileID = profileID;
+  }
+
+  public String getSupplementProfileID() {
+    return profileID;
+  }
+
+  /**
+   * Gets the type of <code>SupplementProfile</code>.
+   * 
+   * @return ID_SUPPLEMENTPROFILE
+   */
+  public int getSupplementProfileType() {
+    return ID_SUPPLEMENTPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
new file mode 100644
index 0000000..4d69ed7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
@@ -0,0 +1,100 @@
+/*

+ * Copyright 2003 Federal Chancellery Austria

+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal

+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.

+ *

+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by

+ * the European Commission - subsequent versions of the EUPL (the "Licence");

+ * You may not use this work except in compliance with the Licence.

+ * You may obtain a copy of the Licence at:

+ * http://www.osor.eu/eupl/

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the Licence is distributed on an "AS IS" basis,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the Licence for the specific language governing permissions and

+ * limitations under the Licence.

+ *

+ * This product combines work with different licenses. See the "NOTICE" text

+ * file for details on the various modules and licenses.

+ * The "NOTICE" text file is part of the distribution. Any derivative works

+ * that you distribute must include a readable copy of the "NOTICE" text file.

+ */

+

+

+package at.gv.egovernment.moa.spss.api.impl;

+

+import iaik.xml.crypto.utils.URI;

+

+import java.util.Date;

+

+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;

+

+/**

+ * Default implementation of <code>TSLConfiguration</code>.

+ * 

+ * @author kstranacher

+ */

+public class TSLConfigurationImpl implements TSLConfiguration {

+

+	

+	

+	/** The EU TSL URL. */

+	private String euTSLUrl;

+

+	/** update period in milliseconds */

+	private long updateSchedulePeriod;

+  

+	/** Time of the first update */

+	private Date updateScheduleStartTime;

+  

+	/** Working directory */

+	private String workingDirectory;

+	

+	/** Working directory */

+	private URI workingDirectoryAsURI;

+  

+  public String getEuTSLUrl() {

+	  return this.euTSLUrl;

+  }

+

+  public long getUpdateSchedulePeriod() {

+	  return this.updateSchedulePeriod;

+  }

+

+  public Date getUpdateScheduleStartTime() {

+	  return this.updateScheduleStartTime;

+  }

+

+  public String getWorkingDirectory() {

+	  return this.workingDirectory;

+  }

+  

+  public URI getWorkingDirectoryAsURI() {

+	  return this.workingDirectoryAsURI;

+  }

+

+	public void setEuTSLUrl(String euTSLUrl) {

+		this.euTSLUrl = euTSLUrl;

+	}

+	

+	public void setUpdateSchedulePeriod(long updateSchedulePeriod) {

+		this.updateSchedulePeriod = updateSchedulePeriod;

+	}

+	

+	public void setUpdateScheduleStartTime(Date updateScheduleStartTime) {

+		this.updateScheduleStartTime = updateScheduleStartTime;

+	}

+	

+	public void setWorkingDirectory(String workingDirectory) {

+		this.workingDirectory = workingDirectory;

+	}

+	

+	public void setWorkingDirectoryURI(URI workingDirectoryAsURI) {

+		this.workingDirectoryAsURI = workingDirectoryAsURI;

+	}

+

+  

+ 

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformImpl.java
new file mode 100644
index 0000000..37a05f9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformImpl.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Transform;
+
+/**
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class TransformImpl implements Transform {
+  /** The URI identifying the transformation algorithm. */
+  private String algorithmURI;
+
+  /**
+   * Sets the URI identifying the transformation algorithm.
+   * 
+   * @param algorithmURI The URI identifying the transformation algorithm.
+   */
+  public void setAlgorithmURI(String algorithmURI) {
+    this.algorithmURI = algorithmURI;
+  }
+
+  public String getAlgorithmURI() {
+    return algorithmURI;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterBinaryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterBinaryImpl.java
new file mode 100644
index 0000000..691f3a9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterBinaryImpl.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterBinary;
+
+/**
+ * Default implementation of <code>TransformParameterBinary</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class TransformParameterBinaryImpl
+  extends TransformParameterImpl
+  implements TransformParameterBinary {
+    
+  /** The binary content as a stream. */
+  private InputStream binaryContent;
+
+  /**
+   * Sets the binary content as a stream.
+   * 
+   * @param binaryContent The binary content as a stream.
+   */
+  public void setBinaryContent(InputStream binaryContent) {
+    this.binaryContent = binaryContent;
+  }
+
+  public InputStream getBinaryContent() {
+    return binaryContent;
+  }
+
+  /**
+   * Gets the <code>TransformParameter</code> type.
+   * 
+   * @return BINARY_TRANSFORMPARAMETER
+   */
+  public int getTransformParameterType() {
+    return BINARY_TRANSFORMPARAMETER;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterImpl.java
new file mode 100644
index 0000000..1399c6e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterImpl.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+/**
+ * Default base implementation of <code>TransformParameter</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class TransformParameterImpl {
+  /** An URI identifying the <code>TransformParameter</code>. */
+  private String uri;
+
+  /**
+   * Sets the URI identifying the <code>TransformParameter</code>.
+   * @param uri The URI identifying the <code>TransformParameter</code>.
+   */
+  public void setURI(String uri) {
+    this.uri = uri;
+  }
+
+  public String getURI() {
+    return uri;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterURIImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterURIImpl.java
new file mode 100644
index 0000000..77810be
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterURIImpl.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterURI;
+
+/**
+ * Default implementation of <code>TransformParameterURI</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class TransformParameterURIImpl
+  extends TransformParameterImpl
+  implements TransformParameterURI {
+
+  /**
+   * Gets the type of <code>TransformParameter</code>.
+   * 
+   * @return URI_TRANSFORMPARAMETER
+   */
+  public int getTransformParameterType() {
+    return URI_TRANSFORMPARAMETER;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformPatameterHashImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformPatameterHashImpl.java
new file mode 100644
index 0000000..7fcd72c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformPatameterHashImpl.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterHash;
+
+/**
+ * Default implementation of <code>TransformParameterHash</code>
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class TransformPatameterHashImpl
+  extends TransformParameterImpl
+  implements TransformParameterHash {
+
+  /** The method used to calculate the digest value. */
+  private String digestMethod;
+  /** The digest value. */
+  private byte[] digestValue;
+
+  /**
+   * Sets method used to calculate the digest value.
+   * @param digestMethod The method used to calculate the digest value.
+   */
+  public void setDigestMethod(String digestMethod) {
+    this.digestMethod = digestMethod;
+  }
+
+  public String getDigestMethod() {
+    return digestMethod;
+  }
+
+  /**
+   * Sets the digest value.
+   * 
+   * @param digestValue The digest value.
+   */
+  public void setDigestValue(byte[] digestValue) {
+    this.digestValue = digestValue;
+  }
+  
+  public byte[] getDigestValue() {
+    return digestValue;
+  }
+
+  /**
+   * Gets the type of <code>TransformParameter</code>.
+   * 
+   * @return HASH_TRANSFORMPARAMETER
+   */
+  public int getTransformParameterType() {
+    return HASH_TRANSFORMPARAMETER;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java
new file mode 100644
index 0000000..c759f5f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+import java.util.Date;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+
+/**
+ * Default implementation of <code>VerifyCMSSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyCMSSignatureRequestImpl
+  implements VerifyCMSSignatureRequest {
+
+  /** The indexes of the signatories whose signature should be verified. */
+  private int[] signatories;
+  /** The profile ID of trusted certificates. */
+  private String trustProfileId;
+  /** The data object necessary for signature verification. */
+  private CMSDataObject dataObject;
+  /** The CMS signature to verify. */
+  private InputStream cmsSignature;
+  /** The date for which to verify the signature. */
+  private Date dateTime;
+
+  /**
+   * Sets the indexes of the signatories whose signature should be verified.
+   * 
+   * @param signatories The indexes of the signatories whose signature should be 
+   * verified.
+   */
+  public void setSignatories(int[] signatories) {
+    this.signatories = signatories;
+  }
+
+  public int[] getSignatories() {
+    return signatories;
+  }
+
+  /**
+   * Sets the date for which to verify the signature.
+   * 
+   * @param dateTime The date for which to verify the signature.
+   */
+  public void setDateTime(Date dateTime) {
+    this.dateTime = dateTime;
+  }
+
+  public Date getDateTime() {
+    return dateTime;
+  }
+
+  /**
+   * Sets the CMS signature to verify.
+   * @param signature The CMS signature to verify.
+   */
+  public void setCMSSignature(InputStream signature) {
+    this.cmsSignature = signature;
+
+  }
+
+  public InputStream getCMSSignature() {
+    return cmsSignature;
+  }
+
+  /**
+   * Sets the data object necessary for signature verification.
+   * @param dataObject The data object necessary for signature verification.
+   */
+  public void setDataObject(CMSDataObject dataObject) {
+    this.dataObject = dataObject;
+  }
+
+  public CMSDataObject getDataObject() {
+    return dataObject;
+  }
+
+  /**
+   * Sets the profile ID of trusted certificates.
+   * @param trustProfileId The profile ID of trusted certificates.
+   */
+  public void setTrustProfileId(String trustProfileId) {
+    this.trustProfileId = trustProfileId;
+  }
+
+  public String getTrustProfileId() {
+    return trustProfileId;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
new file mode 100644
index 0000000..f258b3b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Default implementation of <code>VerifyCMSSignatureResponseElement</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyCMSSignatureResponseElementImpl
+  implements VerifyCMSSignatureResponseElement {
+
+  /** Information about the signer certificate. */
+  private SignerInfo signerInfo;
+  /** Information about the signature check. */
+  private CheckResult signatureCheck;
+  /** Information about the certificate check. */
+  private CheckResult certificateCheck;
+  
+  /**
+   * Sets a SignerInfo element according to CMS.
+   * 
+   * @param signerInfo The SignerInfo element according to CMS.
+   */
+  public void setSignerInfo(SignerInfo signerInfo) {
+    this.signerInfo = signerInfo;
+  }
+
+  public SignerInfo getSignerInfo() {
+    return signerInfo;
+  }
+
+  /**
+   * Sets a result of the signature verification.
+   * 
+   * @param signatureCheck The result of the signature verification.
+   */
+  public void setSignatureCheck(CheckResult signatureCheck) {
+    this.signatureCheck = signatureCheck;
+  }
+
+  public CheckResult getSignatureCheck() {
+    return signatureCheck;
+  }
+
+  /**
+   * Sets a result of the certificate verification.
+   * 
+   * @param certificateCheck The result of the certificate verification.
+   */
+  public void setCertificateCheck(CheckResult certificateCheck) {
+    this.certificateCheck = certificateCheck;
+  }
+
+  public CheckResult getCertificateCheck() {
+    return certificateCheck;
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSinatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSinatureResponseImpl.java
new file mode 100644
index 0000000..44fb474
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSinatureResponseImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+
+/**
+ * Default implementation of <code>VerifyCMSSignatureResponse</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyCMSSinatureResponseImpl
+  implements VerifyCMSSignatureResponse {
+
+  /** The elements contained in the response. */
+  private List responseElements;
+
+  /**
+   * Sets the elements contained in the response.
+   * 
+   * @param responseElements The elements contained in the response.
+   */
+  public void setResponseElements(List responseElements) {
+    this.responseElements =
+      responseElements != null
+        ? Collections.unmodifiableList(new ArrayList(responseElements))
+        : null;
+  }
+
+  public List getResponseElements() {
+    return responseElements;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureInfoImpl.java
new file mode 100644
index 0000000..d022ae4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureInfoImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+
+/**
+ * Default implementation of <code>VerifySignatureInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifySignatureInfoImpl implements VerifySignatureInfo {
+  /** The location of the signature to be verified. */
+  private VerifySignatureLocation verifySignatureLocation;
+  /** The environment containing the signature to be verified. */
+  private Content verifySignatureEnvironment;
+
+  /**
+   * Sets the location of the signature to be verified.
+   * 
+   * @param verifySignatureLocation The location of the signature to be 
+   * verified.
+   */
+  public void setVerifySignatureLocation(VerifySignatureLocation verifySignatureLocation) {
+    this.verifySignatureLocation = verifySignatureLocation;
+  }
+
+  public VerifySignatureLocation getVerifySignatureLocation() {
+    return verifySignatureLocation;
+  }
+
+  /**
+   * Sets the signature environment containing the signature to be verified.
+   * 
+   * @param verifySignatureEnvironment The signature environment containing the 
+   * signature to be verified.
+   */
+  public void setVerifySignatureEnvironment(Content verifySignatureEnvironment) {
+    this.verifySignatureEnvironment = verifySignatureEnvironment;
+  }
+
+  public Content getVerifySignatureEnvironment() {
+    return verifySignatureEnvironment;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureLocationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureLocationImpl.java
new file mode 100644
index 0000000..8e183bb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureLocationImpl.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+
+/**
+ * Default implementation of <code>VerifySignatureLocation</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifySignatureLocationImpl
+  extends ElementSelectorImpl
+  implements VerifySignatureLocation {
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
new file mode 100644
index 0000000..25b5c39
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+
+/**
+ * Default implementation of <codeReferenceInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyTransformsDataImpl implements ReferenceInfo {
+  /** Information about the transformations contained in the signature. */
+  private List verifyTransformsInfoProfiles;
+
+  /**
+   * Sets the information about the transformations contained in the signature.
+   * 
+   * @param verifyTransformsInfoProfiles The profiles containing transformation
+   * information.
+   */
+  public void setVerifyTransformsInfoProfiles(List verifyTransformsInfoProfiles) {
+    this.verifyTransformsInfoProfiles =
+      verifyTransformsInfoProfiles != null
+        ? Collections.unmodifiableList(
+          new ArrayList(verifyTransformsInfoProfiles))
+        : null;
+  }
+
+  public List getVerifyTransformsInfoProfiles() {
+    return verifyTransformsInfoProfiles;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileExplicitImpl.java
new file mode 100644
index 0000000..2ce5f39
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileExplicitImpl.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+
+/**
+ * Default implementation of <code>VerifyTransformsInfoProfileExplicit</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyTransformsInfoProfileExplicitImpl
+  implements VerifyTransformsInfoProfileExplicit {
+
+  /** The transforms contained in this profile. */
+  private List transforms;
+  /** Additional information for the transforms. */
+  private List transformParameters = new ArrayList();
+
+  /**
+   * Sets the transforms contained in this profile.
+   * 
+   * @param transforms The transforms contained in this profile.
+   */
+  public void setTransforms(List transforms) {
+    this.transforms =
+      transforms != null
+        ? Collections.unmodifiableList(new ArrayList(transforms))
+        : null;
+  }
+
+  public List getTransforms() {
+    return transforms;
+  }
+
+  /**
+   * Sets additional information for the transforms.
+   * 
+   * @param transformParameters Additional information for the transforms.
+   */
+  public void setTransformParameters(List transformParameters) {
+    this.transformParameters = new ArrayList(transformParameters);
+  }
+
+  public List getTransformParameters() {
+    return transformParameters;
+  }
+
+  /**
+   * Gets the type of <code>VerifyTransformsInfoProfile</code>.
+   * 
+   * @return EXPLICIT_VERIFYTRANSFORMSINFOPROFILE
+   */
+  public int getVerifyTransformsInfoProfileType() {
+    return EXPLICIT_VERIFYTRANSFORMSINFOPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileIDImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileIDImpl.java
new file mode 100644
index 0000000..a545535
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileIDImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileID;
+
+/**
+ * Default implementation of <code>VerifyTransformsInfoProfileID</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyTransformsInfoProfileIDImpl implements VerifyTransformsInfoProfileID {
+
+  /** The profile ID. */
+  private String verifyTransformsInfoProfileID;
+
+  /**
+   * Sets the profile ID.
+   * 
+   * @param profileID The profile ID.
+   */
+  public void setVerifyTransformsInfoProfileID(String profileID) {
+    this.verifyTransformsInfoProfileID = profileID;
+  }
+
+  public String getVerifyTransformsInfoProfileID() {
+    return verifyTransformsInfoProfileID;
+  }
+
+  /**
+   * Gets the type of <code>VerifyTransformsInfoProfile</code>.
+   * 
+   * @return ID_VERIFYTRANSFORMSINFOPROFILE
+   */
+  public int getVerifyTransformsInfoProfileType() {
+    return ID_VERIFYTRANSFORMSINFOPROFILE;
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java
new file mode 100644
index 0000000..1b9be35
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+
+/**
+ * Default implementation of <code>VerifyXMLSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestImpl
+  implements VerifyXMLSignatureRequest {
+  /** Date and time for signature verification. */
+  private Date dateTime;
+  /** The signature to be verified. */
+  private VerifySignatureInfo verifySignatureInfo;
+  /** Supplemental information about the singature. */
+  private List supplementProfiles;
+  /** Additional parameters for checking the signature manifest. */
+  private SignatureManifestCheckParams signatureManifestCheckParams;
+  /** Whether to return the hash input data. */
+  private boolean returnHashInputData;
+  /** The profile ID of the trust profile containing the trusted certificates. 
+   */
+  private String trustProfileId;
+
+  /**
+   * Sets the date and time for signature verification.
+   * 
+   * @param dateTime The date and time for signature verification.
+   */
+  public void setDateTime(Date dateTime) {
+    this.dateTime = dateTime;
+  }
+
+  public Date getDateTime() {
+    return dateTime;
+  }
+
+  /** 
+   * Sets the signature to be verified.
+   * 
+   * @param signatureInfo The signature to be verified.
+   */
+  public void setSignatureInfo(VerifySignatureInfo signatureInfo) {
+    this.verifySignatureInfo = signatureInfo;
+  }
+
+  public VerifySignatureInfo getSignatureInfo() {
+    return verifySignatureInfo;
+  }
+
+  /**
+   * Sets supplemental information about the singature.
+   * @param supplementProfiles
+   */
+  public void setSupplementProfiles(List supplementProfiles) {
+    this.supplementProfiles =
+      supplementProfiles != null
+        ? Collections.unmodifiableList(new ArrayList(supplementProfiles))
+        : null;
+  }
+
+  public List getSupplementProfiles() {
+    return supplementProfiles;
+  }
+
+  /**
+   * Sets supplemental information about the singature.
+   * @param params Supplemental information about the singature.
+   */
+  public void setSignatureManifestCheckParams(SignatureManifestCheckParams params) {
+    this.signatureManifestCheckParams = params;
+  }
+
+  public SignatureManifestCheckParams getSignatureManifestCheckParams() {
+    return signatureManifestCheckParams;
+  }
+
+  /**
+   * Sets whether to return hash input data.
+   * 
+   * @param returnSignedData Whether to return hash input data.
+   */
+  public void setReturnHashInputData(boolean returnSignedData) {
+    this.returnHashInputData = returnSignedData;
+  }
+
+  public boolean getReturnHashInputData() {
+    return returnHashInputData;
+  }
+
+  /**
+   * Sets the profile ID of trusted certificates.
+   * 
+   * @param trustProfileId The profile ID of trusted certificates.
+   */
+  public void setTrustProfileId(String trustProfileId) {
+    this.trustProfileId = trustProfileId;
+  }
+
+  public String getTrustProfileId() {
+    return trustProfileId;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
new file mode 100644
index 0000000..46fd517
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyXMLSignatureResponseImpl
+  implements VerifyXMLSignatureResponse {
+
+  /** Information about the signer certificate. */
+  private SignerInfo signerInfo;
+  
+  /** 
+   * The hash input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
+   * */
+  private List hashInputDatas = new ArrayList();
+  
+  /** 
+   * The reference input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s. 
+   * */
+  private List referenceInputDatas = new ArrayList();
+  
+  /** Information about the signature check. */
+  private ReferencesCheckResult signatureCheck;
+  /** Information about the signature manifest check. */
+  private ReferencesCheckResult signatureManifestCheck;
+  /** Information about the XMLDsig manifest check. */
+  private List xmlDsigManifestChecks = new ArrayList();
+  /** Information about the certificate check. */
+  private CheckResult certificateCheck;
+  
+  /**
+   * Sets information about the signer certificate.
+   * 
+   * @param signerInfo Information about the signer certificate.
+   */
+  public void setSignerInfo(SignerInfo signerInfo) {
+    this.signerInfo = signerInfo;
+  }
+
+  public SignerInfo getSignerInfo() {
+    return signerInfo;
+  }
+
+  /**
+   * Sets data signed by the signatory.
+   * 
+   * @param hashInputDatas The signed datas.
+   */
+  public void setHashInputDatas(List hashInputDatas) {
+    this.hashInputDatas =
+      hashInputDatas != null
+        ? Collections.unmodifiableList(new ArrayList(hashInputDatas))
+        : null;
+  }
+
+  public List getHashInputDatas() {
+    return hashInputDatas;
+  }
+
+  /**
+   * Sets the source data elements.
+   * 
+   * @param referenceInputDatas The source data elements.
+   */
+  public void setReferenceInputDatas(List referenceInputDatas) {
+    this.referenceInputDatas =
+      referenceInputDatas != null
+        ? Collections.unmodifiableList(new ArrayList(referenceInputDatas))
+        : null;
+  }
+
+  public List getReferenceInputDatas() {
+    return referenceInputDatas;
+  }
+
+  /**
+   * Sets the result of the signature verification.
+   * 
+   * @param signatureCheck The result of the signature verification.
+   */
+  public void setSignatureCheck(ReferencesCheckResult signatureCheck) {
+    this.signatureCheck = signatureCheck;
+  }
+
+  public ReferencesCheckResult getSignatureCheck() {
+    return signatureCheck;
+  }
+
+  /**
+   * Sets the result of the signature manifest verification.
+   * 
+   * @param signatureManifestCheck The result of the signature manifest verification.
+   */
+  public void setSignatureManifestCheck(ReferencesCheckResult signatureManifestCheck) {
+    this.signatureManifestCheck = signatureManifestCheck;
+  }
+
+  public ReferencesCheckResult getSignatureManifestCheck() {
+    return signatureManifestCheck;
+  }
+
+  /**
+   * Sets the result of the certification verification.
+   * 
+   * @param certificateCheck The result of the certificate verification.
+   */
+  public void setCertificateCheck(CheckResult certificateCheck) {
+    this.certificateCheck = certificateCheck;
+  }
+
+  public CheckResult getCertificateCheck() {
+    return certificateCheck;
+  }
+  
+
+  /**
+   * Sets the XMLDSigManifestChecks.
+   * 
+   * @param xmlDsigManifestChecks The XMLDSigManifestChecks.
+   */
+  public void setXMLDsigManifestChecks(List xmlDsigManifestChecks) {
+    this.xmlDsigManifestChecks =
+      xmlDsigManifestChecks != null
+        ? Collections.unmodifiableList(new ArrayList(xmlDsigManifestChecks))
+        : null;
+  }
+
+  public List getXMLDsigManifestChecks() {
+    return xmlDsigManifestChecks;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/X509IssuerSerialImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/X509IssuerSerialImpl.java
new file mode 100644
index 0000000..aff7e10
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/X509IssuerSerialImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.math.BigInteger;
+
+import at.gv.egovernment.moa.spss.api.common.X509IssuerSerial;
+
+/**
+ * Default implementation of <code>X509IssuerSerial</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class X509IssuerSerialImpl implements X509IssuerSerial {
+  /** The certificate serial number. */
+  private BigInteger x509SerialNumber;
+  /** The certificate issuer DN. */
+  private String x509IssuerName;
+
+  /**
+   * Sets the issuer distinguished name.
+   * 
+   * @param x509IssuerName The issuer distinguished name.
+   */
+  public void setX509IssuerName(String x509IssuerName) {
+    this.x509IssuerName = x509IssuerName;
+  }
+
+  public String getX509IssuerName() {
+    return x509IssuerName;
+  }
+
+  /**
+   * Sets the certificate serial number.
+   * 
+   * @param x509SerialNumber The issuer serial number.
+   */
+  public void setX509SerialNumber(BigInteger x509SerialNumber) {
+    this.x509SerialNumber = x509SerialNumber;
+  }
+
+  public BigInteger getX509SerialNumber() {
+    return x509SerialNumber;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XMLDataObjectAssociationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XMLDataObjectAssociationImpl.java
new file mode 100644
index 0000000..dabf29d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XMLDataObjectAssociationImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+
+/**
+ * Default implementation of <code>XMLDataObjectAssociation</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XMLDataObjectAssociationImpl implements XMLDataObjectAssociation {
+
+  /** Meta information about the <code>Content</code> object. */
+  private MetaInfo metaInfo;
+  /** The actual data contained in this object. */
+  private Content content;
+
+  /**
+   * Sets meta information about the <code>Content</code> object.
+   * @param metaInfo Meta information about the <code>Content</code> object.
+   */
+  public void setMetaInfo(MetaInfo metaInfo) {
+    this.metaInfo = metaInfo;
+  }
+
+  public MetaInfo getMetaInfo() {
+    return metaInfo;
+  }
+
+  /**
+   * Sets the actual data contained in this object.
+   * 
+   * @param content The actual data contained in this object.
+   */
+  public void setContent(Content content) {
+    this.content = content;
+  }
+
+  public Content getContent() {
+    return content;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilter2TransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilter2TransformImpl.java
new file mode 100644
index 0000000..175de3a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilter2TransformImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform;
+
+/**
+ * Default implementation of <code>XPathFilter2Transform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XPathFilter2TransformImpl
+  extends TransformImpl
+  implements XPathFilter2Transform {
+    
+  /** The XPath filters. */
+  private List filters;
+  
+  /**
+   * Create a new <code>XPathFilter2TransformImpl</code> object.
+   */
+  public XPathFilter2TransformImpl() {
+    setAlgorithmURI(XPATH_FILTER2);
+  }
+
+  /**
+   * Sets the XPath filters contained in this  
+   * <code>XPathFilter2Transform</code>.
+   * 
+   * @param filters The XPath filters contained in this 
+   * <code>XPathFilter2Transform</code>.
+   */  
+  public void setFilters(List filters) {
+    this.filters = new ArrayList(filters);
+  }
+
+  public List getFilters() {
+    return filters;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilterImpl.java
new file mode 100644
index 0000000..6615e9f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilterImpl.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+
+/**
+ * Default implementation of <code>XPathFilter</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XPathFilterImpl implements XPathFilter {
+  /** The type of filter. */
+  private String filterType;
+  /** The XPath expression of the filter. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to while evaluating the XPath 
+   * expression. */
+  private Map namespaceDeclarations = new HashMap();
+
+  /**
+   * Sets the type of filter.
+   * 
+   * @param filterType The type of filter.
+   */
+  public void setFilterType(String filterType) {
+    this.filterType = filterType;
+  }
+
+  public String getFilterType() {
+    return filterType;
+  }
+
+  /**
+   * Sets the XPath expression of the filter.
+   * 
+   * @param xPathExpression The XPath expression of the filter.
+   */
+  public void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * Sets the namespace prefix to URI mapping to while evaluating the XPath 
+   * expression.
+   * 
+   * @param namespaceDeclarations The namespace prefix to URI mapping to while 
+   * evaluating the XPath expression.
+   */
+  public void setNamespaceDelcarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathTransformImpl.java
new file mode 100644
index 0000000..f626a95
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathTransformImpl.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.spss.api.common.XPathTransform;
+
+/**
+ * Default implementation of <code>XPathTransform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XPathTransformImpl
+  extends TransformImpl
+  implements XPathTransform {
+    
+  /** The XPath expression to evaluate. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to while evaluating the XPath 
+   * expression. */
+  private Map namespaceDeclarations = new HashMap();
+
+  /**
+   * Create a new <code>XPathTransformImpl</code> object.
+   */
+  public XPathTransformImpl() {
+    setAlgorithmURI(XPATH);
+  }
+
+  /**
+   * Sets the XPath expression to evaluate.
+   * 
+   * @param xPathExpression The XPath expression to evaluate.
+   */
+  public void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * Sets the namespace prefix to URI mapping to while evaluating the XPath 
+   * expression.
+   * 
+   * @param namespaceDeclarations The namespace prefix to URI mapping to while 
+   * evaluating the XPath expression.
+   */
+  public void setNamespaceDelcarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XSLTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XSLTransformImpl.java
new file mode 100644
index 0000000..3fd4cc1
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XSLTransformImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.common.XSLTTransform;
+
+/**
+ * Default implementation of <code>XSLTTransform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XSLTransformImpl extends TransformImpl implements XSLTTransform {
+  /** The XSLT stylesheet to apply. */
+  private Element styleSheet;
+  
+  /**
+   * Create a new <code>XSLTransformImpl</code> object.
+   */
+  public XSLTransformImpl() {
+    setAlgorithmURI(XSLT);
+  }
+
+  /**
+   * Sets the XSLT stylesheet to apply.
+   * 
+   * @param styleSheet The XSLT stylesheet to apply.
+   */
+  public void setStylesheet(Element styleSheet) {
+    this.styleSheet = styleSheet;
+  }
+
+  public Element getStylesheet() {
+    return styleSheet;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
new file mode 100644
index 0000000..a8cae9c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
@@ -0,0 +1,261 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A parser to parse <code>CreateCMSSignatureRequest</code> DOM trees into
+ * <code>CreateCMSSignatureRequest</code> API objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateCMSSignatureRequestParser {
+
+  //
+  // XPath expresssions to select elements in the CreateCMSSignatureRequest
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String KEY_IDENTIFIER_XPATH =
+    "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "KeyIdentifier";
+  private static final String SINGLE_SIGNATURE_INFO_XPATH =
+    "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "SingleSignatureInfo";
+  private static final String DATA_OBJECT_INFO_XPATH = MOA + "DataObjectInfo";
+  private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
+  
+  private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+
+  private static final String META_INFO_XPATH = MOA + "MetaInfo";
+  private static final String CONTENT_XPATH = MOA + "Content";
+  private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content";
+  private static final String EXCLUDEBYTERANGE_FROM_XPATH = MOA + "ExcludedByteRange/" + MOA + "From";
+  private static final String EXCLUDEBYTERANGE_TO_XPATH = MOA + "ExcludedByteRange/" + MOA + "To";
+  
+
+  
+  /** The factory to create API objects. */
+  private SPSSFactory factory;
+
+  /**
+   * Create a new <code>CreateCMSSignatureRequestParser</code>.
+   */
+  public CreateCMSSignatureRequestParser() {
+    this.factory = SPSSFactory.getInstance();
+  }
+
+  /**
+   * Parse a <code>CreateCMSSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>CreateCMSSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>CreateCMSSignatureRequest</code> API object containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public CreateCMSSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = parseSingleSignatureInfos(requestElem);
+    String keyIdentifier =
+      XPathUtils.getElementValue(requestElem, KEY_IDENTIFIER_XPATH, null);
+
+    return factory.createCreateCMSSignatureRequest(
+      keyIdentifier,
+      singleSignatureInfos);
+  }
+
+  /**
+   * Parse all <code>SingleSignatureInfo</code> elements of the 
+   * <code>CreateCMSSignatureRequest</code>.
+   * 
+   * @param requestElem The <code>CreateCMSSignatureRequest</code> to parse.
+   * @return A <code>List</code> of <code>SingleSignatureInfo</code> API 
+   * objects.
+   * @throws MOAApplicationException An error occurred parsing on of the 
+   * <code>SingleSignatureInfo</code> elements.
+   */
+  private List parseSingleSignatureInfos(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = new ArrayList();
+    NodeIterator sigInfoElems =
+      XPathUtils.selectNodeIterator(requestElem, SINGLE_SIGNATURE_INFO_XPATH);
+    Element sigInfoElem;
+
+    while ((sigInfoElem = (Element) sigInfoElems.nextNode()) != null) {
+      singleSignatureInfos.add(parseSingleSignatureInfo(sigInfoElem));
+    }
+
+    return singleSignatureInfos;
+  }
+
+  /**
+   * Parse a <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The <code>SingleSignatureInfo</code> DOM element to 
+   * parse.
+   * @return A <code>SingleSignatureInfo</code> API object containing the 
+   * information of <code>sigInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>SingleSignatureInfo</code>.
+   */
+  private SingleSignatureInfo parseSingleSignatureInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+    DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem);
+    boolean securityLayerConform;
+
+    if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
+      securityLayerConform =
+        BoolUtils.valueOf(sigInfoElem.getAttribute(SL_CONFORM_ATTR_NAME));
+    } else {
+      securityLayerConform = true;
+    }
+
+    return factory.createSingleSignatureInfoCMS(
+      dataObjectInfo,
+      securityLayerConform);
+  }
+
+  /**
+   * Parse the <code>DataObjectInfo</code> DOM elements contained in the given
+   * <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The  <code>SingleSignatureInfo</code> DOM element
+   * whose <code>DataObjectInfo</code>s to parse.
+   * @return A <code>List</code> of <code>DataObjectInfo</code> API objects
+   * containing the data from the <code>DataObjectInfo</code> DOM elements.
+   * @throws MOAApplicationException An error occurred parsing one of the
+   * <code>DataObjectInfo</code>s.
+   */
+  private DataObjectInfo parseDataObjectInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+	  Element dataObjInfoElem = (Element)XPathUtils.selectSingleNode(sigInfoElem, DATA_OBJECT_INFO_XPATH);
+	  
+	  String structure = dataObjInfoElem.getAttribute("Structure");
+	    Element dataObjectElem =
+	      (Element) XPathUtils.selectSingleNode(dataObjInfoElem, DATA_OBJECT_XPATH);
+	  
+	    CMSDataObject dataObject = parseDataObject(dataObjectElem);
+
+	    return factory.createDataObjectInfo(
+	      structure,
+	      dataObject);
+	    
+  }
+  
+ 
+
+ 
+
+  /**
+   * Parse a the <code>DataObject</code> DOM element contained in a given 
+   * <code>CreateCMSSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The DataObject DOM element of the <code>VerifyCMSSignatureRequest</code> 
+   * to parse.
+   * @return The <code>CMSDataObject</code> API object containing the data
+   * from the <code>DataObject</code> DOM element.
+   */
+  private CMSDataObject parseDataObject(Element dataObjectElem) {
+
+    if (dataObjectElem != null) {
+      Element metaInfoElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, META_INFO_XPATH);
+      MetaInfo metaInfo = null;
+      Element contentElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, CONTENT_XPATH);
+      CMSContent content = parseContent(contentElem);
+
+      if (metaInfoElem != null) {
+        metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
+      }
+
+      String excludeByteRangeFromStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_FROM_XPATH, null);
+      String excludeByteRangeToStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_TO_XPATH, null);
+      
+      BigDecimal excludeByteRangeFrom = null;
+      BigDecimal excludeByteRangeTo = null;
+      
+      if (excludeByteRangeFromStr != null)
+    	  excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr);
+      if (excludeByteRangeToStr != null)
+    	  excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr);
+      
+      return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo);
+    } 
+    else {
+      return null;
+    }
+  }
+
+    
+
+    /**
+     * Parse the content contained in a <code>CMSContentBaseType</code> kind of
+     * DOM element.
+     * 
+     * @param contentElem The <code>CMSContentBaseType</code> kind of element to
+     * parse.
+     * @return A <code>CMSDataObject</code> API object containing the data
+     * from the given DOM element.
+     */
+    private CMSContent parseContent(Element contentElem) {
+      Element base64ContentElem =
+        (Element) XPathUtils.selectSingleNode(contentElem, BASE64_CONTENT_XPATH);
+
+      if (base64ContentElem != null) {
+        String base64Str = DOMUtils.getText(base64ContentElem);
+        InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true);
+        return factory.createCMSContent(binaryContent);
+      } else {
+        return factory.createCMSContent(
+          contentElem.getAttribute("Reference"));
+      }
+    } 
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
new file mode 100644
index 0000000..907f90d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.util.Iterator;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Convert a <code>CreateCMSSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseBuilder {
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>CreateCMSSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>CreateCMSSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public CreateCMSSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("CreateCMSSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>CreateCMSSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>CreateCMSSignatureResponse</code> API object.
+   * 
+   * @param response The <code>CreateCMSSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>CreateCMSSignatureResponse</code>
+   * DOM element.
+   */
+  public Document build(CreateCMSSignatureResponse response) {
+    Iterator iter;
+
+        
+    for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
+      CreateCMSSignatureResponseElement responseElement =
+        (CreateCMSSignatureResponseElement) iter.next();
+      
+      switch (responseElement.getResponseType()) {
+        case CreateCMSSignatureResponseElement.CMS_SIGNATURE :
+        	CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseElement;
+        	addCMSSignature(cmsSignatureResponse);
+          break;
+
+        case CreateCMSSignatureResponseElement.ERROR_RESPONSE :
+          ErrorResponse errorResponse = (ErrorResponse) responseElement;
+          addErrorResponse(errorResponse);
+          break;
+      }
+
+    }
+
+    return responseDoc;
+  }
+
+
+
+  /**
+   * Add a <code>CMSSignature</code> element to the response.
+   * 
+   * @param cmsSignatureResponse The content to put under the
+   * <code>CMSSignature</code> element.
+   */
+  private void addCMSSignature(CMSSignatureResponse cmsSignatureResponse) {
+	  String base64Value = cmsSignatureResponse.getCMSSignature();
+	  
+	  Element cmsSignature = responseDoc.createElementNS(MOA_NS_URI, "CMSSignature");	  
+	  cmsSignature.setTextContent(base64Value);
+	  
+	  responseElem.appendChild(cmsSignature);
+	  
+}
+  
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorResponse The API object containing the information to put into
+   * the <code>ErrorResponse</code> DOM element.
+   */
+  private void addErrorResponse(ErrorResponse errorResponse) {
+    Element errorElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorResponse");
+    Element errorCodeElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorCode");
+    Element infoElem = responseDoc.createElementNS(MOA_NS_URI, "Info");
+    String errorCodeStr = Integer.toString(errorResponse.getErrorCode());
+
+    errorCodeElem.appendChild(responseDoc.createTextNode(errorCodeStr));
+    errorElem.appendChild(errorCodeElem);
+    infoElem.appendChild(responseDoc.createTextNode(errorResponse.getInfo()));
+    errorElem.appendChild(errorCodeElem);
+    errorElem.appendChild(infoElem);
+    responseElem.appendChild(errorElem);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java
new file mode 100644
index 0000000..9cea2fc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java
@@ -0,0 +1,312 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+
+/**
+ * A parser to parse <code>CreateXMLSignatureRequest</code> DOM trees into
+ * <code>CreateXMLSignatureRequest</code> API objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateXMLSignatureRequestParser {
+
+  //
+  // XPath expresssions to select elements in the CreateXMLSignatureRequest
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String KEY_IDENTIFIER_XPATH =
+    "/" + MOA + "CreateXMLSignatureRequest/" + MOA + "KeyIdentifier";
+  private static final String SINGLE_SIGNATURE_INFO_XPATH =
+    "/" + MOA + "CreateXMLSignatureRequest/" + MOA + "SingleSignatureInfo";
+  private static final String DATA_OBJECT_INFO_XPATH = MOA + "DataObjectInfo";
+  private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
+  private static final String CREATE_SIGNATURE_INFO_XPATH =
+    MOA + "CreateSignatureInfo";
+  private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH =
+    (MOA + "CreateTransformsInfoProfile | ")
+      + (MOA + "CreateTransformsInfoProfileID");
+  private static final String CREATE_SIGNATURE_ENVIRONMENT_XPATH =
+    MOA + "CreateSignatureEnvironment";
+  private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH =
+    (MOA + "CreateSignatureEnvironmentProfile | ")
+      + (MOA + "CreateSignatureEnvironmentProfileID");
+  private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+  
+  /** The factory to create API objects. */
+  private SPSSFactory factory;
+
+  /**
+   * Create a new <code>CreateXMLSignatureRequestParser</code>.
+   */
+  public CreateXMLSignatureRequestParser() {
+    this.factory = SPSSFactory.getInstance();
+  }
+
+  /**
+   * Parse a <code>CreateXMLSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>CreateXMLSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>CreateXMLSignatureRequest</code> API object containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public CreateXMLSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = parseSingleSignatureInfos(requestElem);
+    String keyIdentifier =
+      XPathUtils.getElementValue(requestElem, KEY_IDENTIFIER_XPATH, null);
+
+    return factory.createCreateXMLSignatureRequest(
+      keyIdentifier,
+      singleSignatureInfos);
+  }
+
+  /**
+   * Parse all <code>SingleSignatureInfo</code> elements of the 
+   * <code>CreateXMLSignatureRequest</code>.
+   * 
+   * @param requestElem The <code>CreateXMLSignatureRequest</code> to parse.
+   * @return A <code>List</code> of <code>SingleSignatureInfo</code> API 
+   * objects.
+   * @throws MOAApplicationException An error occurred parsing on of the 
+   * <code>SingleSignatureInfo</code> elements.
+   */
+  private List parseSingleSignatureInfos(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = new ArrayList();
+    NodeIterator sigInfoElems =
+      XPathUtils.selectNodeIterator(requestElem, SINGLE_SIGNATURE_INFO_XPATH);
+    Element sigInfoElem;
+
+    while ((sigInfoElem = (Element) sigInfoElems.nextNode()) != null) {
+      singleSignatureInfos.add(parseSingleSignatureInfo(sigInfoElem));
+    }
+
+    return singleSignatureInfos;
+  }
+
+  /**
+   * Parse a <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The <code>SingleSignatureInfo</code> DOM element to 
+   * parse.
+   * @return A <code>SingleSignatureInfo</code> API object containing the 
+   * information of <code>sigInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>SingleSignatureInfo</code>.
+   */
+  private SingleSignatureInfo parseSingleSignatureInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+    List dataObjectInfos = parseDataObjectInfos(sigInfoElem);
+    CreateSignatureInfo createSignatureInfo =
+      parseCreateSignatureInfo(sigInfoElem);
+    boolean securityLayerConform;
+
+    if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
+      securityLayerConform =
+        BoolUtils.valueOf(sigInfoElem.getAttribute(SL_CONFORM_ATTR_NAME));
+    } else {
+      securityLayerConform = true;
+    }
+
+    return factory.createSingleSignatureInfo(
+      dataObjectInfos,
+      createSignatureInfo,
+      securityLayerConform);
+  }
+
+  /**
+   * Parse the <code>DataObjectInfo</code> DOM elements contained in the given
+   * <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The  <code>SingleSignatureInfo</code> DOM element
+   * whose <code>DataObjectInfo</code>s to parse.
+   * @return A <code>List</code> of <code>DataObjectInfo</code> API objects
+   * containing the data from the <code>DataObjectInfo</code> DOM elements.
+   * @throws MOAApplicationException An error occurred parsing one of the
+   * <code>DataObjectInfo</code>s.
+   */
+  private List parseDataObjectInfos(Element sigInfoElem)
+    throws MOAApplicationException {
+
+    List dataObjectInfos = new ArrayList();
+    NodeIterator dataObjInfoElems =
+      XPathUtils.selectNodeIterator(sigInfoElem, DATA_OBJECT_INFO_XPATH);
+    Element dataObjInfoElem;
+
+    while ((dataObjInfoElem = (Element) dataObjInfoElems.nextNode()) != null) {
+      dataObjectInfos.add(parseDataObjectInfo(dataObjInfoElem));
+    }
+    return dataObjectInfos;
+  }
+
+  /**
+   * Parse a <code>DataObjectInfo</code> DOM element.
+   * 
+   * @param dataObjInfoElem The <code>DataObjectInfo</code> DOM element to 
+   * parse.
+   * @return A <code>DataObjectInfo</code> API element containing the data
+   * from <code>dataObjInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>DataObjectInfo</code>.
+   */
+  private DataObjectInfo parseDataObjectInfo(Element dataObjInfoElem)
+    throws MOAApplicationException {
+
+    String structure = dataObjInfoElem.getAttribute("Structure");
+    Element dataObjectElem =
+      (Element) XPathUtils.selectSingleNode(dataObjInfoElem, DATA_OBJECT_XPATH);
+    Content dataObject = RequestParserUtils.parseContent(dataObjectElem);
+    CreateTransformsInfoProfile createTransformsInfoProfile =
+      parseCreateTransformsInfoProfile(dataObjInfoElem);
+    boolean childOfManifest;
+
+    if (dataObjInfoElem.hasAttribute("ChildOfManifest")) {
+      childOfManifest =
+        BoolUtils.valueOf(dataObjInfoElem.getAttribute("ChildOfManifest"));
+    } else {
+      childOfManifest = false;
+    }
+
+    return factory.createDataObjectInfo(
+      structure,
+      childOfManifest,
+      dataObject,
+      createTransformsInfoProfile);
+  }
+
+  /**
+   * Parse a <code>CreateTransformsInfoProfile</code> DOM element.
+   * 
+   * @param dataObjInfoElem The <code>DataObjectInfo</code> DOM element 
+   * containing the <code>CreateTransformsInfoProfile</code>.
+   * @return The <code>CreateTransformsInfoProfile</code> API object containing
+   * the profile found in <code>dataObjInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>CreateTransformsInfoProfile</code>.
+   */
+  private CreateTransformsInfoProfile parseCreateTransformsInfoProfile(Element dataObjInfoElem)
+    throws MOAApplicationException {
+
+    Element profileElem =
+      (Element) XPathUtils.selectSingleNode(
+        dataObjInfoElem,
+        CREATE_TRANSFORMS_INFO_PROFILE_XPATH);
+
+    if ("CreateTransformsInfoProfile".equals(profileElem.getLocalName())) {
+      ProfileParser profileParser = new ProfileParser();
+      return profileParser.parseCreateTransformsInfoProfile(profileElem);
+
+    } else {
+      String profileID = DOMUtils.getText(profileElem);
+      return factory.createCreateTransformsInfoProfile(profileID);
+    }
+  }
+
+  /**
+   * Parse the <code>CreateSignatureInfo</code> DOM element contained in
+   * a <code>SingleSignatureInfo</code>.
+   * 
+   * @param sigInfoElem The <code>SingleSignatureInfo</code> DOM element
+   * containing the <code>CreateSignatureInfo</code> to be parsed.
+   * @return A <code>CreateSignatureInfo</code> API object containing the
+   * data from the <code>CreateSignatureInfo</code> DOM element, or 
+   * <code>null</code>, if none was found.
+   */
+  private CreateSignatureInfo parseCreateSignatureInfo(Element sigInfoElem) {
+    Element createInfoElem =
+      (Element) XPathUtils.selectSingleNode(
+        sigInfoElem,
+        CREATE_SIGNATURE_INFO_XPATH);
+
+    if (createInfoElem != null) {
+      Element environmentElem =
+        (Element) XPathUtils.selectSingleNode(
+          createInfoElem,
+          CREATE_SIGNATURE_ENVIRONMENT_XPATH);
+      Content environment = RequestParserUtils.parseContent(environmentElem);
+      CreateSignatureEnvironmentProfile environmentProfile =
+        parseCreateSignatureEnvironmentProfile(createInfoElem);
+
+      return factory.createCreateSignatureInfo(environment, environmentProfile);
+    } else {
+      return null;
+    }
+  }
+
+  /**
+   * Parse the <code>CreateSignatureEnvironmentProfile</code> contained in
+   * the given <code>CreateSignatureInfo</code> DOM element.
+   * 
+   * @param createInfoElem <code>CreateSignatureInfo</code> DOM element to
+   * parse.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> contained
+   * in the given <code>CreateSignatureInfo</code> DOM element..
+   */
+  private CreateSignatureEnvironmentProfile parseCreateSignatureEnvironmentProfile(Element createInfoElem) {
+    Element profileElem =
+      (Element) XPathUtils.selectSingleNode(
+        createInfoElem,
+        CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH);
+
+    if ("CreateSignatureEnvironmentProfile"
+      .equals(profileElem.getLocalName())) {
+      ProfileParser profileParser = new ProfileParser();
+      return profileParser.parseCreateSignatureEnvironmentProfile(profileElem);
+    } else {
+      String profileID = DOMUtils.getText(profileElem);
+      return factory.createCreateSignatureEnvironmentProfile(profileID);
+    }
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java
new file mode 100644
index 0000000..0af1a67
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.Iterator;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.util.Constants;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+
+/**
+ * Convert a <code>CreateXMLSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateXMLSignatureResponseBuilder {
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>CreateXMLSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>CreateXMLSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public CreateXMLSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("CreateXMLSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>CreateXMLSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>CreateXMLSignatureResponse</code> API object.
+   * 
+   * @param response The <code>CreateXMLSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>CreateXMLSignatureResponse</code>
+   * DOM element.
+   */
+  public Document build(CreateXMLSignatureResponse response) {
+    Iterator iter;
+
+    for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
+      CreateXMLSignatureResponseElement responseElement =
+        (CreateXMLSignatureResponseElement) iter.next();
+
+      switch (responseElement.getResponseType()) {
+        case CreateXMLSignatureResponseElement.SIGNATURE_ENVIRONMENT_RESPONSE :
+          SignatureEnvironmentResponse envResponse =
+            (SignatureEnvironmentResponse) responseElement;
+          addSignatureEnvironment(envResponse);
+          break;
+
+        case CreateXMLSignatureResponseElement.ERROR_RESPONSE :
+          ErrorResponse errorResponse = (ErrorResponse) responseElement;
+          addErrorResponse(errorResponse);
+          break;
+      }
+
+    }
+
+    return responseDoc;
+  }
+
+  /**
+   * Add a <code>SignatureEnvironment</code> element to the response.
+   * 
+   * @param envResponse The content to put under the
+   * <code>SignatureEnvironment</code> element. This should either be a
+   * <code>dsig:Signature</code> element (in case of a detached signature) or
+   * the signature environment containing the signature (in case of
+   * an enveloping signature).
+   */
+  private void addSignatureEnvironment(SignatureEnvironmentResponse envResponse) {
+    Element content = envResponse.getSignatureEnvironment();
+    Node importedSignature = responseDoc.importNode(content, true);
+    Element signatureEnvironment =
+      responseDoc.createElementNS(MOA_NS_URI, "SignatureEnvironment");
+    signatureEnvironment.appendChild(importedSignature);
+    responseElem.appendChild(signatureEnvironment);
+  }
+
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorResponse The API object containing the information to put into
+   * the <code>ErrorResponse</code> DOM element.
+   */
+  private void addErrorResponse(ErrorResponse errorResponse) {
+    Element errorElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorResponse");
+    Element errorCodeElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorCode");
+    Element infoElem = responseDoc.createElementNS(MOA_NS_URI, "Info");
+    String errorCodeStr = Integer.toString(errorResponse.getErrorCode());
+
+    errorCodeElem.appendChild(responseDoc.createTextNode(errorCodeStr));
+    errorElem.appendChild(errorCodeElem);
+    infoElem.appendChild(responseDoc.createTextNode(errorResponse.getInfo()));
+    errorElem.appendChild(errorCodeElem);
+    errorElem.appendChild(infoElem);
+    responseElem.appendChild(errorElem);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java
new file mode 100644
index 0000000..0705c0b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java
@@ -0,0 +1,309 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile;
+
+/**
+ * Parse the various profile elements contained in the MOA web service requests
+ * and given as separate files in the MOA configuration.
+ * 
+ * The profiles parsed must be schema valid according to the MOA XML schema.
+ *  
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ProfileParser {
+  
+  //
+  // XPath expressions to select parts of the profiles
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  private static final String CREATE_TRANSFORMS_XPATH =
+    MOA + "CreateTransformsInfo/" + DSIG + "Transforms";
+  private static final String FINAL_DATA_META_INFO_XPATH =
+    MOA + "CreateTransformsInfo/" + MOA + "FinalDataMetaInfo";
+  private static final String CREATE_SIGNATURE_LOCATION_XPATH =
+    MOA + "CreateSignatureLocation";
+  private static final String SUPPLEMENT_XPATH = MOA + "Supplement";
+  private static final String VERIFY_TRANSFORMS_XPATH = DSIG + "Transforms";
+  private static final String TRANSFORM_PARAMETER_XPATH =
+    MOA + "TransformParameter";
+  private static final String TRANSFORM_PARAMETER_CONTENT_XPATH =
+    MOA + "Base64Content | " + MOA + "Hash";
+  private static final String DIGEST_METHOD_XPATH = DSIG + "DigestMethod";
+  private static final String DIGEST_VALUE_XPATH = DSIG + "DigestValue";
+
+  /** The factory used to create API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+  /**
+   * Parse a <code>CreateTransformsInfoProfile</code> DOM element.
+   * 
+   * @param profileElem The <code>CreateTransformsInfoProfile</code> element
+   * to parse.
+   * @return The <code>CreateTransformsInfoProfile</code> API object containing
+   * the data from the <code>profileElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the DOM element. 
+   */
+  public CreateTransformsInfoProfile parseCreateTransformsInfoProfile(Element profileElem)
+    throws MOAApplicationException {
+    CreateTransformsInfo createTransformsInfo =
+      parseCreateTransformsInfo(profileElem);
+    List supplements = parseSupplements(profileElem);
+
+    return factory.createCreateTransformsInfoProfile(
+      createTransformsInfo,
+      supplements);
+  }
+
+  /**
+   * Parse the <code>CreateTransformsInfo</code> DOM element contained in a 
+   * <code>CreateTransformsInfoProfile</code>.
+   * 
+   * @param profileElem The <code>CreateTransformsInfoProfile</code> DOM
+   * element containing the <code>CreateTransformsInfo</code>.
+   * @return The <code>CreateTransformsInfo</code> API object containinig the
+   * data from the <code>CreateTransformsInfo</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>CreateTransformsInfo</code> DOM element.
+   */
+  private CreateTransformsInfo parseCreateTransformsInfo(Element profileElem)
+    throws MOAApplicationException {
+
+    Element transformsElem =
+      (Element) XPathUtils.selectSingleNode(
+        profileElem,
+        CREATE_TRANSFORMS_XPATH);
+    Element metaInfoElem =
+      (Element) XPathUtils.selectSingleNode(
+        profileElem,
+        FINAL_DATA_META_INFO_XPATH);
+    MetaInfo finalDataMetaInfo;
+    List transforms;
+
+    // parse the dsig:Transforms    
+    if (transformsElem != null) {
+      TransformParser transformsParser = new TransformParser();
+      transforms = transformsParser.parseTransforms(transformsElem);
+    } else {
+      transforms = null;
+    }
+
+    // parse the meta info
+    finalDataMetaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
+
+    return factory.createCreateTransformsInfo(transforms, finalDataMetaInfo);
+  }
+
+  /**
+   * Parse a <code>CreateSignatureEnvironmentProfile</code> DOM element.
+   * 
+   * @param profileElem The <code>CreateSignatureEnvironmentProfile</code>
+   * DOM element to parse.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> API object
+   * containing the data from the <code>profileElem</code>.
+   */
+  public CreateSignatureEnvironmentProfile parseCreateSignatureEnvironmentProfile(Element profileElem) {
+    CreateSignatureLocation createSignatureLocation =
+      parseCreateSignatureLocation(profileElem);
+    List supplements = parseSupplements(profileElem);
+
+    return factory.createCreateSignatureEnvironmentProfile(
+      createSignatureLocation,
+      supplements);
+  }
+
+  /**
+   * Parse a <code>CreateSignatureLocation</code> DOM element contained in 
+   * a <code>CreateSignatureEnvironmentProfile</code>.
+   * 
+   * @param profileElem The <code>CreateSignatureEnvironmentProfile</code> DOM
+   * element containing the <code>CreateSignatureLocation</code>.
+   * @return The <code>CreateSignatureLocation</code> API object containing
+   * the data from the <code>CreateSignatureLocation</code> DOM element.
+   */
+  private CreateSignatureLocation parseCreateSignatureLocation(Element profileElem) {
+    Element locationElem =
+      (Element) XPathUtils.selectSingleNode(
+        profileElem,
+        CREATE_SIGNATURE_LOCATION_XPATH);
+    String xPathExpression = DOMUtils.getText(locationElem);
+    Map namespaceDeclarations = DOMUtils.getNamespaceDeclarations(locationElem);
+    String indexStr = locationElem.getAttribute("Index");
+    int index = Integer.parseInt(indexStr);
+
+    return factory.createCreateSignatureLocation(
+      xPathExpression,
+      index,
+      namespaceDeclarations);
+  }
+
+  /**
+   * Parse all <code>Supplement</code> DOM elements contained in a given
+   * parent DOM element.
+   * 
+   * @param supplementsParentElem The DOM element being the parent of the
+   * <code>Supplement</code>s.
+   * @return A <code>List</code> of <code>Supplement</code> API objects 
+   * containing the data from the <code>Supplement</code> DOM elements.
+   */
+  private List parseSupplements(Element supplementsParentElem) {
+    List supplements = new ArrayList();
+    NodeIterator supplementElems =
+      XPathUtils.selectNodeIterator(supplementsParentElem, SUPPLEMENT_XPATH);
+    Element supplementElem;
+
+    while ((supplementElem = (Element) supplementElems.nextNode()) != null) {
+      XMLDataObjectAssociation supplement =
+        RequestParserUtils.parseXMLDataObjectAssociation(supplementElem);
+      supplements.add(supplement);
+    }
+    return supplements;
+  }
+
+  /**
+   * Parse a <code>SupplementProfile</code> DOM element.
+   * 
+   * @param profileElem The <code>SupplementProfile</code> DOM element to parse.
+   * @return The <code>SupplementProfile</code> API object containing the
+   * data from the <code>SupplementProfile</code> DOM element.
+   */
+  public SupplementProfile parseSupplementProfile(Element profileElem) {
+    XMLDataObjectAssociation supplementProfile =
+      RequestParserUtils.parseXMLDataObjectAssociation(profileElem);
+
+    return factory.createSupplementProfile(supplementProfile);
+  }
+
+  /**
+   * Parse a <code>VerifyTransformsInfoProfile</code> DOM element. 
+   * 
+   * @param profileElem The <code>VerifyTransformsInfoProfile</code> DOM 
+   * element to parse.
+   * @return A <code>VerifyTransformsInfoProfile</code> API object containing
+   * the information from the <code>VerifyTransformsInfoProfile</code> DOM 
+   * element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>VerifyTransformsInfoProfile</code>.
+   */
+  public VerifyTransformsInfoProfile parseVerifyTransformsInfoProfile(Element profileElem)
+    throws MOAApplicationException {
+    Element transformsElem =
+      (Element) XPathUtils.selectSingleNode(
+        profileElem,
+        VERIFY_TRANSFORMS_XPATH);
+    List transforms = null;
+    NodeIterator paramElems =
+      XPathUtils.selectNodeIterator(profileElem, TRANSFORM_PARAMETER_XPATH);
+    Element paramElem;
+    List transformParameters = new ArrayList();
+
+    // parse the dsig:Transforms
+    if (transformsElem != null) {
+      TransformParser transformsParser = new TransformParser();
+      transforms = transformsParser.parseTransforms(transformsElem);
+    }
+
+    // parse the TransformParameter elements
+    while ((paramElem = (Element) paramElems.nextNode()) != null) {
+      transformParameters.add(parseTransformParameter(paramElem));
+    }
+
+    return factory.createVerifyTransformsInfoProfile(
+      transforms,
+      transformParameters);
+  }
+
+  /**
+   * Parse a <code>TransformParameter</code> DOM element.
+   * 
+   * @param paramElem The <code>TransformParameter</code> DOM element to
+   * parse.
+   * @return The <code>TransformParameter</code> API object containing the
+   * information from the <code>TransformParameter</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>TransformParameter</code> DOM element.
+   */
+  private TransformParameter parseTransformParameter(Element paramElem) 
+    throws MOAApplicationException {
+    String uri = paramElem.getAttribute("URI");
+    Element contentElem =
+      (Element) XPathUtils.selectSingleNode(
+        paramElem,
+        TRANSFORM_PARAMETER_CONTENT_XPATH);
+
+    if (contentElem == null) {
+      return factory.createTransformParameter(uri);
+    } else if ("Base64Content".equals(contentElem.getLocalName())) {
+      String base64Str = DOMUtils.getText(contentElem);
+      InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true);
+
+      return factory.createTransformParameter(uri, binaryContent);
+    } else { // "Hash".equals(contentElem.getLocalName())
+      String digestMethodStr =
+        XPathUtils.getElementValue(contentElem, DIGEST_METHOD_XPATH, "");
+      String digestValueStr =
+        XPathUtils.getElementValue(contentElem, DIGEST_VALUE_XPATH, "");
+      byte[] digestValue = null;
+
+      try {
+        digestValue = Base64Utils.decode(digestValueStr, true);
+      } catch (IOException e) {
+        throw new MOAApplicationException("2270", null); 
+      }
+      return factory.createTransformParameter(
+        uri,
+        digestMethodStr,
+        digestValue);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
new file mode 100644
index 0000000..743a17c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.text.ParseException;
+import java.util.Date;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+
+/**
+ * Utility methods for parsing XML requests definied in the MOA XML schema.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RequestParserUtils {
+  //
+  // XPath expressions for parsing parts of a request
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String REFERENCE_ATTR_NAME = "Reference";
+  private static final String MIME_TYPE_XPATH = MOA + "MimeType";
+  private static final String DESCRIPTION_XPATH = MOA + "Description";
+  private static final String TYPE_XPATH = MOA + "Type";
+  private static final String XML_ASSOC_CONTENT_XPATH = MOA + "Content";
+  private static final String CONTENT_XPATH =
+    MOA + "Base64Content | " + MOA + "XMLContent |" + MOA + "LocRefContent";
+  private static final String ANY_OTHER_XPATH =
+    "*[namespace-uri() != \"" + Constants.MOA_NS_URI + "\"]";
+
+  /**
+   * Parse a <code>XMLDataObjectAssociationType</code> kind of DOM element.
+   * 
+   * @param assocElem The <code>XMLDataObjectAssociationType</code> kind of
+   * DOM elmeent to parse. 
+   * @return The <code>XMLDataObjectAssociation</code> API object containing
+   * the data from the <code>XMLDataObjectAssociationType</code> DOM element.
+   */
+  public static XMLDataObjectAssociation parseXMLDataObjectAssociation(Element assocElem) {
+    SPSSFactory factory = SPSSFactory.getInstance();
+    MetaInfo metaInfo = parseMetaInfo(assocElem);
+    Element contentElem =
+      (Element) XPathUtils.selectSingleNode(assocElem, XML_ASSOC_CONTENT_XPATH);
+    Content content = parseContent(contentElem);
+
+    return factory.createXMLDataObjectAssociation(metaInfo, content);
+  }
+
+  /**
+   * Parse a <code>MetaInfoType</code> kind of DOM element.
+   * 
+   * @param metaInfoElem The <code>MetaInfoType</code> kind of DOM element.
+   * @return The <code>MetaInfo</code> API object containing the data from
+   * the <code>metaInfoElem</code>.
+   */
+  public static MetaInfo parseMetaInfo(Element metaInfoElem) {
+    SPSSFactory factory = SPSSFactory.getInstance();
+    String mimeType =
+      XPathUtils.getElementValue(metaInfoElem, MIME_TYPE_XPATH, null);
+    String description =
+      XPathUtils.getElementValue(metaInfoElem, DESCRIPTION_XPATH, null);
+    NodeList anyOther =
+      XPathUtils.selectNodeList(metaInfoElem, ANY_OTHER_XPATH);
+    String type =
+      XPathUtils.getElementValue(metaInfoElem, TYPE_XPATH, null);
+
+    return factory.createMetaInfo(mimeType, description, anyOther, type);
+  }
+
+  /**
+   * Parse a <code>ContentOptionalRefType</code> or 
+   * <code>ContentRequiredRefType</code> kind of DOM element.
+   * @param contentParentElem The DOM element being the parent of the 
+   * content element.
+   * @return The <code>Content</code> API object containing the data from
+   * the given DOM element.
+   */
+  public static Content parseContent(Element contentParentElem) {
+    SPSSFactory factory = SPSSFactory.getInstance();
+    String referenceURI =
+      contentParentElem.hasAttribute(REFERENCE_ATTR_NAME)
+        ? contentParentElem.getAttribute(REFERENCE_ATTR_NAME)
+        : null;
+    Element contentElem =
+      (Element) XPathUtils.selectSingleNode(contentParentElem, CONTENT_XPATH);
+
+    if (contentElem == null) {
+      return factory.createContent(referenceURI);
+    }
+
+    if ("Base64Content".equals(contentElem.getLocalName())) {
+      String base64String = DOMUtils.getText(contentElem);
+      return factory.createContent(
+        Base64Utils.decodeToStream(base64String, true),
+        referenceURI);
+    } else if ("LocRefContent".equals(contentElem.getLocalName())) {
+      String locationReferenceURI = DOMUtils.getText(contentElem);
+      return factory.createContent(
+        locationReferenceURI,
+        referenceURI);
+    } else { // "XMLContent".equals(contentElem.getLocalName())
+      return factory.createContent(
+        contentElem.getChildNodes(),
+        referenceURI);
+    }
+  }
+
+  /**
+   * Get the signing time from a Verfiy(CMS|XML)SignatureRequest.
+   * 
+   * @param requestElem A <code>Verify(CMS|XML)SignatureRequest</code> DOM 
+   * element.
+   * @param dateTimeXPath The XPath to lookup the <code>DateTime</code> element
+   * within the request.
+   * @return Date The date and time corresponding to the <code>DateTime</code>
+   * element in the request. If no <code>DateTime</code> element exists in the
+   * request, <code>null</code> is returned.
+   * @throws MOAApplicationException An error occurred during a parsing the
+   * <code>DateTime</code> element or creating the return value.
+   */
+  public static Date parseDateTime(Element requestElem, String dateTimeXPath)
+    throws MOAApplicationException {
+
+    Element dateTimeElem;
+    String dateTimeText;
+
+    // select the DateTime element
+    dateTimeElem =
+      (Element) XPathUtils.selectSingleNode(requestElem, dateTimeXPath);
+
+    // parse a date from the element value
+    if (dateTimeElem != null) {
+      dateTimeText = DOMUtils.getText(dateTimeElem);
+      try {
+        return DateTimeUtils.parseDateTime(dateTimeText);
+      } catch (ParseException e) {
+        throw new MOAApplicationException(
+          "1104",
+          new Object[] { dateTimeText });
+      }
+    } else {
+      return null;
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
new file mode 100644
index 0000000..b5ec20f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -0,0 +1,289 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+
+/**
+ * Utility methods used by the verious <code>ResponseBuilder</code> classes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ResponseBuilderUtils {
+  //
+  // shortcuts to various XML namespace constants
+  //
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  private static final String DSIG_NS_URI = Constants.DSIG_NS_URI;
+  private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+
+  /**
+   * Create a response element with all the namespaces set.
+   * 
+   * @param responseName The name of the response root element.
+   * @return A DOM document containing the response root element and predefined
+   * MOA, DSIG and XML namespace declarations.
+   * @throws MOASystemException An error building the response document.
+   */
+  public static Document createResponse(String responseName)
+    throws MOASystemException {
+
+    try {
+      DocumentBuilder docBuilder =
+        DocumentBuilderFactory.newInstance().newDocumentBuilder();
+      DOMImplementation impl = docBuilder.getDOMImplementation();
+      Document response;
+      Element root;
+      String attrValue;
+
+      response = impl.createDocument(MOA_NS_URI, responseName, null);
+      root = response.getDocumentElement();
+
+      // add namespace prefix declarations
+      root.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+      attrValue = "xmlns:" + Constants.DSIG_PREFIX;
+      root.setAttributeNS(XMLNS_NS_URI, attrValue, DSIG_NS_URI);
+
+      return response;
+    } catch (ParserConfigurationException e) {
+      throw new MOASystemException("2200", null, e);
+    }
+  }
+
+  /**
+   * Add a <code>SignerInfo</code> element to the response.
+   * 
+   * @param response The response document, in order to create new elements in
+   * it.
+   * @param root The root element into which the <code>SignerInfo</code> element
+   * will be inserted.
+   * @param cert The signer certificate to add.
+   * @param isQualified Indicates, whether <code>cert</code> is a qualified
+   * certificate.
+   * @param isPublicAuthority Indicates, whether <code>cert</code> is
+   * certificate owned by a public authority.
+   * @param publicAuthorityID Information about the public authority owning
+   * <code>cert</code>. Must not be <code>null</code>, if
+   * <code>isPublicAuthority ! = null</code>.
+   * @throws MOAApplicationException An error occurred reading data from the
+   * certificate.
+   */
+  public static void addSignerInfo(
+    Document response,
+    Element root,
+    X509Certificate cert,
+    boolean isQualified,
+    String qcSource,
+    boolean isPublicAuthority,
+    String publicAuthorityID,
+    boolean isSSCD,
+    String sscdSource,
+    String issuerCountryCode)
+    throws MOAApplicationException {
+
+    Element signerInfoElem = response.createElementNS(MOA_NS_URI, "SignerInfo");
+    Element x509DataElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509Data");
+    Element x509IssuerSerialElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509IssuerSerial");
+    Element x509IssuerElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509IssuerName");
+    String issuer = cert.getIssuerDN().getName();
+    Element x509SerialNumberElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509SerialNumber");
+    String serialNumber = cert.getSerialNumber().toString();
+    Element x509SubjectNameElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509SubjectName");
+    Element x509CertificateElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509Certificate");
+    Element qualifiedCertificateElem =
+      isQualified
+        ? response.createElementNS(MOA_NS_URI, "QualifiedCertificate")
+        : null;
+    Element sscdElem =
+            isSSCD
+              ? response.createElementNS(MOA_NS_URI, "SecureSignatureCreationDevice")
+              : null;
+    Element issuerCountryCodeElem = null;
+    if (issuerCountryCode != null) {
+    	issuerCountryCodeElem = response.createElementNS(MOA_NS_URI, "IssuerCountryCode");
+    	issuerCountryCodeElem.setTextContent(issuerCountryCode);    	
+    }
+              
+    Element publicAuthorityElem =
+      isPublicAuthority
+        ? response.createElementNS(MOA_NS_URI, "PublicAuthority")
+        : null;
+    Element codeElem =
+      publicAuthorityID != null
+        ? response.createElementNS(MOA_NS_URI, "Code")
+        : null;
+
+    // fill in text
+    x509IssuerElem.appendChild(response.createTextNode(issuer));
+    x509SerialNumberElem.appendChild(response.createTextNode(serialNumber));
+    try {
+      RFC2253NameParser parser = 
+        new RFC2253NameParser(cert.getSubjectDN().getName());
+      String subjectRfc2253 = parser.parse().getRFC2253String();
+      x509SubjectNameElem.appendChild(response.createTextNode(subjectRfc2253));
+    } catch (RFC2253NameParserException e) {
+      x509SubjectNameElem.appendChild(
+        response.createTextNode(cert.getSubjectDN().getName()));
+    }
+    try {
+      x509CertificateElem.appendChild(
+        response.createTextNode(Base64Utils.encode(cert.getEncoded())));
+    } catch (CertificateEncodingException e) {
+      throw new MOAApplicationException("2245", null, e);
+    } catch (IOException e) {
+      throw new MOAApplicationException("2245", null, e);
+    }
+
+    // build structure
+    x509DataElem.appendChild(x509SubjectNameElem);
+    x509IssuerSerialElem.appendChild(x509IssuerElem);
+    x509IssuerSerialElem.appendChild(x509SerialNumberElem);
+    x509DataElem.appendChild(x509IssuerSerialElem);
+    x509DataElem.appendChild(x509CertificateElem);
+    if (isQualified) {
+    	if (qcSource.compareToIgnoreCase("TSL") == 0)
+    		qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource);
+    	
+    	x509DataElem.appendChild(qualifiedCertificateElem);
+    }
+    if (isPublicAuthority) {
+      x509DataElem.appendChild(publicAuthorityElem);
+      if (publicAuthorityID != null) {
+        codeElem.appendChild(response.createTextNode(publicAuthorityID));
+        publicAuthorityElem.appendChild(codeElem);
+      }
+    }
+    if (isSSCD) {
+   		sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource);
+        x509DataElem.appendChild(sscdElem);
+      }
+    if (issuerCountryCodeElem != null)
+    	x509DataElem.appendChild(issuerCountryCodeElem);
+    
+    signerInfoElem.appendChild(x509DataElem);
+    root.appendChild(signerInfoElem);
+  }
+
+  /**
+   * Add an element containing <code>Code</code> and <code>Info</code>
+   * subelements.
+   * 
+   * @param response The response document, in order to create new elements in
+   * it.
+   * @param root The root element into which to insert the newly created
+   * element.
+   * @param elementName The name of the newly created element.
+   * @param code The content of the <code>Code</code> subelement.
+   * @param info The content of the <code>Info</code> subelement.
+   */
+  public static void addCodeInfoElement(
+    Document response,
+    Element root,
+    String elementName,
+    int code,
+    NodeList info) {
+
+    Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName);
+    Element codeElem = response.createElementNS(MOA_NS_URI, "Code");
+    Element infoElem;
+    int i;
+
+    codeElem.appendChild(response.createTextNode(Integer.toString(code)));
+    codeInfoElem.appendChild(codeElem);
+    if (info != null) {
+      infoElem = response.createElementNS(MOA_NS_URI, "Info");
+
+      for (i = 0; i < info.getLength(); i++) {
+        infoElem.appendChild(info.item(i).cloneNode(true));
+      }
+      codeInfoElem.appendChild(infoElem);
+    }
+    root.appendChild(codeInfoElem);
+  }
+  
+  /**
+   * Add an element containing <code>Code</code> and <code>Info</code>
+   * subelements.
+   * 
+   * @param response The response document, in order to create new elements in
+   * it.
+   * @param root The root element into which to insert the newly created
+   * element.
+   * @param elementName The name of the newly created element.
+   * @param code The content of the <code>Code</code> subelement.
+   * @param info The content of the <code>Info</code> subelement.
+   */
+  public static void addCodeInfoElement(
+    Document response,
+    Element root,
+    String elementName,
+    int code,
+    String info) {
+
+    Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName);
+    Element codeElem = response.createElementNS(MOA_NS_URI, "Code");
+    Element infoElem;
+    int i;
+
+    codeElem.appendChild(response.createTextNode(Integer.toString(code)));
+    codeInfoElem.appendChild(codeElem);
+    
+    if (info != null) {
+      infoElem = response.createElementNS(MOA_NS_URI, "Info");
+      infoElem.appendChild(response.createTextNode(info));
+      codeInfoElem.appendChild(infoElem);
+    }
+    root.appendChild(codeInfoElem);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java
new file mode 100644
index 0000000..687b0ae
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java
@@ -0,0 +1,270 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.Base64Transform;
+import at.gv.egovernment.moa.spss.api.common.CanonicalizationTransform;
+import at.gv.egovernment.moa.spss.api.common.EnvelopedSignatureTransform;
+import at.gv.egovernment.moa.spss.api.common.ExclusiveCanonicalizationTransform;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform;
+import at.gv.egovernment.moa.spss.api.common.XPathTransform;
+import at.gv.egovernment.moa.spss.api.common.XSLTTransform;
+
+/**
+ * A parser to parse XMLDsig <code>Transform</code> DOM elements into their
+ * MOA SPSS API representation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TransformParser {
+  //
+  // XPath expressions for selecting information from the DOM tree
+  //
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  private static final String DSIG_FILTER2 =
+    Constants.DSIG_FILTER2_PREFIX + ":";
+  private static final String XSLT = Constants.XSLT_PREFIX + ":";
+  private static final String EC = Constants.DSIG_EC_PREFIX + ":";
+  private static final String TRANSFORM_XPATH = DSIG + "Transform";
+  private static final String XPATH_XPATH = DSIG + "XPath";
+  private static final String XSLT_ELEMENT_XPATH = XSLT + "stylesheet";
+  private static final String XPATH2_XPATH =
+    (DSIG_FILTER2 + "XPath[@Filter=\"intersect\"] | ")
+      + (DSIG_FILTER2 + "XPath[@Filter=\"subtract\"] | ")
+      + (DSIG_FILTER2 + "XPath[@Filter=\"union\"]");
+  private static final String INCLUSIVE_NAMESPACES_XPATH =
+    EC + "InclusiveNamespaces";
+
+  /**
+   * The <code>SPSSFactory</code> to use for creating new API objects.
+   */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+  /**
+   * Parse an XMLDsig <code>Transforms</code> DOM element.
+   * 
+   * @param transformsElem The <code>Transforms</code> DOM element to parse.
+   * @return A <code>List</code> of <code>Transform</code> API objects 
+   * containing the data from the individual <code>Transform</code> DOM
+   * elements.
+   * @throws MOAApplicationException An error occurred parsing the  
+   * <code>Transforms</code> DOM element.
+   */
+  public List parseTransforms(Element transformsElem)
+    throws MOAApplicationException {
+    List transforms = new ArrayList();
+    NodeIterator transformElems =
+      XPathUtils.selectNodeIterator(transformsElem, TRANSFORM_XPATH);
+    Element transformElem;
+    Transform transform;
+
+    while ((transformElem = (Element) transformElems.nextNode()) != null) {
+      transform = parseTransform(transformElem);
+      transforms.add(transform);
+    }
+
+    return transforms;
+  }
+
+  /**
+   * Parse an XMLDsig <code>Transform</code> DOM element.
+   * 
+   * @param transformElem <code>Transform</code> DOM element to parse.
+   * @return The <code>Transform</code> API object containing the data
+   * from the <code>Transform</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>Transform</code> DOM element.
+   */
+  public Transform parseTransform(Element transformElem)
+    throws MOAApplicationException {
+
+    String algorithmUri = transformElem.getAttribute("Algorithm");
+
+    if (CanonicalizationTransform.CANONICAL_XML.equals(algorithmUri)
+      || CanonicalizationTransform.CANONICAL_XML_WITH_COMMENTS.equals(
+        algorithmUri)) {
+      return factory.createCanonicalizationTransform(algorithmUri);
+    } else if (
+      ExclusiveCanonicalizationTransform.EXCLUSIVE_CANONICAL_XML.equals(
+        algorithmUri)
+        || ExclusiveCanonicalizationTransform
+          .EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS
+          .equals(
+          algorithmUri)) {
+      return parseExclusiveC14nTransform(algorithmUri, transformElem);
+    } else if (Base64Transform.BASE64_DECODING.equals(algorithmUri)) {
+      return factory.createBase64Transform();
+    } else if (
+      EnvelopedSignatureTransform.ENVELOPED_SIGNATURE.equals(algorithmUri)) {
+      return factory.createEnvelopedSignatureTransform();
+    } else if (XPathTransform.XPATH.equals(algorithmUri)) {
+      return parseXPathTransform(transformElem);
+    } else if (XPathFilter2Transform.XPATH_FILTER2.equals(algorithmUri)) {
+      return parseXPathFilter2Transform(transformElem);
+    } else if (XSLTTransform.XSLT.equals(algorithmUri)) {
+      return parseXSLTTransform(transformElem);
+    } else {
+      throw new MOAApplicationException("1108", new Object[] { algorithmUri });
+    }
+  }
+
+  /**
+   * Parse an exclusive canonicalization type of transform.
+   * 
+   * @param algorithmUri The algorithm URI of the canonicalization algorithm.
+   * @param transformElem The <code>Transform</code> DOM element to parse.
+   * @return An <code>ExclusiveCanonicalizationTransform</code> API object
+   * containing the data from the <code>transformElem</code>.
+   */
+  private Transform parseExclusiveC14nTransform(
+    String algorithmUri,
+    Element transformElem)
+    {
+
+    Element inclusiveNamespacesElem =
+      (Element) XPathUtils.selectSingleNode(
+        transformElem,
+        INCLUSIVE_NAMESPACES_XPATH);
+
+    List inclusiveNamespaces = new ArrayList();
+    if (inclusiveNamespacesElem != null)
+    {
+      StringTokenizer tokenizer = new StringTokenizer(inclusiveNamespacesElem.getAttribute("PrefixList"));
+      while (tokenizer.hasMoreTokens()) 
+      {
+        inclusiveNamespaces.add(tokenizer.nextToken());
+      }
+    }
+    return factory.createExclusiveCanonicalizationTransform(
+      algorithmUri,
+      inclusiveNamespaces);
+  }
+
+  /**
+   * Parse an <code>XPath</code> type of <code>Transform</code>.
+   * 
+   * @param transformElem The <code>Transform</code> DOM element to parse.
+   * @return The <code>Transform</code> API object representation of the
+   * <code>Transform</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>Transform</code> DOM element.
+   */
+  private Transform parseXPathTransform(Element transformElem)
+    throws MOAApplicationException {
+    Element xPathElem =
+      (Element) XPathUtils.selectSingleNode(transformElem, XPATH_XPATH);
+    Map nsDecls;
+
+    if (xPathElem == null) {
+      throw new MOAApplicationException("2202", null);
+    }
+
+    nsDecls = DOMUtils.getNamespaceDeclarations(xPathElem);
+    nsDecls.remove("");
+
+    return factory.createXPathTransform(DOMUtils.getText(xPathElem), nsDecls);
+  }
+
+  /**
+   * Parse an <code>XPathFilter2</code> type of <code>Transform</code>.
+   * 
+   * @param transformElem The <code>Transform</code> DOM element to parse.
+   * @return The <code>Transform</code> API object representation of the
+   * <code>Transform</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>Transform</code> DOM element.
+   */
+  private Transform parseXPathFilter2Transform(Element transformElem)
+    throws MOAApplicationException {
+    List filters = new ArrayList();
+    NodeIterator iter =
+      XPathUtils.selectNodeIterator(transformElem, XPATH2_XPATH);
+    Element filterElem;
+
+    while ((filterElem = (Element) iter.nextNode()) != null) {
+      String filterAttr = filterElem.getAttribute("Filter");
+      String filterType;
+      String expression;
+      Map nsDecls;
+
+      if (filterAttr.equals("intersect")) {
+        filterType = XPathFilter.INTERSECT_TYPE;
+      } else if (filterAttr.equals("subtract")) {
+        filterType = XPathFilter.SUBTRACT_TYPE;
+      } else {
+        filterType = XPathFilter.UNION_TYPE;
+      }
+
+      expression = DOMUtils.getText(filterElem);
+      nsDecls = DOMUtils.getNamespaceDeclarations(filterElem);
+      nsDecls.remove("");
+      filters.add(factory.createXPathFilter(filterType, expression, nsDecls));
+    }
+    if (filters.size() == 0) {
+      throw new MOAApplicationException("2216", null);
+    }
+
+    return factory.createXPathFilter2Transform(filters);
+  }
+
+  /**
+   * Parse an <code>XSLT</code> type of <code>Transform</code>.
+   * 
+   * @param transformElem The <code>Transform</code> DOM element to parse.
+   * @return The <code>Transform</code> API object representation of the
+   * <code>Transform</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>Transform</code> DOM element.
+   */
+  private Transform parseXSLTTransform(Element transformElem)
+    throws MOAApplicationException {
+    Element xsltElem =
+      (Element) XPathUtils.selectSingleNode(transformElem, XSLT_ELEMENT_XPATH);
+
+    if (xsltElem == null) {
+      throw new MOAApplicationException("2215", null);
+    }
+
+    return factory.createXSLTTransform(xsltElem);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
new file mode 100644
index 0000000..6b3f430
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.StringTokenizer;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.CollectionUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * A parser to parse <code>VerifyCMSSignatureRequest</code> DOM trees into
+ * <code>VerifyCMSSignatureRequest</code> API objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyCMSSignatureRequestParser {
+
+  //
+  // XPath expressions for selecting parts of the DOM message
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String DATE_TIME_XPATH = MOA + "DateTime";
+  private static final String CMS_SIGNATURE_XPATH = MOA + "CMSSignature";
+  private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID";
+  private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
+  private static final String META_INFO_XPATH = MOA + "MetaInfo";
+  private static final String CONTENT_XPATH = MOA + "Content";
+  private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content";
+  private static final String EXCLUDEBYTERANGE_FROM_XPATH = MOA + "ExcludedByteRange/" + MOA + "From";
+  private static final String EXCLUDEBYTERANGE_TO_XPATH = MOA + "ExcludedByteRange/" + MOA + "To";
+
+
+  /** The <code>SPSSFactory</code> for creating new API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+  /**
+   * Parse a <code>VerifyCMSSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>VerifyCMSSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>VerifyCMSSignatureRequest</code> API objects containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public VerifyCMSSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    int[] signatories = parseSignatories(requestElem);
+    Date dateTime =
+      RequestParserUtils.parseDateTime(requestElem, DATE_TIME_XPATH);
+    String cmsSignatureStr =
+      XPathUtils.getElementValue(requestElem, CMS_SIGNATURE_XPATH, "");
+    CMSDataObject dataObject = parseDataObject(requestElem);
+    String trustProfileID =
+      XPathUtils.getElementValue(requestElem, TRUST_PROFILE_ID_XPATH, null);
+    InputStream cmsSignature =
+      Base64Utils.decodeToStream(cmsSignatureStr, true);
+
+    return factory.createVerifyCMSSignatureRequest(
+      signatories,
+      dateTime,
+      cmsSignature,
+      dataObject,
+      trustProfileID);
+  }
+
+  /**
+   * Parse the <code>Signatories</code> attribute contained in the 
+   * <code>VerifyCMSSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyCMSSignatureRequest</code> DOM element.
+   * @return The signatories contained in the given 
+   * <code>VerifyCMSSignatureRequest</code> DOM element. 
+   */
+  private int[] parseSignatories(Element requestElem) {
+    String signatoriesStr = requestElem.getAttribute("Signatories");
+
+    if ("all".equals(signatoriesStr)) {
+      return VerifyCMSSignatureRequest.ALL_SIGNATORIES;
+    } else {
+      StringTokenizer tokenizer = new StringTokenizer(signatoriesStr);
+      List signatoriesList = new ArrayList();
+      int[] signatories;
+
+      // put the signatories into a List
+      while (tokenizer.hasMoreTokens()) {
+        try {
+          signatoriesList.add(new Integer(tokenizer.nextToken()));
+        } catch (NumberFormatException e) {
+          // this cannot occur if the request has been validated
+        }
+      }
+
+      // convert the List into an int array
+      signatories = CollectionUtils.toIntArray(signatoriesList);
+
+      return signatories;
+    }
+  }
+
+  /**
+   * Parse a the <code>DataObject</code> DOM element contained in a given 
+   * <code>VerifyCMSSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyCMSSignatureRequest</code> DOM element
+   * to parse.
+   * @return The <code>CMSDataObject</code> API object containing the data
+   * from the <code>DataObject</code> DOM element.
+   */
+  private CMSDataObject parseDataObject(Element requestElem) {
+    Element dataObjectElem =
+      (Element) XPathUtils.selectSingleNode(requestElem, DATA_OBJECT_XPATH);
+
+    if (dataObjectElem != null) {
+      Element metaInfoElem =
+        (Element) XPathUtils.selectSingleNode(dataObjectElem, META_INFO_XPATH);
+      MetaInfo metaInfo = null;
+      Element contentElem =
+        (Element) XPathUtils.selectSingleNode(dataObjectElem, CONTENT_XPATH);
+      CMSContent content = parseContent(contentElem);
+
+      if (metaInfoElem != null) {
+        metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
+      }
+
+      String excludeByteRangeFromStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_FROM_XPATH, null);
+      String excludeByteRangeToStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_TO_XPATH, null);
+      
+      BigDecimal excludeByteRangeFrom = null;
+      BigDecimal excludeByteRangeTo = null;
+      
+      if (excludeByteRangeFromStr != null)
+    	  excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr);
+      if (excludeByteRangeToStr != null)
+    	  excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr);
+
+      return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo);
+      
+      
+    } else {
+      return null;
+    }
+
+  }
+
+  /**
+   * Parse the content contained in a <code>CMSContentBaseType</code> kind of
+   * DOM element.
+   * 
+   * @param contentElem The <code>CMSContentBaseType</code> kind of element to
+   * parse.
+   * @return A <code>CMSDataObject</code> API object containing the data
+   * from the given DOM element.
+   */
+  private CMSContent parseContent(Element contentElem) {
+    Element base64ContentElem =
+      (Element) XPathUtils.selectSingleNode(contentElem, BASE64_CONTENT_XPATH);
+
+    if (base64ContentElem != null) {
+      String base64Str = DOMUtils.getText(base64ContentElem);
+      InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true);
+      return factory.createCMSContent(binaryContent);
+    } else {
+      return factory.createCMSContent(
+        contentElem.getAttribute("Reference"));
+    }
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
new file mode 100644
index 0000000..b11560b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.Iterator;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Convert a <code>VerifyCMSSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyCMSSignatureResponseBuilder {
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>VerifyCMSSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>VerifyCMSSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public VerifyCMSSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("VerifyCMSSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>VerifyCMSSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>VerifyCMSSignatureResponse</code> API object.
+   * 
+   * @param response The <code>VerifyCMSSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>VerifyCMSSignatureResponse</code>
+   * DOM element.
+   * @throws MOAApplicationException An error occurred building the response.
+   */
+  public Document build(VerifyCMSSignatureResponse response)
+    throws MOAApplicationException {
+
+    Iterator iter;
+
+    for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
+      VerifyCMSSignatureResponseElement responseElement =
+        (VerifyCMSSignatureResponseElement) iter.next();
+      addResponseElement(responseElement);
+    }
+
+    return responseDoc;
+  }
+
+  /**
+   * Add an element to the response.
+   * 
+   * @param responseElement The element to add to the response.
+   * @throws MOAApplicationException An error occurred adding the element.
+   */
+  private void addResponseElement(VerifyCMSSignatureResponseElement responseElement)
+    throws MOAApplicationException {
+
+    SignerInfo signerInfo = responseElement.getSignerInfo();
+    CheckResult signatureCheck = responseElement.getSignatureCheck();
+    CheckResult certCheck = responseElement.getCertificateCheck();
+    
+    ResponseBuilderUtils.addSignerInfo(
+      responseDoc,
+      responseElem,
+      signerInfo.getSignerCertificate(),
+      signerInfo.isQualifiedCertificate(),
+      signerInfo.getQCSource(),
+      signerInfo.isPublicAuthority(),
+      signerInfo.getPublicAuhtorityID(),
+      signerInfo.isSSCD(),
+      signerInfo.getSSCDSource(),
+      signerInfo.getIssuerCountryCode());
+
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      "SignatureCheck",
+      signatureCheck.getCode(),
+      signatureCheck.getInfo());
+
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      "CertificateCheck",
+      certCheck.getCode(),
+      certCheck.getInfo());
+    
+    
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java
new file mode 100644
index 0000000..7bd0b9e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java
@@ -0,0 +1,299 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+
+/**
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestParser {
+
+  //
+  // XPath expressions for parsing parts of the request
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String DATE_TIME_XPATH = MOA + "DateTime";
+  private static final String RETURN_HASH_INPUT_DATA_XPATH =
+    MOA + "ReturnHashInputData";
+  private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID";
+  private static final String VERIFY_SIGNATURE_ENVIRONMENT_XPATH =
+    MOA + "VerifySignatureInfo/" + MOA + "VerifySignatureEnvironment";
+  private static final String VERIFY_SIGNATURE_LOCATION_XPATH =
+    MOA + "VerifySignatureInfo/" + MOA + "VerifySignatureLocation";
+  private static final String SUPPLEMENT_PROFILE_XPATH =
+    MOA + "SupplementProfile | " + MOA + "SupplementProfileID";
+  private static final String SIGNATURE_MANIFEST_CHECK_PARAMS_XPATH =
+    MOA + "SignatureManifestCheckParams";
+  private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH =
+    (MOA + "VerifyTransformsInfoProfile | ")
+      + (MOA + "VerifyTransformsInfoProfileID");
+  private static final String REFERENCE_INFO_XPATH = MOA + "ReferenceInfo";
+
+  /** The <code>SPSSFactory</code> for creating new API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+
+  /**
+   * Parse a <code>VerifyXMLSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>VerifyXMLSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>VerifyXMLSignatureRequest</code> API object containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public VerifyXMLSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    Date dateTime =
+      RequestParserUtils.parseDateTime(requestElem, DATE_TIME_XPATH);
+    VerifySignatureInfo verifySignatureInfo =
+      parseVerifySignatureInfo(requestElem);
+    List supplementProfiles = parseSupplementProfiles(requestElem);
+    SignatureManifestCheckParams signatureManifestCheckParams =
+      parseSignatureManifestCheckParams(requestElem);
+    boolean returnHashInputData =
+      XPathUtils.selectSingleNode(requestElem, RETURN_HASH_INPUT_DATA_XPATH)
+        != null;
+    String trustProfileID =
+      XPathUtils.getElementValue(requestElem, TRUST_PROFILE_ID_XPATH, null);
+
+    return factory.createVerifyXMLSignatureRequest(
+      dateTime,
+      verifySignatureInfo,
+      supplementProfiles,
+      signatureManifestCheckParams,
+      returnHashInputData,
+      trustProfileID);
+  }
+
+  /**
+   * Parse the <code>VerifySignatureInfo</code> DOM element contained in
+   * the <code>VerifyXMLSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyXMLSignatureRequest</code> DOM element
+   * containing the <code>VerifySignatureInfo</code> DOM element.
+   * @return The <code>VerifySignatureInfo</code> API object containing the
+   * data from the DOM element.
+   */
+  private VerifySignatureInfo parseVerifySignatureInfo(Element requestElem) {
+    Element verifySignatureEnvironmentElem =
+      (Element) XPathUtils.selectSingleNode(
+        requestElem,
+        VERIFY_SIGNATURE_ENVIRONMENT_XPATH);
+    Content verifySignatureEnvironment =
+      RequestParserUtils.parseContent(verifySignatureEnvironmentElem);
+    VerifySignatureLocation verifySignatureLocation =
+      parseVerifySignatureLocation(requestElem);
+
+    return factory.createVerifySignatureInfo(
+      verifySignatureEnvironment,
+      verifySignatureLocation);
+  }
+
+  /**
+   * Parse the <code>VerifySignatureLocation</code> DOM element contained
+   * in the given <code>VerifyXMLSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyXMLSignatureRequst</code> DOM element.
+   * @return The <code>VerifySignatureLocation</code> API object containing the
+   * data from the DOM element.
+   */
+  private VerifySignatureLocation parseVerifySignatureLocation(Element requestElem) {
+    Element locationElem =
+      (Element) XPathUtils.selectSingleNode(
+        requestElem,
+        VERIFY_SIGNATURE_LOCATION_XPATH);
+    String xPathExpression = DOMUtils.getText(locationElem);
+    Map namespaceDeclarations = DOMUtils.getNamespaceDeclarations(locationElem);
+
+    return factory.createVerifySignatureLocation(
+      xPathExpression,
+      namespaceDeclarations);
+  }
+
+  /**
+   * Parse the supplement profiles contained in the given 
+   * <code>VerifyXMLSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyXMLSignatureRequest</code> DOM element.
+   * @return A <code>List</code> of <code>SupplementProfile</code> API objects
+   * containing the data from the <code>SupplementProfile</code> DOM elements.
+   */
+  private List parseSupplementProfiles(Element requestElem) {
+    List supplementProfiles = new ArrayList();
+    NodeIterator profileElems =
+      XPathUtils.selectNodeIterator(requestElem, SUPPLEMENT_PROFILE_XPATH);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileElems.nextNode()) != null) {
+      SupplementProfile profile;
+
+      if ("SupplementProfile".equals(profileElem.getLocalName())) {
+        ProfileParser profileParser = new ProfileParser();
+        profile = profileParser.parseSupplementProfile(profileElem);
+      } else {
+        String profileID = DOMUtils.getText(profileElem);
+        profile = factory.createSupplementProfile(profileID);
+      }
+      supplementProfiles.add(profile);
+    }
+    return supplementProfiles;
+  }
+
+  /**
+   * Parse the <code>SignatureManifestCheckParams</code> DOM element contained
+   * in the given <code>VerifyXMLSignatureRequest</code> DOM element.
+   * @param requestElem The <code>VerifyXMLSignatureRequest</code> DOM element.
+   * @return The <code>SignatureManifestCheckParams</code> API object containing
+   * the data from the <code>SignatureManifestCheckParams</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>SignatureManifestCheckParams</code> DOM element.
+   */
+  private SignatureManifestCheckParams parseSignatureManifestCheckParams(Element requestElem)
+    throws MOAApplicationException {
+    Element paramsElem =
+      (Element) XPathUtils.selectSingleNode(
+        requestElem,
+        SIGNATURE_MANIFEST_CHECK_PARAMS_XPATH);
+
+    if (paramsElem != null) {
+      String returnReferenceInputDataStr =
+        paramsElem.getAttribute("ReturnReferenceInputData");
+      boolean returnReferencInputData =
+        BoolUtils.valueOf(returnReferenceInputDataStr);
+      List referenceInfos = parseReferenceInfos(paramsElem);
+
+      return factory.createSignatureManifestCheckParams(
+        referenceInfos,
+        returnReferencInputData);
+    } else {
+      return null;
+    }
+  }
+
+  /**
+   * Parse the <code>ReferenceInfo</code> DOM elements contained in a
+   * <code>SignatureManifestCheckParams</code> DOM element.
+   * 
+   * @param paramsElem The <code>SignatureManifestCheckParams</code> DOM element
+   * containing the <code>ReferenceInfo</code> DOM elements.
+   * @return A <code>List</code> of <code>RefernceInfo</code> API objects
+   * containing the data from the <code>ReferenceInfo</code> DOM elements.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>ReferenceInfo</code> DOM elements.
+   */
+  private List parseReferenceInfos(Element paramsElem)
+    throws MOAApplicationException {
+
+    List referenceInfos = new ArrayList();
+    NodeIterator refInfoElems =
+      XPathUtils.selectNodeIterator(paramsElem, REFERENCE_INFO_XPATH);
+    Element refInfoElem;
+
+    while ((refInfoElem = (Element) refInfoElems.nextNode()) != null) {
+      ReferenceInfo referenceInfo = parseReferenceInfo(refInfoElem);
+
+      referenceInfos.add(referenceInfo);
+    }
+
+    return referenceInfos;
+  }
+
+  /**
+   * Parse a <code>ReferenceInfo</code> DOM element.
+   *  
+   * @param refInfoElem The <code>ReferenceInfo</code> DOM element to parse.
+   * @return The <code>ReferenceInfo</code> API object containing the data
+   * from the given <code>ReferenceInfo</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>ReferenceInfo</code> DOM element.
+   */
+  private ReferenceInfo parseReferenceInfo(Element refInfoElem)
+    throws MOAApplicationException {
+    List profiles = parseVerifyTransformsInfoProfiles(refInfoElem);
+    return factory.createReferenceInfo(profiles);
+  }
+
+  /**
+   * Parse the <code>VerifyTransformsInfoProfile</code> DOM elements contained
+   * in a <code>ReferenceInfo</code> DOM element.
+   * 
+   * @param refInfoElem <code>ReferenceInfo</code> DOM element containing
+   * the <code>VerifyTransformsInfoProfile</code> DOM elements.
+   * @return A <code>List</code> of <code>VerifyTransformsInfoProfile</code>
+   * API objects containing the profile data.
+   * @throws MOAApplicationException An error occurred building the
+   * <code>VerifyTransformsInfoProfile</code>s.
+   */
+  private List parseVerifyTransformsInfoProfiles(Element refInfoElem)
+    throws MOAApplicationException {
+
+    List profiles = new ArrayList();
+    NodeIterator profileElems =
+      XPathUtils.selectNodeIterator(
+        refInfoElem,
+        VERIFY_TRANSFORMS_INFO_PROFILE_XPATH);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileElems.nextNode()) != null) {
+      if ("VerifyTransformsInfoProfile".equals(profileElem.getLocalName())) {
+        ProfileParser profileParser = new ProfileParser();
+        profiles.add(
+          profileParser.parseVerifyTransformsInfoProfile(profileElem));
+      } else {
+        String profileID = DOMUtils.getText(profileElem);
+        profiles.add(factory.createVerifyTransformsInfoProfile(profileID));
+      }
+    }
+    return profiles;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
new file mode 100644
index 0000000..dd4e13a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -0,0 +1,340 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * Convert a <code>VerifyXMLSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyXMLSignatureResponseBuilder {
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>VerifyXMLSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>VerifyXMLSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public VerifyXMLSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("VerifyXMLSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>VerifyXMLSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>VerifyXMLSignatureResponse</code> API object.
+   * 
+   * @param response The <code>VerifyXMLSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>VerifyXMLSignatureResponse</code>
+   * DOM element.
+   * @throws MOAApplicationException An error occurred building the response.
+   */
+  public Document build(VerifyXMLSignatureResponse response)
+    throws MOAApplicationException {
+
+    Iterator iter;
+    List responseData;
+
+    // add the SignerInfo
+    ResponseBuilderUtils.addSignerInfo(
+      responseDoc,
+      responseElem,
+      response.getSignerInfo().getSignerCertificate(),
+      response.getSignerInfo().isQualifiedCertificate(),
+      response.getSignerInfo().getQCSource(),
+      response.getSignerInfo().isPublicAuthority(),
+      response.getSignerInfo().getPublicAuhtorityID(),
+      response.getSignerInfo().isSSCD(),
+      response.getSignerInfo().getSSCDSource(),
+      response.getSignerInfo().getIssuerCountryCode());
+
+    // add HashInputData elements
+    responseData = response.getHashInputDatas();
+    if (responseData != null && !responseData.isEmpty()) {
+      for (iter = responseData.iterator(); iter.hasNext();) {
+        InputData inputData = (InputData) iter.next();
+        addContent("HashInputData", inputData);
+      }
+    }
+
+    // add ReferenceInputData elements
+    responseData = response.getReferenceInputDatas();
+    if (responseData != null && !responseData.isEmpty()) {
+      for (iter = responseData.iterator(); iter.hasNext();) {
+        InputData inputData = (InputData) iter.next();
+        addContent("ReferenceInputData", inputData);
+      }
+    }
+
+    // add the SignatureCheck
+    addReferencesCheckResult("SignatureCheck", response.getSignatureCheck());
+
+    // add the SignatureManifestCheck
+    if (response.getSignatureManifestCheck() != null) {
+      addReferencesCheckResult(
+        "SignatureManifestCheck",
+        response.getSignatureManifestCheck());
+    }
+
+    // add the XMLDsigManifestChecks
+    responseData = response.getXMLDsigManifestChecks();
+    if (responseData != null && !responseData.isEmpty()) {
+      for (iter = responseData.iterator(); iter.hasNext();) {
+        ManifestRefsCheckResult checkResult =
+          (ManifestRefsCheckResult) iter.next();
+        addManifestRefsCheckResult("XMLDSIGManifestCheck", checkResult);
+      }
+    }
+
+    // add the CertificateCheck
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      "CertificateCheck",
+      response.getCertificateCheck().getCode(),
+      response.getCertificateCheck().getInfo());
+    
+    
+
+    return responseDoc;
+  }
+
+  /**
+   * Add an element of type <code>ContentBaseType</code> to the response.
+   * 
+   * @param elementName The name of the element.
+   * 
+   * @param inputData The <code>InputData</code> to add. Based on the type of
+   * 
+   * the <code>InputData</code>, either a <code>Base64Content</code> element
+   * or a <code>XMLContent</code> subelement will be added. An <code>
+   * InputDataBinaryImpl</code> will be added as a <code>Base64Content</code>
+   * child element. An<code>InputDataXMLImpl</code> will be added as <code>
+   * XMLContent</code> child element.
+   * 
+   * @throws MOAApplicationException An error occurred adding the content.
+   */
+  private void addContent(String elementName, InputData inputData)
+    throws MOAApplicationException {
+
+    Element contentElem = responseDoc.createElementNS(MOA_NS_URI, elementName);
+
+    contentElem.setAttributeNS(null, "PartOf", inputData.getPartOf());
+    if (inputData.getReferringReferenceNumber() != InputData.REFERER_NONE_)
+      contentElem.setAttributeNS(
+        null, 
+        "ReferringSigReference", 
+        Integer.toString(inputData.getReferringReferenceNumber()));
+    
+    switch (inputData.getContentType()) {
+      case Content.XML_CONTENT :
+        ContentXML contentXml = (ContentXML) inputData;
+        NodeList nodes = contentXml.getXMLContent();
+        Element xmlElem;
+        int i;
+
+        xmlElem = responseDoc.createElementNS(MOA_NS_URI, "XMLContent");
+        //xmlElem.setAttributeNS(XML_NS_URI, "xml:space", "preserve");
+        xmlElem.setAttribute("xml:space", "preserve");
+
+        for (i = 0; i < nodes.getLength(); i++) {
+          xmlElem.appendChild(responseDoc.importNode(nodes.item(i), true));
+        }
+        contentElem.appendChild(xmlElem);
+        responseElem.appendChild(contentElem);
+        break;
+      case Content.BINARY_CONTENT :
+        Element binaryElem =
+          responseDoc.createElementNS(MOA_NS_URI, "Base64Content");
+        ContentBinary contentBinary = (ContentBinary) inputData;
+        String base64Str;
+
+        try {
+          base64Str = Base64Utils.encode(contentBinary.getBinaryContent());
+        } catch (IOException e) {
+          throw new MOAApplicationException("2200", null, e);
+        }
+        binaryElem.appendChild(responseDoc.createTextNode(base64Str));
+        contentElem.appendChild(binaryElem);
+        responseElem.appendChild(contentElem);
+        break;
+    }
+  }
+
+  /**
+   * Add a <code>ReferencesCheckResult</code> to the response.
+   * 
+   * @param elementName The DOM element name to use.
+   * @param checkResult The <code>ReferencesCheckResult</code> to add.
+   */
+  private void addReferencesCheckResult(
+    String elementName,
+    ReferencesCheckResult checkResult) {
+
+    NodeList info = null;
+
+    if (checkResult.getInfo() != null) {
+      DocumentFragment fragment = responseDoc.createDocumentFragment();
+      NodeList anyOtherInfo = checkResult.getInfo().getAnyOtherInfo();
+      int[] failedReferences = checkResult.getInfo().getFailedReferences();
+
+      if (anyOtherInfo != null) {
+        addAnyOtherInfo(fragment, checkResult.getInfo().getAnyOtherInfo());
+      }
+
+      if (failedReferences != null) {
+        addFailedReferences(fragment, failedReferences);
+      }
+
+      info = fragment.getChildNodes();
+    }
+
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      elementName,
+      checkResult.getCode(),
+      info);
+  }
+
+  
+  /**
+   * Add a <code>ManifestRefsCheckResult</code> to the response.
+   * 
+   * @param elementName The DOM element name to use.
+   * @param checkResult The <code>ManifestRefsCheckResult</code> to add.
+   */
+  private void addManifestRefsCheckResult(
+    String elementName,
+    ManifestRefsCheckResult checkResult) {
+
+    DocumentFragment fragment = responseDoc.createDocumentFragment();
+    NodeList anyOtherInfo = checkResult.getInfo().getAnyOtherInfo();
+    int[] failedReferences = checkResult.getInfo().getFailedReferences();
+    Element referringSigRefElem;
+    String referringSigRefStr;
+
+    // add any other elements
+    if (anyOtherInfo != null) {
+      addAnyOtherInfo(fragment, checkResult.getInfo().getAnyOtherInfo());
+    }
+
+    // add the failed references
+    if (failedReferences != null) {
+      addFailedReferences(fragment, failedReferences);
+    }
+
+    // add the ReferringSigReference
+    referringSigRefElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ReferringSigReference");
+    referringSigRefStr =
+      Integer.toString(checkResult.getInfo().getReferringSignatureReference());
+    referringSigRefElem.appendChild(
+      responseDoc.createTextNode(referringSigRefStr));
+    fragment.appendChild(referringSigRefElem);
+
+    // add XMLDSIGManifestCheckResult to the response
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      elementName,
+      checkResult.getCode(),
+      fragment.getChildNodes());
+  }
+
+  /**
+   * Add arbitrary XML content to a DOM <code>DocumentFragment</code>.
+   * 
+   * @param fragment The fragment to add the XML content to.
+   * @param anyOtherInfo The XML content to add.
+   */
+  private void addAnyOtherInfo(
+    DocumentFragment fragment,
+    NodeList anyOtherInfo) {
+
+    int i;
+
+    for (i = 0; i < anyOtherInfo.getLength(); i++) {
+      fragment.appendChild(responseDoc.importNode(anyOtherInfo.item(i), true));
+    }
+  }
+
+  /**
+   * Add the failed references as <code>FailedReference</code> DOM elements to
+   * the fragment.
+   * 
+   * @param fragment The DOM document fragment to add the
+   * <code>FailedReference</code> elements to.
+   * @param failedReferences The indexes of the failed references.
+   */
+  private void addFailedReferences(
+    DocumentFragment fragment,
+    int[] failedReferences) {
+    Element failedReferenceElem;
+    int i;
+
+    for (i = 0; i < failedReferences.length; i++) {
+      failedReferenceElem =
+        responseDoc.createElementNS(MOA_NS_URI, "FailedReference");
+      failedReferenceElem.appendChild(
+        responseDoc.createTextNode(Integer.toString(failedReferences[i])));
+      fragment.appendChild(failedReferenceElem);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfile.java
new file mode 100644
index 0000000..4b40b9c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfile.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * Base class for signature environment profile data used in XML signature 
+ * creation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CreateSignatureEnvironmentProfile {
+  /**
+   * Indicates that the profile data is given explicitly.
+   */
+  public static int EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE = 0;
+  /**
+   * Indicates that the profile data is stored in the configuration and resolved 
+   * using an ID.
+   */
+  public static int ID_CREATESIGNATUREENVIRONMENTPROFILE = 1;
+  
+  /**
+   * Gets the type of this object.
+   * 
+   * @return The type of <code>CreateSignatureEnvironmentProfile</code> denoted
+   * by this object. Either 
+   * <code>EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE</code> or
+   * <code>ID_CREATESIGNATUREENVIRONMENTPROFILE</code>.
+   */
+  public int getCreateSignatureEnvironmentProfileType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileExplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileExplicit.java
new file mode 100644
index 0000000..0bce94c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileExplicit.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+/**
+ * A <code>CreateSignatureEnvironmentProfile</code> containing the profile
+ * data explicitly.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CreateSignatureEnvironmentProfileExplicit
+  extends CreateSignatureEnvironmentProfile {
+  
+  /**
+   * Gets the location and index of where to insert the signature into the
+   * signature environment.
+   * 
+   * @return The location and index of the signature in the signature 
+   * environment.
+   */
+  public CreateSignatureLocation getCreateSignatureLocation();
+  /**
+   * Gets the supplemental information.
+   * 
+   * @return The supplemental information.
+   */
+  public List getSupplements();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileID.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileID.java
new file mode 100644
index 0000000..73e4f52
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileID.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * A <code>CreateSignatureEnvironmentProfile</code> containing a profile ID
+ * pointing to locally stored profile data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CreateSignatureEnvironmentProfileID
+  extends CreateSignatureEnvironmentProfile {
+
+  /**
+   * Gets the profile ID.
+   * 
+   * @return The profile ID.
+   */
+  public String getCreateSignatureEnvironmentProfileID();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureInfo.java
new file mode 100644
index 0000000..9363408
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureInfo.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+
+/**
+ * Encapsulates a signature object used during signature creation.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateSignatureInfo {
+  /**
+   * Gets the XML structure where the signature will be inserted.
+   *
+   * @return The XML structure where the signature will be inserted.
+   */
+  public Content getCreateSignatureEnvironment();
+  /**
+   * Gets the supplemental data for the signature environment.
+   *
+   * @return The supplemental data for the signature envoronment.
+   */
+  public CreateSignatureEnvironmentProfile getCreateSignatureEnvironmentProfile();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureLocation.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureLocation.java
new file mode 100644
index 0000000..9a0b798
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureLocation.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import at.gv.egovernment.moa.spss.api.common.ElementSelector;
+
+/**
+ * Specifies where to insert the newly created signature.
+ * 
+ * An XPath expression is used to select the signature parent element. An
+ * additional index specifies the node index after which to insert the 
+ * signature into the parent element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CreateSignatureLocation extends ElementSelector {
+  /**
+   * Gets the node index, after which the signature will be inserted into the
+   * parent elemen.
+   * 
+   * @return The index of the node after which the signature will be inserted.
+   */
+  public int getIndex();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfo.java
new file mode 100644
index 0000000..fbb0000
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfo.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * Encapsulates information used for the transformation of the data object.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateTransformsInfo {
+  /**
+   * Gets the XMLDSig transforms.
+   * 
+   * @return A <code>List</code> of <code>Transform</code> objects.
+   */
+  public List getTransforms();
+  /**
+   * Gets meta information about the data resulting from the transformation.
+   * 
+   * @return Meta information about the resulting data.
+   */
+  public MetaInfo getFinalDataMetaInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfile.java
new file mode 100644
index 0000000..5babdae
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfile.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * Base class for transformation informations used in signature creation.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateTransformsInfoProfile {
+  /**
+   * Indicates transformation information given explicitly.
+   */
+  public static final int EXPLICIT_CREATETRANSFORMSINFOPROFILE = 0;
+  /**
+   * Indicates transformation information given as an ID.
+   */
+  public static final int ID_CREATETRANSFORMSINFOPROFILE = 1;
+  
+  /**
+   * Gets the type of profile information this object contains.
+   * 
+   * @return The type of transformation information, either
+   * <code>EXPLICIT_CREATETRANSFORMSINFOPROFILE</code> or 
+   * <code>ID_CREATETRANSFORMSINFOPROFILE</code>.
+   */
+  public int getCreateTransformsInfoProfileType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileExplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileExplicit.java
new file mode 100644
index 0000000..9aae8cb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileExplicit.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+/**
+ * Encapsulates explicit transformation informations.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateTransformsInfoProfileExplicit
+  extends CreateTransformsInfoProfile {
+  /**
+   * Gets the transformation information of the data object.
+   * 
+   * @return Transformation information of the data object.
+   */
+  public CreateTransformsInfo getCreateTransformsInfo();
+  /**
+   * Gets the supplemental information.
+   * 
+   * @return The supplemental information.
+   */
+  public List getSupplements();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileID.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileID.java
new file mode 100644
index 0000000..69c3629
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileID.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * Encapsulates transformation information given via an identifier.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateTransformsInfoProfileID
+  extends CreateTransformsInfoProfile {
+  /**
+   * Gets the ID of the transformation.
+   * 
+   * @return The transformation profile ID.
+   */
+  public String getCreateTransformsInfoProfileID();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureRequest.java
new file mode 100644
index 0000000..351b16e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureRequest.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+
+/**
+ * Object that encapsulates a request to create an XML Signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateXMLSignatureRequest {
+  /**
+   * Gets the identifier for the keys to be used for the signature.
+   * 
+   * @return The identifier for the keys to be used.
+   */
+  public String getKeyIdentifier();
+  /**
+   * Gets the information of the singleSignatureInfo elements. 
+   * 
+   * @return The information of singleSignatureInfo elements.
+   */
+  public List getSingleSignatureInfos();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponse.java
new file mode 100644
index 0000000..c1b1c30
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponse.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+/**
+ * Object that encapsulates the response on to a 
+ * <code>CreateXMLSignatureRequest</code> to create an XML signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateXMLSignatureResponse {
+  /**
+   * Gets the response elements.
+   * 
+   * @return The response elements.
+   */
+  public List getResponseElements();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponseElement.java
new file mode 100644
index 0000000..b9bd334
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponseElement.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * Base class for <code>SignatureEnvironmentResponse</code> and 
+ * <code>ErrorResponse</code> elements in a 
+ * <code>CreateXMLSignatureResponse</code>.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateXMLSignatureResponseElement {
+  /**
+   * Indicates that this object contains a <code>SignatureEnvironment</code>.
+   */
+  public static final int SIGNATURE_ENVIRONMENT_RESPONSE = 0;
+  /**
+   * Indicates that this objet contains an <code>ErrorResponse</code>.
+   */
+  public static final int ERROR_RESPONSE = 1;
+  
+  /**
+   * Gets the type of response object.
+   * 
+   * @return The type of response object, either 
+   * <code>SIGNATURE_ENVIRONMENT_RESPONSE</code> or <code>ERROR_RESPONSE</code>.
+   */
+  public int getResponseType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/DataObjectInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/DataObjectInfo.java
new file mode 100644
index 0000000..620e3b3
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/DataObjectInfo.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+
+/**
+ * Encapsulates information required to create a single signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface DataObjectInfo {
+  /**
+   * Indicates that a detached signature will be created.
+   */
+  public static final String STRUCTURE_DETACHED = "detached"; 
+  /**
+   * Indicates that an enveloping signature will be created.
+   */
+  public static final String STRUCTURE_ENVELOPING = "enveloping";
+
+  /**
+   * Gets the structure of the signature.
+   * 
+   * @return The structure of the signature.
+   */
+  public String getStructure();
+  /**
+   * Checks whether a refercence will be placed in the signature itself or
+   * in the manifest.
+   * 
+   * @return <code>true</code> if a reference will be placed in the manifest,
+   * <code>false</code> if it will be placed in the signature.
+   */
+  public boolean isChildOfManifest();
+  /**
+   * Gets information related to a single data object.
+   * 
+   * @return Information related to a single data object.
+   */
+  public Content getDataObject();
+  /**
+   * Gets information for the transformation of the data object.
+   * 
+   * @return The transformation information.
+   */
+  public CreateTransformsInfoProfile getCreateTransformsInfoProfile();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/ErrorResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/ErrorResponse.java
new file mode 100644
index 0000000..6dfa843
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/ErrorResponse.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+
+/**
+ * Object containing detailed error information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ErrorResponse extends CreateXMLSignatureResponseElement {
+  /**
+   * Gets the error code.
+   * 
+   * @return The error code.
+   */
+  public int getErrorCode();
+  /**
+   * Gets verbose error information.
+   * 
+   * @return Verbose error information.
+   */
+  public String getInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SignatureEnvironmentResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SignatureEnvironmentResponse.java
new file mode 100644
index 0000000..47c4ce7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SignatureEnvironmentResponse.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import org.w3c.dom.Element;
+
+/**
+ * Contains the signature if the signature creation was successful.
+ *  
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SignatureEnvironmentResponse
+  extends CreateXMLSignatureResponseElement {
+  /** 
+   * Gets the XML structure which contains the signature.
+   * 
+   * @return A general XML structure containing the signature.
+   */
+  public Element getSignatureEnvironment();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SingleSignatureInfo.java
new file mode 100644
index 0000000..3355739
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SingleSignatureInfo.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+/**
+ * Encapsulates data to create a single signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SingleSignatureInfo {
+  /**
+   * Gets the dataObjectInfo information.
+   * 
+   * @return The dataObjectInfo information.
+   */
+  public List getDataObjectInfos();
+  /**
+   * Gets the signature object.
+   * 
+   * @return The signature object used during signature creation.
+   */
+  public CreateSignatureInfo getCreateSignatureInfo();
+  /**
+   * Check whether a Security Layer conform signature manifest will be created.
+   * 
+   * @return <code>true</code>, if a Security Layer conform signature manifest 
+   * will be created, <code>false</code> otherwise.
+   */
+  public boolean isSecurityLayerConform();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResult.java
new file mode 100644
index 0000000..8ff4617
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResult.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+
+/**
+ * Contains the results of manifest checks according to XMLDsig.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ManifestRefsCheckResult {
+  /**
+   * Gets the check code.
+   * 
+   * @return A numerical representation of the result of the manifest check.
+   */
+  public int getCode();
+  /**
+   * Gets the reference to the manifest.
+   * 
+   * @return The reference to the manifest.
+   */
+  public ManifestRefsCheckResultInfo getInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResultInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResultInfo.java
new file mode 100644
index 0000000..4b0a4fb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResultInfo.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+
+/**
+ * Encapsulates information referring to the manifest of the check.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ManifestRefsCheckResultInfo extends ReferencesCheckResultInfo {
+  /**
+   * Gets the position of the signature reference containing the
+   * reference to the manifest being described by this object.
+   * 
+   * @return The position of the signature reference.
+   */
+  public int getReferringSignatureReference();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferenceInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferenceInfo.java
new file mode 100644
index 0000000..95a2b92
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferenceInfo.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.List;
+
+/**
+ * Contains transformation parameters which are locally available.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ReferenceInfo {
+  /**
+   * Gets the transformation info.
+   * 
+   * @return The transformation info.
+   */
+  public List getVerifyTransformsInfoProfiles();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResult.java
new file mode 100644
index 0000000..dd1f482
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResult.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Contains information about the verification status of references contained
+ * in the signature. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ReferencesCheckResult {
+  /**
+   * Gets the check code.
+   * 
+   * @return A numerical representation of the result of the reference check.
+   */
+  public int getCode();
+  /**
+   * Gets the additional information about the result.
+   * 
+   * @return Additional information about the result.
+   */
+  public ReferencesCheckResultInfo getInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResultInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResultInfo.java
new file mode 100644
index 0000000..fc87c98
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResultInfo.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Additional information contained in a <code>ReferencesCheckResult</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ReferencesCheckResultInfo {
+  /**
+   * Gets the additional info of the failed <code>dsig:reference</code> element.
+   * 
+   * @return The info elements.
+   */
+  public NodeList getAnyOtherInfo();
+  /**
+   * Gets the positions of the failed signature references containing the
+   * references to the manifests being described by this object.
+   * 
+   * @return The positions of the failed signature references. 
+   */
+  public int[] getFailedReferences();  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SignatureManifestCheckParams.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SignatureManifestCheckParams.java
new file mode 100644
index 0000000..524d4b8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SignatureManifestCheckParams.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.List;
+
+/**
+ * Contains parameters used to check the signature manifest.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SignatureManifestCheckParams {
+  /**
+   * Gets the referential information.
+   * 
+   * @return The referential information.
+   */
+  public List getReferenceInfos();
+  /**
+   * Gets information on whether signature source data should be returned.
+   * 
+   * @return <code>true</code>, if signature source data should be returned,
+   * otherwise <code>false</code>.
+   */
+  public boolean getReturnReferenceInputData();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfile.java
new file mode 100644
index 0000000..934e7c6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfile.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Base class for supplementary information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SupplementProfile {
+  /**
+   * Indicates that this object contains explicit supplementary information.
+   */
+  public static final int EXPLICIT_SUPPLEMENTPROFILE = 0;
+  /**
+   * Indicates that this object contains a profile id where supplementary
+   * information can be found.
+   */
+  public static final int ID_SUPPLEMENTPROFILE = 1;
+
+  /**
+   * Gets the type of supplementary information contained in this object.
+   * 
+   * @return The type of supplementary information contained in this object,
+   * either <code>EXPLICIT_SUPPLEMENT</code> or <code>ID_SUPPLEMENT</code>.
+   */
+  public int getSupplementProfileType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileExplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileExplicit.java
new file mode 100644
index 0000000..d01abec
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileExplicit.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+
+/**
+ * Encapsulates explicit supplementary information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SupplementProfileExplicit extends SupplementProfile {
+  /**
+   * Gets the supplemental object.
+   * 
+   * @return The supplemental object.
+   */
+  public XMLDataObjectAssociation getSupplementProfile();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileID.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileID.java
new file mode 100644
index 0000000..beeb2f0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileID.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Encapsulates supplementary information stored in a profile.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SupplementProfileID extends SupplementProfile {
+  /**
+   * Gets the id of the profile where the supplementary information can be
+   * found.
+   * 
+   * @return The profile id.
+   */
+  public String getSupplementProfileID();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameter.java
new file mode 100644
index 0000000..7ecd1b8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameter.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Object encapsulating transform parameters either as a URI, binary or
+ * hashed.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface TransformParameter {
+  /**
+   * Indicates that this object contains a transform parameter given as
+   * a URI.
+   */
+  public static final int URI_TRANSFORMPARAMETER = 0;
+  /**
+   * Indicates that this object contains binary transform parameter.
+   */
+  public static final int BINARY_TRANSFORMPARAMETER = 1;
+  /**
+   * Indicatest that this object contains a binary hash of the transform
+   * parameter.
+   */
+  public static final int HASH_TRANSFORMPARAMETER = 2;
+  
+  /**
+   * Gets the type of transform parameter contained in this object.
+   * 
+   * @return The type of transform parameter, being one of 
+   * <code>URI_TRANSFORMPARAMETER</code>, <code>BINARY_TRANSFORMPARAMETER</code>
+   * or <code>HASH_TRANSFORMPARAMETER</code>.
+   */
+  public int getTransformParameterType();
+  /**
+   * Gets the transform parameter URI.
+   * 
+   * @return The transform parameter URI.
+   */
+  public String getURI();}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterBinary.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterBinary.java
new file mode 100644
index 0000000..388c5d0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterBinary.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.io.InputStream;
+
+/**
+ * Encapsulates a binary transform parameter.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface TransformParameterBinary extends TransformParameter {
+  /**
+   * Gets the binary transform parameter.
+   * 
+   * @return An <code>InputStream</code> from which the binary content can
+   * be read.
+   */
+  public InputStream getBinaryContent();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterHash.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterHash.java
new file mode 100644
index 0000000..2ff6f39
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterHash.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+
+/**
+ * Contains a hash of the transform parameter.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface TransformParameterHash extends TransformParameter {
+  /**
+   * Gets the method used for calculating the digest value.
+   * 
+   * @return The digest method.
+   */
+  public String getDigestMethod();
+  /**
+   * Gets the binary hash of the transform parameter.
+   * 
+   * @return A binary representation of the hash.
+   */
+  public byte[] getDigestValue();
+  
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterURI.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterURI.java
new file mode 100644
index 0000000..bc73e95
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterURI.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Encapsulates a transform parameter given as a URI.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface TransformParameterURI extends TransformParameter {
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureInfo.java
new file mode 100644
index 0000000..5d6e0eb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureInfo.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+
+/**
+ * Encapsulates a signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifySignatureInfo {
+  /**
+   * Gets the content of the <code>VerifySignatureEnvironment</code> element.
+   * 
+   * @return A <code>MOAElement</code> containing the 
+   * <code>VerifySignatureEnvironment</code> in a DOM-like structure.
+   */
+  public Content getVerifySignatureEnvironment();
+  /**
+   * Gets the location of the signature.
+   * 
+   * @return The location of the signature within the signature environment.
+   */ 
+  public VerifySignatureLocation getVerifySignatureLocation();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureLocation.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureLocation.java
new file mode 100644
index 0000000..56a2567
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureLocation.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import at.gv.egovernment.moa.spss.api.common.ElementSelector;
+
+/**
+ * Specifies where to find the signature to be verified.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface VerifySignatureLocation extends ElementSelector {
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfile.java
new file mode 100644
index 0000000..a55d55e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfile.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Object for explicitly specifying a transformation path.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyTransformsInfoProfile {
+  /**
+   * Indicates that this object contains the transformation path explicitly.
+   */
+  public static final int EXPLICIT_VERIFYTRANSFORMSINFOPROFILE = 0;
+  /**
+   * Indicatest that this object contains a transformation info id.
+   */
+  public static final int ID_VERIFYTRANSFORMSINFOPROFILE = 1;
+  
+  /**
+   * Gets the type of transformation information contained in this object.
+   * 
+   * @return The type of transformation information, either 
+   * <code>EXPLICIT_VERIFYTRANSFORMSINFOPROFILE</code> or
+   * <code>ID_VERIFYTRANSFORMSINFOPROFILE</code>.
+   */
+  public int getVerifyTransformsInfoProfileType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileExplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileExplicit.java
new file mode 100644
index 0000000..cc29ace
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileExplicit.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.List;
+
+/**
+ * Encapsulates explicit transformation information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyTransformsInfoProfileExplicit extends VerifyTransformsInfoProfile {
+  /**
+   * Gets the XMLDSig transforms element.
+   * 
+   * @return The <code>List</code> of <code>Transform</code>s.
+   */
+  public List getTransforms();
+  /**
+   * Gets the transformation parameters.
+   * 
+   * @return The transformation parameters.
+   */
+  public List getTransformParameters();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileID.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileID.java
new file mode 100644
index 0000000..eeb28da
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileID.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Encapsulates transformation info id for signature verification.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyTransformsInfoProfileID extends VerifyTransformsInfoProfile {
+  /**
+   * Gets the identifier referencing the transformation info.
+   * 
+   * @return The identifier referencing the transformation info.
+   */
+  public String getVerifyTransformsInfoProfileID();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java
new file mode 100644
index 0000000..a6272d5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.Date;
+import java.util.List;
+
+
+/**
+ * Object that encapsulates a request to verify an XML signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyXMLSignatureRequest {
+  /**
+   * Gets the date and time for which the signature verification has to
+   * be performed.
+   * 
+   * @return Date and time for which the signature verification has
+   * to be performed.
+   */
+  public Date getDateTime();
+  /**
+   * Gets the signature to be verified.
+   * 
+   * @return The signature to be verified.
+   */
+  public VerifySignatureInfo getSignatureInfo();
+  /**
+   * Gets the supplemental information.
+   * 
+   * @return The supplemental information.
+   */  
+  public List getSupplementProfiles();
+  /**
+   * Gets parameters for Security Layer signature verification.
+   * 
+   * @return Parameters for Security Layer signature verification.
+   */
+  public SignatureManifestCheckParams getSignatureManifestCheckParams();
+  /**
+   * Checks, whether actually signed data shall be returned.
+   * 
+   * @return <code>true</code>, if signed data will be returned,
+   * otherwise <code>false</code>.
+   */
+  public boolean getReturnHashInputData();
+  /**
+   * Gets the profile id of the set of trusted certificates to be used for
+   * signature verification.
+   * 
+   * @return The id of the trusted certificates.
+   */
+  public String getTrustProfileId();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
new file mode 100644
index 0000000..d107dc9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Object that encapsulates the response on a request to verify an XML
+ * signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyXMLSignatureResponse {
+  /**
+   * Gets a <code>SignerInfo</code> element according to XMLDSig.
+   * 
+   * @return A <code>SignerInfo</code> element according to XMLDSig.
+   */
+  public SignerInfo getSignerInfo();
+  /**
+   * Gets datas signed by the signatory.
+   * 
+   * @return The signed datas.
+   */
+  public List getHashInputDatas();
+  /**
+   * Gets source datas elements.
+   * 
+   * @return The source datas elements.
+   */
+  public List getReferenceInputDatas();
+  /**
+  * Gets the result of the signature verification.
+  * 
+  * @return The result of the signature verification.
+  */
+  public ReferencesCheckResult getSignatureCheck();
+  /**
+   * Gets the result of the signature manifest verification.
+   * 
+   * @return The result of the signature manifest verification.
+   */
+  public ReferencesCheckResult getSignatureManifestCheck();
+  /**
+   * Gets XMLDSigManifestCheck elements.
+   * 
+   * @return The XMLDSigManifestCheck elements.
+   */
+  public List getXMLDsigManifestChecks();
+  /**
+   * Gets the result of the certification verification.
+   * 
+   * @return The result of the certificate verification.
+   */
+  public CheckResult getCertificateCheck();
+  
+  
+  
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
new file mode 100644
index 0000000..bb2589a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.asn1.structures.Name;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.utils.RFC2253NameParserException;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * A class representing a CRL distribution point.
+ * 
+ * @author Sven Aigner
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CRLDistributionPoint extends DistributionPoint implements iaik.pki.revocation.CRLDistributionPoint {
+
+	private static Map RC_MAPPING = new HashMap();
+
+	static {
+
+		// create the mapping between reason code strings and their integer
+		// values
+		RC_MAPPING.put("unused", new Integer(iaik.asn1.structures.DistributionPoint.unused));
+		RC_MAPPING.put("keyCompromise", new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise));
+		RC_MAPPING.put("cACompromise", new Integer(iaik.asn1.structures.DistributionPoint.cACompromise));
+		RC_MAPPING.put("affiliationChanged", new Integer(iaik.asn1.structures.DistributionPoint.affiliationChanged));
+		RC_MAPPING.put("superseded", new Integer(iaik.asn1.structures.DistributionPoint.superseded));
+		RC_MAPPING.put("cessationOfOperation",
+				new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
+		RC_MAPPING.put("certificateHold", new Integer(iaik.asn1.structures.DistributionPoint.certificateHold));
+		RC_MAPPING.put("privilegeWithdrawn", new Integer(iaik.asn1.structures.DistributionPoint.privilegeWithdrawn));
+		RC_MAPPING.put("aACompromise", new Integer(iaik.asn1.structures.DistributionPoint.aACompromise));
+	}
+
+	/**
+	 * The name of the CA issuing the CRL referred to by this DP.
+	 */
+	private String issuerName_;
+
+	/**
+	 * The reason codes applicable for the distribution point.
+	 */
+	private int reasonCodes;
+
+	/**
+	 * Create a <code>CRLDistributionPoint</code>.
+	 * 
+	 * @param issuerName
+	 *            The name of the CA issuing the CRL referred to by this DP.
+	 * 
+	 * @param uri
+	 *            The URI of the distribution point.
+	 * 
+	 * @param reasonCodeStr
+	 *            A list of reason codes (a space-separated enumeration).
+	 */
+	public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) {
+		super(uri);
+		issuerName_ = issuerName;
+		this.reasonCodes = extractReasonCodes(reasonCodeStr);
+	}
+
+	/**
+	 * @see DistributionPoint#getType()
+	 */
+	public String getType() {
+		return RevocationSourceTypes.CRL;
+	}
+
+	/**
+	 * Convert a list of reason codes provided as a <code>String</code> to a
+	 * binary representation.
+	 * 
+	 * @param reasonCodeStr
+	 *            A <code>String</code> containing a blank-separated, textual
+	 *            representation of reason codes.
+	 * @return int A binary representation of reason codes.
+	 * @see iaik.asn1.structures.DistributionPoint
+	 */
+	private int extractReasonCodes(String reasonCodeStr) {
+		int codes = 0;
+		StringTokenizer tokenizer = new StringTokenizer(reasonCodeStr);
+		String token;
+		Integer reasonCode;
+
+		while (tokenizer.hasMoreTokens()) {
+			token = tokenizer.nextToken();
+			reasonCode = (Integer) RC_MAPPING.get(token);
+			if (reasonCode != null) {
+				codes |= reasonCode.intValue();
+			} else {
+				MessageProvider msg = MessageProvider.getInstance();
+				Logger.warn(new LogMsg(msg.getMessage("config.07", new Object[] { token })));
+			}
+		}
+
+		// If reasonCodeStr is empty, set all possible reason codes
+		if (codes == 0)
+			codes = iaik.asn1.structures.DistributionPoint.unused | iaik.asn1.structures.DistributionPoint.keyCompromise
+					| iaik.asn1.structures.DistributionPoint.cACompromise
+					| iaik.asn1.structures.DistributionPoint.affiliationChanged
+					| iaik.asn1.structures.DistributionPoint.superseded
+					| iaik.asn1.structures.DistributionPoint.cessationOfOperation
+					| iaik.asn1.structures.DistributionPoint.certificateHold
+					| iaik.asn1.structures.DistributionPoint.privilegeWithdrawn
+					| iaik.asn1.structures.DistributionPoint.aACompromise;
+
+		return codes;
+	}
+
+	/**
+	 * Return a binary representation of the reason codes of this distribution
+	 * point.
+	 * 
+	 * @return The binary representation of the reason codes.
+	 */
+	public int getReasonCodes() {
+		return reasonCodes;
+	}
+
+	/**
+	 * Return a <code>String</code> representation of this distribution point.
+	 * 
+	 * @return The <code>String</code> representation of this distribution
+	 *         point.
+	 * @see java.lang.Object#toString()
+	 */
+	public String toString() {
+		return "(DistributionPoint - " + ("URI<" + getUri()) + ("> REASONCODES<" + getReasonCodes() + ">)");
+	}
+
+	/**
+	 * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName()
+	 */
+	public String getIssuerName() {
+		return issuerName_;
+	}
+
+	@Override
+	public Name getIssuerDN() {
+		try {
+			return new Name(this.issuerName_);
+		} catch (RFC2253NameParserException e) {
+			throw new RuntimeException(e);
+		}
+	}
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java
new file mode 100644
index 0000000..6546e88
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+
+/**
+ * Exception signalling an error in the configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationException extends MOASystemException {
+
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = -1934466124930228755L;
+
+/**
+   * Create a <code>ConfigurationException</code>.
+   * 
+   * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[])
+   */
+  public ConfigurationException(String messageId, Object[] parameters) {
+    super(messageId, parameters);
+  }
+
+  /**
+   * Create a <code>ConfigurationException</code>.
+   * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[], Throwable)
+   */
+  public ConfigurationException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+
+    super(messageId, parameters, wrapped);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
new file mode 100644
index 0000000..af67d30
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -0,0 +1,1825 @@
+/*
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.asn1.structures.Name;
+//import iaik.ixsil.exceptions.URIException;
+//import iaik.ixsil.util.URI;
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.server.modules.xml.BlackListEntry;
+import iaik.server.modules.xml.ExternalReferenceChecker;
+import iaik.server.modules.xml.WhiteListEntry;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.net.MalformedURLException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.xml.bind.DatatypeConverter;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
+import at.gv.egovernment.moa.spss.api.impl.TSLConfigurationImpl;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A class that builds configuration data from a DOM based representation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationPartsBuilder {
+
+  //
+  // XPath namespace prefix shortcuts
+  //
+
+  private static final String CONF = Constants.MOA_CONFIG_PREFIX + ":";
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+
+  //
+  // chaining mode constants appearing in the configuration file
+  //
+
+  private static final String CM_CHAINING = "chaining";
+  private static final String CM_PKIX = "pkix";
+
+  //
+  // XPath expressions to select certain parts of the configuration
+  //
+
+  private static final String ROOT = "/" + CONF + "MOAConfiguration/";
+  
+  private static final String PDFAS_CONFIGURATION_XPATH =
+		    ROOT + CONF + "PDFASConfig";
+  
+  private static final String DIGEST_METHOD_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "XMLDSig/" 
+    + CONF + "DigestMethodAlgorithm";
+  private static final String XADES_VERSION_XPATH =
+		    ROOT + CONF + "SignatureCreation/" 
+		    + CONF + "XAdES/" 
+		    + CONF + "Version";
+  private static final String C14N_ALGORITHM_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "XMLDSig/" 
+    + CONF + "CanonicalizationAlgorithm";
+  private static final String HARDWARE_CRYPTO_MODULE_XPATH =
+    ROOT + CONF + "Common/"
+    + CONF + "HardwareCryptoModule";
+  private static final String PERMIT_EXTERNAL_URIS_XPATH =
+	    ROOT + CONF + "Common/"
+	    + CONF + "PermitExternalUris";
+  private static final String BLACK_LIST_URIS_XPATH =
+	    ROOT + CONF + "Common/"
+	    + CONF + "PermitExternalUris/"
+	    + CONF + "BlackListUri";
+  private static final String FORBID_EXTERNAL_URIS_XPATH =
+		    ROOT + CONF + "Common/"
+		    + CONF + "ForbidExternalUris";
+  private static final String WHITE_LIST_URIS_XPATH =
+		    ROOT + CONF + "Common/"
+		    + CONF + "ForbidExternalUris/"
+		    + CONF + "WhiteListUri";
+  
+  private static final String HARDWARE_KEY_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "KeyModules/" 
+    + CONF + "HardwareKeyModule";
+  private static final String SOFTWARE_KEY_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "KeyModules/" 
+    + CONF + "SoftwareKeyModule";
+  private static final String KEYGROUP_XPATH = 
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "KeyGroup";
+  private static final String KEYGROUP_MAPPING_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "KeyGroupMapping";
+  private static final String ISSUER_XPATH = 
+    DSIG + "X509IssuerName";
+  private static final String SERIAL_XPATH = 
+    DSIG + "X509SerialNumber";
+  private static final String CERTSTORE_LOCATION_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathConstruction/"
+    + CONF + "CertificateStore/"
+    + CONF + "DirectoryStore/"
+    + CONF + "Location";
+  private static final String AUTO_ADD_CERTIFICATES_XPATH_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathConstruction/"
+    + CONF + "AutoAddCertificates";
+  private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathConstruction/"
+    + CONF + "UseAuthorityInformationAccess";
+  private static final String CHAINING_MODES_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathValidation/"
+    + CONF + "ChainingMode";
+  private static final String CHAINING_MODES_DEFAULT_XPATH =
+    CHAINING_MODES_XPATH + "/"
+    + CONF + "DefaultMode";
+  private static final String TRUST_ANCHOR_XPATH =
+    CHAINING_MODES_XPATH + "/"
+    + CONF + "TrustAnchor";
+  private static final String TRUST_PROFILE_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathValidation/"
+    + CONF + "TrustProfile";
+  private static final String DISTRIBUTION_POINTS_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "DistributionPoint";
+  private static final String CRL_RETENTION_INTERVALS_CA_XPATH =
+     ROOT + CONF + "SignatureVerification/" 
+     + CONF + "CertificateValidation/"
+     + CONF + "RevocationChecking/"
+     + CONF + "CrlRetentionIntervals/"
+     + CONF + "CA";
+  private static final String ENABLE_REVOCATION_CHECKING_XPATH_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "EnableChecking";
+  private static final String MAX_REVOCATION_AGE_XPATH_ =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "MaxRevocationAge";
+  private static final String REVOCATION_SERVICEORDER_XPATH_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "ServiceOrder/" 
+    + CONF + "Service";
+  private static final String ENABLE_ARCHIVING_XPATH = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "Archiving/"
+    + CONF + "EnableArchiving";
+  private static final String CRL_ARCHIVE_DURATION_XPATH = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "Archiving/"
+    + CONF + "ArchiveDuration";
+  private static final String ACHIVE_JDBC_URL_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "Archiving/"
+    + CONF + "Archive/"
+    + CONF + "DatabaseArchive/"
+    + CONF + "JDBCURL";
+  private static final String ACHIVE_JDBC_DRIVER_CLASS_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "Archiving/"
+    + CONF + "Archive/"
+    + CONF + "DatabaseArchive/"
+    + CONF + "JDBCDriverClassName";
+  private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "CreateTransformsInfoProfile";
+  private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "CreateSignatureEnvironmentProfile";
+  private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "VerifyTransformsInfoProfile";
+  private static final String SUPPLEMENT_PROFILE_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "SupplementProfile";
+  private static final String PERMIT_FILE_URIS_XPATH =
+	    ROOT + CONF + "SignatureVerification/" 
+	    + CONF + "PermitFileURIs";
+  
+  private static final String TSL_CONFIGURATION_XPATH = 
+	  ROOT + CONF + "SignatureVerification/"
+	  + CONF + "CertificateValidation/" 
+	  + CONF + "TSLConfiguration/";
+  //
+  // default values for configuration parameters 
+  //
+
+  /** The accepted canonicalization algorithm URIs, as an array */
+  private static final String[] ACCEPTED_C14N_ALGORITHMS_ARRAY =
+    {
+      Constants.C14N_URI,
+      Constants.C14N_WITH_COMMENTS_URI,
+      Constants.EXC_C14N_URI,
+      Constants.EXC_C14N_WITH_COMMENTS_URI };
+
+  /** The accepted canonicalization algorithm URIs, as a Set */
+  private static final Set ACCEPTED_C14N_ALGORITHMS =
+    new HashSet(Arrays.asList(ACCEPTED_C14N_ALGORITHMS_ARRAY));
+
+  /** Default canonicalization algorithm, if none/illegal has been configured */
+  private static final String C14N_ALGORITHM_DEFAULT = Constants.C14N_URI;
+
+  /** The accepted digest method algorithm URIs, as an array */
+  private static final String[] ACCEPTED_DIGEST_ALGORITHMS_ARRAY =
+    { Constants.SHA1_URI,
+	  Constants.SHA256_URI,
+	  Constants.SHA384_URI,
+	  Constants.SHA512_URI};
+
+  /** The accepted digest method algorithm URIs, as a Set */
+  private static final Set ACCEPTED_DIGEST_ALGORITHMS =
+    new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY));
+  
+  
+  /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.1.1) */
+  private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 = Constants.SHA1_URI;
+  
+  /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.4.2) */
+  private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 = Constants.SHA256_URI;
+  
+  /** The root element of the MOA configuration */
+  private Element configElem;
+  
+  /**
+   * The directory containing the underlying configuration file.
+   */
+  private File configRoot_;
+
+  /** Whether any warnings were encountered building the configuration. */
+  private List warnings = new ArrayList();
+
+  /**
+   * Create a new <code>ConfigurationPartsBuilder</code>.
+   * 
+   * @param configElem The root element of the MOA configuration.
+   * 
+   * @param configRoot The directory containing the underlying configuration file.
+   */
+  public ConfigurationPartsBuilder(Element configElem, File configRoot)
+  {
+    this.configElem = configElem;
+    configRoot_ = configRoot;
+  }
+
+  /**
+   * Returns the root element of the MOA configuration. 
+   * 
+   * @return The root element of the MOA configuration.
+   */
+  public Element getConfigElem() {
+    return configElem;
+  }
+  
+  /** 
+   * Returns the directory containing the underlying configuration file.
+   * 
+   * @return the directory containing the underlying configuration file.
+   */
+  public File getConfigRoot()
+  {
+    return configRoot_;
+  }
+
+  /**
+   * Returns the warnings encountered during building the configuration.
+   * 
+   * @return A <code>List</code> of <code>String</code>s, containing the
+   * warning messages.
+   */
+  public List getWarnings() {
+    return warnings;
+  }
+
+  /**
+   * Returns the digest method algorithm name.
+   * 
+   * @return The digest method algorithm name from the configuration.
+   */
+  public String getDigestMethodAlgorithmName() 
+  {
+    String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null);
+    
+    if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod))
+    {
+    	String xadesVersion = this.getXAdESVersion();
+    	if (xadesVersion == null) {
+    		info(
+    		        "config.23",
+    		        new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 });
+    		      digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1;	
+    	}
+    	else {
+    		info(
+    		        "config.23",
+    		        new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 });
+    		      digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2;
+    	}
+    	
+      
+    }
+
+    return digestMethod;
+  }
+  
+  /**
+   * Returns the digest method algorithm name.
+   * 
+   * @return The digest method algorithm name from the configuration.
+   */
+  public String getXAdESVersion() 
+  {
+    String xadesVersion = getElementValue(getConfigElem(), XADES_VERSION_XPATH, null);
+    
+    return xadesVersion;
+  }
+  
+  /**
+   * Returns the digest method algorithm name.
+   * 
+   * @return The digest method algorithm name from the configuration.
+   */
+  public String getPDFASConfiguration() 
+  {
+    String pdfasConfiguration = getElementValue(getConfigElem(), PDFAS_CONFIGURATION_XPATH, null);
+    
+    return pdfasConfiguration;
+  }
+  
+  
+  /**
+   * Returns the canonicalization algorithm name.
+   * 
+   * @return The canonicalization algorithm name from the configuration.
+   */
+  public String getCanonicalizationAlgorithmName() 
+  {
+    String c14nAlgorithm = getElementValue(getConfigElem(), C14N_ALGORITHM_XPATH, null);
+
+    if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) 
+    {
+      info(
+        "config.23",
+        new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT });
+      c14nAlgorithm = C14N_ALGORITHM_DEFAULT;
+    }
+
+    return c14nAlgorithm;
+  }
+
+  /**
+   * Build the configured hardware crypto modules.
+   * 
+   * @return The hardware crypto modules from the configuration.
+   */
+  public List buildHardwareCryptoModules() 
+  {
+    List modules = new ArrayList();
+    NodeIterator modIter = XPathUtils.selectNodeIterator(
+      getConfigElem(),
+      HARDWARE_CRYPTO_MODULE_XPATH);
+
+    Element modElem;
+    while ((modElem = (Element) modIter.nextNode()) != null) {
+      String name = getElementValue(modElem, CONF + "Name", null);
+      String slotId = getElementValue(modElem, CONF + "SlotId", null);
+      String userPIN = getElementValue(modElem, CONF + "UserPIN", null);
+      HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN);
+      modules.add(module);
+    }
+
+    return modules;
+  }
+  
+  /**
+   * 
+   * @return
+   */
+  public boolean allowExternalUris() {
+	  Element permitExtUris = (Element)XPathUtils.selectSingleNode(getConfigElem(), PERMIT_EXTERNAL_URIS_XPATH);
+	  
+	  // if PermitExternalUris element does not exist - don't allow external uris
+	  if (permitExtUris == null)  {
+		  // set permitExtUris for iaik-moa
+		  ExternalReferenceChecker.setPermitExternalURLs(false);
+		  return false;
+	  }		  	    
+	  else {
+		// set permitExtUris for iaik-moa
+		  ExternalReferenceChecker.setPermitExternalURLs(true);
+		  return true;
+	  }
+  }
+  
+  
+  /**
+   * 
+   * @return
+   */
+  public List buildPermitExternalUris() {
+	    
+	  info("config.33", null);
+	  
+	  List blacklist = new ArrayList();
+	  List blackListIaikMoa = new ArrayList();
+	  
+	  NodeIterator permitExtIter = XPathUtils.selectNodeIterator(
+			  getConfigElem(),
+			  BLACK_LIST_URIS_XPATH);
+	  
+	  Element permitExtElem = null;
+	  while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) {
+	      String host = getElementValue(permitExtElem, CONF + "IP", null);
+	      String port = getElementValue(permitExtElem, CONF + "Port", null);
+	      
+	      BlackListEntry entry =null;
+	      if (port == null) {
+	    	  entry = new BlackListEntry(host, -1);
+	    	  info("config.34", new Object[]{host});
+	      }
+	      else {	    	  
+	    	  entry = new BlackListEntry(host, new Integer(port).intValue());
+	    	  info("config.34", new Object[]{host + ":" + port});
+	      }
+	      
+	      // add entry to iaik-moa blacklist	      
+	      blackListIaikMoa.add(entry);
+	      	       
+	      
+	      String array[] = new String[2];
+	      array[0] = host;
+	      array[1] = port;
+	      blacklist.add(array);
+	      
+	  }
+	  
+	  
+	  // set blacklist for iaik-moa
+	  ExternalReferenceChecker.setBlacklist(blackListIaikMoa);
+
+	  
+	  if(blacklist.isEmpty()) // no blacklisted uris given
+		  info("config.36", null);
+		  
+	  
+	  return blacklist;
+  }
+  
+  /**
+   * 
+   * @return
+   */
+  public List buildForbidExternalUris() {
+	    
+	  //info("config.47", null);
+	  
+	  List whitelist = new ArrayList();
+	  List whiteListIaikMoa = new ArrayList();
+	  
+	  NodeIterator forbidExtIter = XPathUtils.selectNodeIterator(
+			  getConfigElem(),
+			  WHITE_LIST_URIS_XPATH);
+	  
+	  Element permitExtElem = null;
+	  while ((permitExtElem = (Element) forbidExtIter.nextNode()) != null) {
+	      String host = getElementValue(permitExtElem, CONF + "IP", null);
+	      String port = getElementValue(permitExtElem, CONF + "Port", null);
+	      
+	      // WhiteListeEntry
+	      WhiteListEntry entry =null;
+	      if (port == null) {
+	    	  entry = new WhiteListEntry(host, -1);
+	    	  info("config.49", new Object[]{host});
+      }
+	      else {	    	  
+	    	  entry = new WhiteListEntry(host, new Integer(port).intValue());
+	    	  info("config.49", new Object[]{host + ":" + port});
+	      }
+	      
+	      // add entry to iaik-moa whitelist	      
+	      whiteListIaikMoa.add(entry);
+	      	       
+	      
+	      String array[] = new String[2];
+	      array[0] = host;
+	      array[1] = port;
+	      whitelist.add(array);
+	      
+	  }
+	  
+	  
+	  // set whitelist for iaik-moa
+	  ExternalReferenceChecker.setWhitelist(whiteListIaikMoa);
+
+	  
+	  if(whitelist.isEmpty()) // no whitelisted uris given
+		  info("config.48", null);
+		  
+	  
+	  return whitelist;
+  }
+
+ 
+  
+  /**
+   * Build the configured hardware keys. 
+   * 
+   * @param keyModules The keyModules that the configuration already knows about. To 
+   * prevent multiple key modules with the same ID.
+   * @return The hardware keys contained in the configuration.
+   */
+  public List buildHardwareKeyModules(List keyModules) 
+  {
+    Set existingIds = toIdSet(keyModules);
+    List hardwareKeys = new ArrayList();
+    NodeIterator hkIter =
+      XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH);
+    Element keyElem;
+
+    while ((keyElem = (Element) hkIter.nextNode()) != null) 
+    {
+      String id = getElementValue(keyElem, CONF + "Id", null);
+      String name = getElementValue(keyElem, CONF + "Name", null);
+      String slotId = getElementValue(keyElem, CONF + "SlotId", null);
+      String userPIN = getElementValue(keyElem, CONF + "UserPIN", null);
+
+      if (existingIds.contains(id)) 
+      {
+        warn(
+          "config.04",
+          new Object[] { "Hardware- oder SoftwareKeyModule", id });
+      } 
+      else
+      {
+        KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN);
+        hardwareKeys.add(key);
+        existingIds.add(id);
+      }
+
+    }
+
+    return hardwareKeys;
+  }
+
+  /**
+   * Build the configured software keys.
+   * 
+   * @param keyModules The keyModules that the configuration already knows about. To 
+   *        prevent multiple key modules with the same ID.
+   *
+   * @return The software keys contained in the configuration.
+   */
+  public List buildSoftwareKeyModules(List keyModules) 
+  {
+    Set existingIds = toIdSet(keyModules);
+    List softwareKeys = new ArrayList();
+    NodeIterator skIter =
+      XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH);
+
+    Element keyElem;
+    while ((keyElem = (Element) skIter.nextNode()) != null)
+    {
+      String id = getElementValue(keyElem, CONF + "Id", null);
+      String fileName = getElementValue(keyElem, CONF + "FileName", null);
+      String passWord = getElementValue(keyElem, CONF + "Password", null);
+
+      if (existingIds.contains(id)) 
+      {
+        warn(
+          "config.04",
+          new Object[] { "Hardware- oder SoftwareKeyModule", id });
+      } 
+      else
+      {
+        File keyFile;
+        KeyModule key;
+
+        // make keyFile absolute
+        keyFile = new File(fileName);
+        if (!keyFile.isAbsolute()) {
+          keyFile = new File(configRoot_, fileName);
+        }
+
+        // check for existence
+        if (!keyFile.exists() || keyFile.isDirectory()) {
+          warn("config.25", new Object[] { id, keyFile.getAbsolutePath()});
+        } else {
+          // create a new key module
+          key = new SoftwareKeyModule(id, keyFile.getAbsolutePath(), passWord);
+          softwareKeys.add(key);
+          existingIds.add(id);
+        }
+      }
+    }
+
+    return softwareKeys;
+  }
+
+  /**
+   * Build the key group configuration.
+   * 
+   * @param keyModules The <code>KeyModule</code>s that the configuration
+   * knows about. Used to check for errors in the configuration.
+   * @return The mapping between key group IDs and key groups.
+   */
+  public Map buildKeyGroups(List keyModules) 
+  {
+    Set keyModuleIds = toIdSet(keyModules);
+    Map keyGroups = new HashMap();
+    NodeIterator kgIter;
+    Element keyGroupElem;
+
+    // select all KeyGroup elements and build the KeyGroup objects from them
+    kgIter = XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_XPATH);
+    while ((keyGroupElem = (Element) kgIter.nextNode()) != null) 
+    {
+      String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null);
+      String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null);
+      Set keyGroupEntries =
+        buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
+      KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm);
+
+      if (keyGroups.containsKey(keyGroupId)) 
+      {
+        warn("config.04", new Object[] { "KeyGroup", keyGroupId });
+      } 
+      else
+      {
+        keyGroups.put(keyGroup.getId(), keyGroup);
+      }
+    }
+
+    return keyGroups;
+  }
+
+  /**
+   * Return the set of IDs contained in the given <code>KeyModule</code>s.
+   * 
+   * @param keyModules The <code>KeyModule</code>s from which to extract the
+   * IDs.
+   * @return The IDs from the given <code>KeyModule</code>s.
+   */
+  private Set toIdSet(List keyModules) {
+    Set ids = new HashSet();
+    Iterator iter;
+
+    for (iter = keyModules.iterator(); iter.hasNext();) {
+      KeyModule keyModule = (KeyModule) iter.next();
+      ids.add(keyModule.getId());
+    }
+
+    return ids;
+  }
+
+  /**
+   * Build the key entries belonging to a key group.
+   * 
+   * @param keyGroupId The ID of the key group we are building here. Passed
+   * for logging purposes.
+   * @param keyModuleIds The IDs of the <code>HardwareKeyModule</code>s and
+   * <code>SoftwareKeyModule</code>s that exist in the configuration. 
+   * @param keyGroupElem The <code>KeyGroup</code> DOM element to parse.
+   * @return A <code>Set</code> of <code>KeyGroupEntry</code> objects.
+   */
+  private Set buildKeyGroupEntries(
+    String keyGroupId,
+    Set keyModuleIds,
+    Element keyGroupElem) {
+
+    Set entries = new HashSet();
+    NodeIterator keyEntryIter;
+    Element keyEntryElem;
+
+    // select all Key elements and put them into the Map
+    keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, CONF + "Key");
+    while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) 
+    {
+      String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", "");
+      Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + "KeyCertIssuerSerial");
+      IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem);
+
+      if (!keyModuleIds.contains(keyModuleId)) {
+        warn("config.26", new Object[] { keyGroupId, keyModuleId });
+      } else if (issuerSerial != null) {
+        KeyGroupEntry entry = new KeyGroupEntry(keyModuleId, issuerSerial);
+        entries.add(entry);
+      }
+    }
+    return entries;
+  }
+
+  /**
+   * Build the key group mapping.
+   * 
+   * @param keyGroups The available key groups.
+   * @param anonymous The <code>IssuerAndSerial</code> to be used for key group
+   * mappings not protected by a certificate.
+   * @return The key group mapping.
+   */
+  public Map buildKeyGroupMappings(Map keyGroups, IssuerAndSerial anonymous) {
+    Map mappings = new HashMap();
+    NodeIterator mappingIter;
+    Element mappingElem;
+
+    // select all KeyGroupMapping elements
+    mappingIter =
+      XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH);
+
+    // build the mapping for each KeyGroupMapping element
+    while ((mappingElem = (Element) mappingIter.nextNode()) != null) 
+    {
+      Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + "CustomerId");
+
+      // build the IssuerAndSerial who has access to the key groups
+      IssuerAndSerial issuerAndSerial;
+      if (issuerSerialElem != null) 
+      {
+        issuerAndSerial = buildIssuerAndSerial(issuerSerialElem);
+      } 
+      else
+      {
+        // IssuerSerial element: the keygroup is generally available
+        issuerAndSerial = anonymous;
+      }
+
+      // add the key groups to the mappings
+      if (issuerAndSerial != null) {
+        Map groups = (Map) mappings.get(issuerAndSerial);
+        NodeIterator keyGroupIter;
+        Element keyGroupElem;
+
+        if (groups == null) 
+        {
+          // no mapping exist -> build one
+          groups = new HashMap();
+          mappings.put(issuerAndSerial, groups);
+        }
+
+        // select the available key groups and add them to the mapping
+        keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId");
+        while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) 
+        {
+          String keyGroupId = getElementValue(keyGroupElem, ".", null);
+          KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
+
+          if (keyGroup != null) 
+          {
+            groups.put(keyGroupId, keyGroup);
+          } else
+          {
+            warn("config.00", new Object[] { keyGroupId });
+          }
+        }
+      }
+    }
+
+    return mappings;
+  }
+
+  /**
+   * Returns the default chaining mode from the configuration.
+   * 
+   * @return The default chaining mode.
+   */
+  public String getDefaultChainingMode() 
+  {
+    String defaultChaining = getElementValue(
+      getConfigElem(),
+      CHAINING_MODES_DEFAULT_XPATH,
+      CM_PKIX);
+
+    return translateChainingMode(defaultChaining);
+
+  }
+
+  /**
+   * Build the chaining modes for all configured trust anchors.
+   * 
+   * @return The mapping from trust anchors to chaining modes.
+   */
+  public Map buildChainingModes()
+  {
+    Map chainingModes = new HashMap();
+    NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
+
+    Element trustAnchorElem;
+    while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) 
+    {
+      IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(
+        (Element)XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification"));
+      String mode = getElementValue(trustAnchorElem, CONF + "Mode", null);
+
+      if (issuerAndSerial != null) 
+      {
+        chainingModes.put(issuerAndSerial, translateChainingMode(mode));
+      }
+    }
+
+    return chainingModes;
+  }
+
+  /**
+   * Build an <code>IssuerAndSerial</code> from the DOM representation.
+   * 
+   * @param root The root element (being of type <code>dsig:
+   * X509IssuerSerialType</code>.
+   * @return The issuer and serial number contained in the <code>root</code>
+   * element or <code>null</code> if could not be built for any reason.
+   */
+  private IssuerAndSerial buildIssuerAndSerial(Element root) {
+    String issuer = getElementValue(root, ISSUER_XPATH, null);
+    String serial = getElementValue(root, SERIAL_XPATH, null);
+
+    if (issuer != null && serial != null) {
+      try {
+        RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
+        Principal issuerDN = nameParser.parse();
+
+        return new IssuerAndSerial(issuerDN, new BigInteger(serial));
+      } catch (RFC2253NameParserException e) {
+        warn("config.16", new Object[] { issuer, serial }, e);
+        return null;
+      } catch (NumberFormatException e) {
+        warn("config.16", new Object[] { issuer, serial }, e);
+        return null;
+      }
+    }
+    return null;
+  }
+
+  /**
+   * Translate the chaining mode from the configuration file to one used in the
+   * IAIK MOA API.
+   * 
+   * @param chainingMode The chaining mode from the configuration.
+   * @return The chaining mode as provided by the <code>ChainingModes</code>
+   * interface.
+   * @see iaik.pki.pathvalidation.ChainingModes
+   */
+  private String translateChainingMode(String chainingMode) {
+    if (chainingMode.equals(CM_CHAINING)) {
+      return ChainingModes.CHAIN_MODE;
+    } else if (chainingMode.equals(CM_PKIX)) {
+      return ChainingModes.PKIX_MODE;
+    } else {
+      return ChainingModes.PKIX_MODE;
+    }
+  }
+
+  /**
+   * Build the distribution points mapping.
+   * 
+   * @return The mapping from certificate authorities to distribution points.
+   */
+  public Map buildDistributionPoints()
+  {
+    Map dPs = new HashMap();
+    NodeIterator dPIter;
+    Element dPElem;
+
+    // select all DistributionPoint elements 
+    dPIter = XPathUtils.selectNodeIterator(getConfigElem(), DISTRIBUTION_POINTS_XPATH);
+
+    // build the mapping of CA name to distribution points 
+    while ((dPElem = (Element) dPIter.nextNode()) != null) {
+      String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", "");
+      RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText);
+      NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP");
+      NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP");
+
+      try 
+      {
+        String caIssuerDN = nameParser.parse().getName();
+
+        // check, if a mapping exists or make a new mapping      
+        Set dPsForCA = (Set) dPs.get(caIssuerDN);
+        if (dPsForCA == null) 
+        {
+          dPsForCA = new HashSet();
+          dPs.put(caIssuerDN, dPsForCA);
+        }
+
+        // add the CRL distribution points of this CA to the set
+        Element cRLDPElem;
+        while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null) 
+        {
+          CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, caIssuerDN);
+          dPsForCA.add(cRLDP);
+        }
+
+        // add the OCSP distribution points of this CA to the set
+        Element oCSPPElem;
+        while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null) 
+        {
+          OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(oCSPPElem, null);
+          dPsForCA.add(oCSPDP);
+        }
+} 
+      catch (RFC2253NameParserException e) 
+      {
+        warn("config.13", new Object[] { caIssuerDNText }, e);
+      }
+
+    }
+
+    return dPs;
+  }
+
+  /**
+   * Build a distribution point from the DOM representation.
+   * 
+   * @param dpElem The root element of the distribution point.
+   * 
+   * @param issuerName The name of the CA issuing the CRL referred to by this DP, or <code>null</code>
+   *                   if this DP refers to an OCSP responder. 
+   * 
+   * @return The distribution point.
+   */
+  private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName) 
+  {
+    String uri = getElementValue(dpElem, CONF + "Location", null);
+    
+    if ("CRLDP".equals(dpElem.getLocalName()))
+    {
+      NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode");
+      Element reasonCodeElem;
+      StringBuffer reasonCodesSB = new StringBuffer();
+      while ((reasonCodeElem = (Element)reasonCodesIter.nextNode()) != null)
+      {
+        if (reasonCodesSB.length() > 0) reasonCodesSB.append(" ");  
+        reasonCodesSB.append(getElementValue(reasonCodeElem, ".", "").trim());
+      }
+      return new CRLDistributionPoint(issuerName, uri, reasonCodesSB.toString());
+    }
+    else
+    {
+      return new OCSPDistributionPoint(uri);
+    }
+  }
+
+  /**
+   * Return the CRL archive duration.
+   * 
+   * @return The value of the CRL archive duration setting from the configuration, or <code>0</code> if
+   *         no value is set in the configuration.
+   */
+  public int getRevocationArchiveDuration() 
+  {
+    String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null);
+    try 
+    {
+      return Integer.parseInt(archiveDuration);
+    } 
+    catch (NumberFormatException e) 
+    {
+      warn("config.01", null);
+      return 365;
+    }
+  }
+
+  /**
+   * Build the <code>CreateTransformsInfoProfile</code>s. 
+   * 
+   * @return The mapping from profile ID to profile.
+   */
+  public Map buildCreateTransformsInfoProfiles() 
+  {
+    return loadProfiles(CREATE_TRANSFORMS_INFO_PROFILE_XPATH, "CreateTransformsInfoProfile");
+  }
+
+  /**
+   * Build the <code>CreateSignatureEnvironmentProfile</code>s.
+   *  
+   * @return The mapping from profile ID to profile.
+   */
+  public Map buildCreateSignatureEnvironmentProfiles() 
+  {
+    return loadProfiles(CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, "CreateSignatureEnvironmentProfile");
+  }
+
+  /**
+   * Build the <code>VerifyTransformsInfoProfile</code>s.
+   * 
+   * @return The mapping from profile ID to profile.
+   */
+  public Map buildVerifyTransformsInfoProfiles() 
+  {
+    return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile");
+  }
+
+  /**
+   * Build the <code>SupplementProfile</code>s.
+   * 
+   * @return The mapping from profile ID to profile.
+   */
+  public Map buildSupplementProfiles()
+  {
+    return loadProfiles(SUPPLEMENT_PROFILE_XPATH, "SupplementProfile");
+  }
+
+  /**
+   * Load a profile mapping.
+   * 
+   * @param xpath The XPath to select the profiles from the configuration.
+   * 
+   * @param profileRoot The name of the profile root element.
+   * 
+   * @return Map The profile ID to profile mapping.
+   */
+  private Map loadProfiles(String xpath, String profileRoot) 
+  {
+    Map profiles = new HashMap();
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileIter.nextNode()) != null) 
+    {
+      String id = getElementValue(profileElem, CONF + "Id", null);
+      String fileName = getElementValue(profileElem, CONF + "Location", null);
+
+      if (profiles.containsKey(id)) 
+      {
+        warn("config.04", new Object[] { profileRoot, id });
+      } 
+      else 
+      {
+        try 
+        {
+          File profileFile = new File(fileName);
+
+          // make profileFile absolute
+          if (!profileFile.isAbsolute()) profileFile = new File(configRoot_, fileName);
+
+          // load the profile
+          info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile()});
+          Element profile = loadProfile(profileFile);
+
+          if (Constants.MOA_NS_URI.equals(profile.getNamespaceURI()) && 
+        		  profile.getLocalName().equals(profileRoot)) 
+          {
+            profiles.put(id, profile);
+          } 
+          else
+          {
+            warn("config.02", new Object[] { profileRoot, id, fileName });
+          }
+        } catch (ConfigurationException e) {
+          warn("config.03", new Object[] { profileRoot, id });
+        }
+      }
+    }
+
+    return profiles;
+  }
+
+  /**
+   * Load a profile from a file.
+   * 
+   * @param root The absolute directory path of the main configuration file.
+   * @param profileFile The file containing the profile.
+   * @return The profile in its DOM representation.
+   * @throws ConfigurationException An error occurred loading the profile.
+   */
+  private Element loadProfile(File profileFile) throws ConfigurationException {
+
+    Element profile;
+
+    try {
+      profile = parseXml(new FileInputStream(profileFile));
+    } catch (Exception e) {
+      throw new ConfigurationException("config.12", null, e);
+    }
+
+    return profile;
+  }
+
+  /**
+   * Build the trust profile mapping.
+   * 
+   * @return The profile ID to profile mapping.
+   */
+  public Map buildTrustProfiles(String tslWorkingDir) 
+  {
+    Map trustProfiles = new HashMap();
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileIter.nextNode()) != null)
+    {
+      String id = getElementValue(profileElem, CONF + "Id", null);
+      String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+      String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);      
+      Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL");
+      boolean tslEnabled = false;
+      if (eutslElem != null) //EUTSL element found --> TSL enabled
+    	  tslEnabled = true;
+
+      String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", null);
+      
+      URI trustAnchorsLocURI = null;
+      try
+      {
+        trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+        if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+          trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
+        }
+      }
+      catch (URIException e) {
+        warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
+        continue;
+      }
+      catch (MalformedURLException e)
+      {
+        warn("config.15", new Object[] {id}, e);
+        continue;
+      }
+
+      File profileDir = new File(trustAnchorsLocURI.getPath());
+      if (!profileDir.exists() || !profileDir.isDirectory()) {
+        warn("config.27", new Object[] { "uri", id });
+        continue;
+      }
+      
+      
+      
+      if (trustProfiles.containsKey(id)) {
+        warn("config.04", new Object[] { "TrustProfile", id });
+        continue;
+      } 
+      
+      URI signerCertsLocURI = null;
+      if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
+      {
+        try
+        {
+          signerCertsLocURI = new URI(signerCertsLocStr);
+          if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
+          
+          File signerCertsDir = new File(signerCertsLocURI.getPath());
+          if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
+            warn("config.27", new Object[] { "signerCertsUri", id });
+            continue;
+          }
+        }
+        catch (URIException e) {
+          warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
+          continue;
+        }
+        catch (MalformedURLException e) {
+          warn("config.15", new Object[] {id}, e);
+          continue;
+        }
+      }
+      
+      signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+      
+      TrustProfile profile = null;
+      
+      if (tslEnabled) {
+    	  // create new trust anchor location (=tslworking trust profile)
+    	  File fTslWorkingDir = new File(tslWorkingDir);
+    	  File tp = new File(fTslWorkingDir, "trustprofiles");
+    	  if (!tp.exists())
+    		  tp.mkdir();
+    	  if (!tp.isDirectory()) {
+        	  error("config.50", new Object[] { tp.getPath() });
+          }
+    	  
+    	  File tpid = new File(tp, id);        	 
+    	  if (!tpid.exists())
+              tpid.mkdir();
+    	  if (!tpid.isDirectory()) {
+        	  error("config.50", new Object[] { tpid.getPath() });
+          }
+
+        	  
+    	  // create profile
+    	  profile = new TrustProfile(id, tpid.getAbsolutePath(), signerCertsLocStr, tslEnabled, countries);
+    	  
+    	  // set original uri (save original trust anchor location)    	    
+    	  profile.setUriOrig(trustAnchorsLocURI.getPath());
+    	  
+    	  // delete files in tslworking trust profile
+    	  File[] files = tpid.listFiles();
+			for (File file : files) 
+	              file.delete();
+    	  
+    	  // copy files from trustAnchorsLocURI into tslworking trust profile kopieren
+    	  File src = new File(trustAnchorsLocURI.getPath());
+    	  files = src.listFiles();                    
+          for (File file : files) { 
+              FileUtils.copyFile(file, new File(tpid, file.getName()));  
+          } 
+          
+          
+      } else {
+      
+    	  profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries);
+      
+      }
+      
+      trustProfiles.put(id, profile);
+      
+    }
+
+    return trustProfiles;
+  }
+  
+  /**
+   * Build the trust profile mapping.
+   * 
+   * @return The profile ID to profile mapping.
+   */
+  public Map buildTrustProfiles() 
+  {
+    Map trustProfiles = new HashMap();
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileIter.nextNode()) != null)
+    {
+      String id = getElementValue(profileElem, CONF + "Id", null);
+      String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+      String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);      
+     
+      URI trustAnchorsLocURI = null;
+      try
+      {
+        trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+        if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+          trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
+        }
+      }
+      catch (URIException e) {
+        warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
+        continue;
+      }
+      catch (MalformedURLException e)
+      {
+        warn("config.15", new Object[] {id}, e);
+        continue;
+      }
+
+      File profileDir = new File(trustAnchorsLocURI.getPath());
+      if (!profileDir.exists() || !profileDir.isDirectory()) {
+        warn("config.27", new Object[] { "uri", id });
+        continue;
+      }
+      
+      
+      
+      if (trustProfiles.containsKey(id)) {
+        warn("config.04", new Object[] { "TrustProfile", id });
+        continue;
+      } 
+      
+      URI signerCertsLocURI = null;
+      if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
+      {
+        try
+        {
+          signerCertsLocURI = new URI(signerCertsLocStr);
+          if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
+          
+          File signerCertsDir = new File(signerCertsLocURI.getPath());
+          if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
+            warn("config.27", new Object[] { "signerCertsUri", id });
+            continue;
+          }
+        }
+        catch (URIException e) {
+          warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
+          continue;
+        }
+        catch (MalformedURLException e) {
+          warn("config.15", new Object[] {id}, e);
+          continue;
+        }
+      }
+      
+      signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+      
+      TrustProfile profile = null;
+      
+      profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null);
+      
+      trustProfiles.put(id, profile);
+      
+    }
+
+    return trustProfiles;
+  }
+  
+  /**
+   * checks if a trustprofile with TSL support is enabled
+   * 
+   * @return true if TSL support is enabled in at least one trustprofile, else false
+   */
+  public boolean checkTrustProfilesTSLenabled() 
+  {
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+    Element profileElem;
+
+    boolean tslSupportEnabled = false;
+    while ((profileElem = (Element) profileIter.nextNode()) != null)    {
+      Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL");
+      if (eutslElem != null) //EUTSL element found --> TSL enabled
+    	  tslSupportEnabled = true;
+    }
+
+    return tslSupportEnabled;
+  }
+  
+  /**
+   * Returns the location of the certificate store.
+   * 
+   * @return the location of the certificate store.
+   */
+  public String getCertStoreLocation()
+  {
+    String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null);
+    File certStoreLocFile;
+    
+    //  No value specified in configuration file: Set it to a reasonable (absolute) default
+    if (certStoreLocStr == null)
+      return new File(configRoot_, "certstore").getAbsolutePath();    
+    
+    // Make cert store location an absolute value
+    certStoreLocFile = new File(certStoreLocStr);
+    if (!certStoreLocFile.isAbsolute())
+    {
+      certStoreLocFile = new File(configRoot_, certStoreLocStr);
+    }
+    
+    // Check if cert store location exists, eventually try to create it
+    if (!certStoreLocFile.isDirectory())
+    {
+      boolean created = false;
+      try 
+      {
+        created = certStoreLocFile.mkdirs();
+      }
+      finally
+      {
+        if (!created)
+        {
+          warn("config.32", new Object[] { certStoreLocFile.getAbsolutePath() });
+        }
+      }
+    }
+    
+    return certStoreLocFile.getAbsolutePath();
+  }
+
+  //
+  // various utility methods
+  //
+
+  /**
+   * Parse a configuration XML file.
+   * 
+   * @param inputStream The stream from which to read the XML data.
+   * @return The DOM representation of the XML data.
+   * @throws ParserConfigurationException XML parser not configured properly.
+   * @throws SAXException An error parsing the XML file.
+   * @throws IOException An error reading the stream.
+   */
+  private static Element parseXml(InputStream inputStream)
+    throws ParserConfigurationException, SAXException, IOException {
+    return DOMUtils
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .getDocumentElement();
+  }
+
+  /**
+   * Return the value of an element located by an XPath.
+   * 
+   * @param root The root element from which to evaluate the <code>xpath</code>.
+   * @param xpath The XPath pointing to the element.
+   * @param def The default value, if no element can be found with the given
+   * <code>xpath</code>.
+   * @return The element value or <code>def</code>, if the element cannot be
+   * found.
+   */
+  private String getElementValue(Element root, String xpath, String def) {
+
+    Element elem = (Element) XPathUtils.selectSingleNode(root, xpath);
+    return elem != null ? DOMUtils.getText(elem) : def;
+  }
+
+  /**
+   * Return the value of an attribute located by an XPath.
+   * 
+   * @param root The root element from which to evaluate the <code>xpath</code>.
+   * @param xpath The XPath pointing to the attribute.
+   * @param def The default value, if no attribute can be found with the given
+   * <code>xpath</code>.
+   * @return The element value or <code>def</code>, if the attribute cannot be
+   * found.
+   */
+  private String getAttributeValue(Element root, String xpath, String def) {
+    Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath);
+    return attr != null ? attr.getValue() : def;
+  }
+
+  /**
+   * Log an info message.
+   * 
+   * @param messageId The message ID.
+   * @param parameters Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private static void info(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+    Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void warn(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt));
+    warnings.add(txt);
+  }
+  
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void debug(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.debug(new LogMsg(txt));
+  
+  }
+  
+
+  /**
+   * Log a debug message.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void debug(String message) {
+    Logger.debug(new LogMsg(message));
+
+  }
+  
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @param t An exception being the cause of the warning.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void warn(String messageId, Object[] args, Throwable t) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt), t);    
+    warnings.add(txt);
+  }
+
+  /**
+   * Log an error.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void error(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.error(new LogMsg(txt));
+    warnings.add(txt);
+  }
+  
+  /**
+   * Log an error.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @param t An exception being the cause of the warning.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void error(String messageId, Object[] args, Throwable t) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.error(new LogMsg(txt), t);    
+    warnings.add(txt);
+  }
+  
+  /**
+   * Returns whether revocation information should be archived.
+   * 
+   * @return whether revocation information should be archived.
+   */
+  public boolean getEnableRevocationArchiving()
+  {
+    String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null);
+    return Boolean.valueOf(enableArchiving).booleanValue();
+  }
+
+  /**
+   * Returns the JDBC URL for the revocation archive database.
+   * 
+   * @return the JDBC URL for the revocation archive database, or <code>null</code, if the corresponding
+   *         parameter is not set in the configuration.
+   */
+  public String getRevocationArchiveJDBCURL()
+  {
+    String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null);
+    return jDBCURL;
+  }
+
+  /**
+   * Returns the JDBC driver class name for the revocation archive database.
+   *  
+   * @return the JDBC driver class name for the revocation archive database, or <code>null</code, 
+   *         if the corresponding parameter is not set in the configuration.
+   */
+  public String getRevocationArchiveJDBCDriverClass()
+  {
+    String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null);
+    return jDBCDriverClass;
+  }
+
+  /**
+   * Returns whether revocation information should be archived.
+   */
+  public boolean getEnableRevocationChecking()
+  {
+    String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null);
+    return Boolean.valueOf(enableChecking).booleanValue();
+  }
+
+  /**
+   * Returns the maximum age of a revocation information for considering it 
+   * still as valid.
+   * 
+   * @return the maximum age of a revocation information for considering it 
+   *         still as valid.
+   */
+  public long getMaxRevocationAge()
+  {
+    String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null);
+    if (maxRevocationAge == null) return 0;
+    return Long.valueOf(maxRevocationAge).longValue();
+  }
+
+  /**
+   * Returns the service order for revocation checking.
+   * 
+   * @return the service order for revocation checking. Valid array entries are
+   *         {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}.
+   *         An empty array will be returned if no service order is specified in the
+   *         configuration.
+   */
+  public String[] getServiceOrder()
+  {
+    ArrayList list = new ArrayList();
+    NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), REVOCATION_SERVICEORDER_XPATH_);
+    Element currentServiceNode;
+    while ((currentServiceNode = (Element)serviceIter.nextNode()) != null)
+    {
+      list.add(getElementValue(currentServiceNode, ".", null));
+    }
+    Object[] serviceOrder = list.toArray();
+    String[] returnValue = new String[serviceOrder.length];
+    for (int i = 0; i < serviceOrder.length; i++)
+    {
+      if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.CRL)) {
+        returnValue[i] = RevocationSourceTypes.CRL;
+      } else if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.OCSP)) {
+        returnValue[i] = RevocationSourceTypes.OCSP;
+      }
+      
+    }
+    return returnValue;
+  }
+
+  /**
+   * Returns whether the certificate extension Authority Info Access should 
+   * be used during certificate path construction.
+   * 
+   * @return whether the certificate extension Authority Info Access should 
+   *         be used during certificate path construction.
+   */
+  public boolean getUseAuthorityInfoAccess()
+  {
+    String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null);
+    return Boolean.valueOf(useAIA).booleanValue();
+  }
+
+  /**
+   * Returns whether certificates found during certificate path construction 
+   * should be added to the certificate store.
+   * 
+   * @return whether certificates found during certificate path construction 
+   *         should be added to the certificate store.
+   */
+  public boolean getAutoAddCertificates()
+  {
+    String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null);
+    return Boolean.valueOf(autoAdd).booleanValue();
+  }
+  
+  /**
+   * Returns whether file URIs are permitted  
+   * @return whether file URIs are permitted
+   */
+  public boolean getPermitFileURIs()
+  {
+    String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false");
+    return Boolean.valueOf(permitFileURIs).booleanValue();
+  }
+  
+  /**
+   * Returns the TSL configuration from the config file
+   * @return
+   */
+  public TSLConfiguration getTSLConfiguration() {
+	  TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl();
+	  
+	  	  
+	  String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
+	  if (StringUtils.isEmpty(euTSLUrl)) {
+		  euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL;
+		  debug("config.39", new Object[] { "EUTSL", euTSLUrl });
+	  }
+	  
+	  String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null);
+	  
+	  if (StringUtils.isEmpty(updateSchedulePeriod)) {
+		  updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD;
+		  debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod });
+	  }
+	  
+	  String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "StartTime", null);
+	  if (StringUtils.isEmpty(updateScheduleStartTime)) {
+		  updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME;
+		  debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime });
+		
+	  }
+	  
+	  String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "WorkingDirectory", null);
+	  if (StringUtils.isEmpty(workingDirectoryStr)) {
+		  workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR;
+		  debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
+	  }
+	  
+	  // convert update schedule starting time to Date object
+	  Calendar Cal = DatatypeConverter.parseDateTime(updateScheduleStartTime);
+	  Date updateScheduleStartTimeDate = Cal.getTime();
+		
+	  // convert working directory	  
+	  URI workingDirectoryURI = null;
+      try
+      {
+    	  workingDirectoryURI = new URI(workingDirectoryStr);
+        if (!workingDirectoryURI.isAbsolute()) { // make it absolute to the config file
+        	workingDirectoryURI = new URI(configRoot_.toURL() + workingDirectoryStr);
+        }
+      }
+      catch (URIException e) {
+        warn("config.37", new Object[] { workingDirectoryStr }, e);
+        workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR;
+        warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
+      }
+      catch (MalformedURLException e)
+      {
+    	warn("config.37", new Object[] { workingDirectoryStr }, e);
+    	workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR;
+		warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
+      }
+
+      File tslWorkingDir = new File(workingDirectoryURI.getPath());
+      if (!tslWorkingDir.exists()) {
+    	  tslWorkingDir.mkdir();
+      }
+      if (!tslWorkingDir.isDirectory()) {
+    	  error("config.38", new Object[] { workingDirectoryStr });
+          return null;  
+      }
+      
+      
+      debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl);
+      debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod);
+      debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime);
+      debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath());
+      
+      
+	  // set TSL configuration
+	  tslconfiguration.setEuTSLUrl(euTSLUrl);
+	  tslconfiguration.setUpdateSchedulePeriod(Long.valueOf(updateSchedulePeriod).longValue());
+	  tslconfiguration.setUpdateScheduleStartTime(updateScheduleStartTimeDate);
+	  tslconfiguration.setWorkingDirectory(tslWorkingDir.getAbsolutePath());
+	  tslconfiguration.setWorkingDirectoryURI(workingDirectoryURI);
+	  
+	  return tslconfiguration;
+  }
+  
+  /**
+   * Returns a map of CRL retention intervals
+   * @return
+   */
+  public Map getCrlRetentionIntervals() {
+     Map map = new HashMap();
+     NodeIterator modIter = XPathUtils.selectNodeIterator(
+           getConfigElem(),
+           CRL_RETENTION_INTERVALS_CA_XPATH);
+
+     Element modElem;
+     while ((modElem = (Element) modIter.nextNode()) != null) {
+        String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null);
+        String i = getElementValue(modElem, CONF + "Interval", null);
+        Integer interval = new Integer(i);
+        try {
+           RFC2253NameParser parser = new RFC2253NameParser(x509IssuerName);
+           Name name = parser.parse();
+           map.put(name.getRFC2253String(), interval);
+        } catch (RFC2253NameParserException e) {
+           map.put(x509IssuerName, interval);
+        }
+
+     }
+
+     return map;
+  }
+  
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
new file mode 100644
index 0000000..6c1a192
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -0,0 +1,975 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.asn1.structures.Name;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.URL;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * A class providing access to the MOA configuration data.
+ * 
+ * <p>Configuration data is read from an XML file, whose location is given by
+ * the <code>moa.spss.server.configuration</code> system property.</p>
+ * <p>This class implements the Singleton pattern. The <code>reload()</code>
+ * method can be used to update the configuration data. Therefore, it is not
+ * guaranteed that consecutive calls to <code>getInstance()</code> will return
+ * the same <code>ConfigurationProvider</code> all the time. During the
+ * processing of a web service request, the current
+ * <code>TransactionContext</code> should be used to obtain the
+ * <code>ConfigurationProvider</code> local to that request.</p>
+ * 
+ * @author Patrick Peck
+ * @author Sven Aigner
+ * @version $Id$
+ */
+public class ConfigurationProvider 
+{
+  /** 
+   * The name of the system property which contains the file name of the 
+   * configuration file.
+   */
+  public static final String CONFIG_PROPERTY_NAME =
+    "moa.spss.server.configuration";
+
+  /** 
+   * A fake <code>IssuerAndSerial</code> object for storing KeyGroup information
+   * accessible by all clients.
+   */
+  private static final IssuerAndSerial ANONYMOUS_ISSUER_SERIAL =
+    new IssuerAndSerial(new Name(), new BigInteger("0"));
+
+  /** Singleton instance. <code>null</code>, if none has been created. */
+  private static ConfigurationProvider instance;
+
+  //
+  // configuration data
+  //
+
+  /** The warnings generated when building the configuration. */
+  private List warnings = new ArrayList();
+
+  /** The default digest method algorithm name */
+  private String digestMethodAlgorithmName;
+
+  /** The default canonicalization algorithm name */
+  private String canonicalizationAlgorithmName;
+  
+  /** The XAdES version used for signature creation */
+  private String xadesVersion;
+  
+  /** PDF AS Configuration */
+  private String pdfAsConfiguration;
+  
+  /** 
+   * A <code>List</code> of <code>HardwareCryptoModule</code> objects for 
+   * configuring hardware modules.
+   */
+  private List hardwareCryptoModules;
+
+  /** 
+   * A <code>List</code> of <code>HardwareKey</code> objects containing the
+   * configuration data for hardware keys.
+   */
+  private List hardwareKeyModules;
+
+  /**
+   * A <code>List</code> of <code>SoftwareKey</code> objects containing the
+   * configuration data for software keys.
+   */
+  private List softwareKeyModules;
+
+  /**
+   * A <code>Map</code> which contains a KeyGroupId (a <code>String</code>) to
+   * KeyGroup mapping.
+   */
+  private Map keyGroups;
+
+  /**
+   * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
+   * <code>KeyGroup</code> mapping.
+   */
+  private Map keyGroupMappings;
+
+  /** The default chaining mode. */
+  private String defaultChainingMode;
+
+  /** 
+   * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
+   * chaining mode (a <code>String</code>) mapping.
+   */
+  private Map chainingModes;
+
+  /**
+   * A <code>Map</code> which contains the CAIssuerDN (a <code>String</code>)
+   * to distribution points (a <code>Set</code> of
+   * <code>DistributionPoint</code>s) mapping.
+   */
+
+  private Map distributionPoints;
+  /** 
+   * The CRL archive duration. 
+   */
+  private int cRLArchiveDuration;
+  
+  /**
+   * Indicates whether revocation information should be archived.
+   */
+  private boolean enableRevocationArchiving_;
+  
+  /**
+   * The location of the certificate store.
+   */
+  private String certStoreLocation_;
+
+  /**
+   * A <code>Map</code> which contains a mapping from
+   * CreateSignatureEnvironmentProfile Ids (<code>String</code>) to
+   * CreateSignatureEnvironmentProfile elements (an <code>Element</code>).
+   */
+  private Map createSignatureEnvironmentProfiles;
+
+  /**
+   * A <code>Map</code> which contains a mapping from
+   * CreateTransformsInfoProfile Ids (<code>String</code>) to
+   * CreateTransformsInfoProfile elements (an <code>Element</code>).
+   */
+  private Map createTransformsInfoProfiles;
+
+  /**
+   * A <code>Map</code> which contains a mapping from
+   * VerifyTransformsInfoProfile Ids (<code>String</code>) to
+   * VerifyTransformsInfoProfile elements (an <code>Element</code>).
+   */
+  private Map verifyTransformsInfoProfiles;
+
+  /**
+   * A <code>Map</code> which contains a mapping from
+   * SupplementProfile Ids (<code>String</code>) to SupplementProfile elements
+   * (an <code>Element</code>).
+   */
+  private Map supplementProfiles;
+
+  /**
+   * A <code>Map</code> which contains a TrustProfile Id (a <code>String</code>
+   * to trust profile (a <code>TrustProfile</code>) mapping.
+   */
+  private Map trustProfiles;
+
+  /**
+   * The JDBC URL for the revocation archive database.
+   */
+  private String revocationArchiveJDBCURL_;
+
+  /**
+   * The JDBC driver class name for the revocation archive database.
+   */
+  private String revocationArchiveJDBCDriverClass_;
+
+  /**
+   * Indicates whether revocation checking should be done.
+   */
+  private boolean enableRevocationChecking_;
+
+  /**
+   * The maximum age of a revocation information for considering it still as valid.
+   */
+  private long maxRevocationAge_;
+
+  /**
+   * The service order for revocation checking.
+   */
+  private String[] serviceOrder_;
+
+  /**
+   * Indicates whether certificates found during certificate path construction 
+   * should be added to the certificate store.
+   */
+  private boolean autoAddCertificates_;
+
+  /**
+   * Indicates whether the certificate extension Authority Info Access should 
+   * be used during certificate path construction.
+   */
+  private boolean useAuthorityInfoAccess_;
+  /**
+   * Indicates whether file URIs are allowed or not 
+   */
+  private boolean permitFileURIs;
+  
+  /**
+   * Indicates the CRL retention intervals
+   */
+  private Map crlRetentionIntervals;
+  
+  /**
+   * Indicates wether external URIs are allowed or not
+   */
+  private boolean allowExternalUris_;
+  
+  /**
+   * A <code>List</code> of black listed URIs (host and port)
+   */
+  private List blackListedUris_;
+  
+  /**
+   * A <code>List</code> of white listed URIs (host and port)
+   */
+  private List whiteListedUris_;
+  
+  /**
+   * A <code>TSLConfiguration</code> that represents the global TSL configuration
+   */
+  private TSLConfiguration tslconfiguration_;
+  
+  
+  /**
+   * Return the single instance of configuration data.
+   * 
+   * @return MOAConfigurationProvider The current configuration data.
+   * @throws ConfigurationException Failure to load the configuration data.
+   */
+  public static synchronized ConfigurationProvider getInstance()
+    throws ConfigurationException {
+
+    if (instance == null) {
+      reload();
+    }
+    return instance;
+  }
+
+  /**
+   * Reload the configuration data and set it if successful.
+   * 
+   * @return MOAConfigurationProvider The loaded configuration data.
+   * @throws ConfigurationException Failure to load the configuration data.
+   */
+  public static synchronized ConfigurationProvider reload()
+    throws ConfigurationException {
+    String fileName = System.getProperty(CONFIG_PROPERTY_NAME);
+
+    if (fileName == null) {
+      // find out where we are running and use the configuration provided
+      // under WEB-INF/conf/moa-spss/MOA-SPSSConfiguration
+      URL url = ConfigurationProvider.class.getResource("/");
+      fileName =
+        new File(url.getPath()).getParent()
+          + "/conf/moa-spss/MOA-SPSSConfiguration.xml";
+      info("config.05", new Object[] { CONFIG_PROPERTY_NAME });
+    }
+
+    instance = new ConfigurationProvider(fileName);
+    return instance;
+  }
+
+  /**
+   * Constructor for ConfigurationProvider.
+   * 
+   * @param fileName The name of the configuration file.
+   * @throws ConfigurationException An error occurred loading the configuration.
+   */
+  public ConfigurationProvider(String fileName) throws ConfigurationException {
+    load(fileName);
+  }
+
+  /**
+   * Load the configuration data from XML file with the given name and build
+   * the internal data structures representing the MOA configuration.
+   * 
+   * @param fileName The name of the XML file to load.
+   * @throws ConfigurationException The MOA configuration could not be
+   * read/built.
+   */
+  private void load(String fileName) throws ConfigurationException {
+    FileInputStream stream = null;
+    File configFile;
+    File configRoot;
+    Element configElem;
+    ConfigurationPartsBuilder builder;
+    List allKeyModules;
+    
+
+    // load the main config file
+    try {
+      configFile = new File(fileName);
+      configRoot = new File(configFile.getParent());
+      info("config.21", new Object[] { configFile.getAbsoluteFile()});
+      stream = new FileInputStream(fileName);
+      configElem = DOMUtils.parseXmlValidating(new FileInputStream(fileName));
+    } catch (Throwable t) {
+      throw new ConfigurationException("config.10", null, t);
+    }
+
+    // build the internal datastructures
+    try {
+      builder = new ConfigurationPartsBuilder(configElem, configRoot);
+      
+      if (builder.checkTrustProfilesTSLenabled()) {
+    	  debug("TSL support enabled for at least one trustprofile.");
+    	  tslconfiguration_ = builder.getTSLConfiguration();
+    	  trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+      }
+      else {
+    	  tslconfiguration_ = null;
+    	  trustProfiles = builder.buildTrustProfiles();
+      }
+      
+      digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
+      canonicalizationAlgorithmName =
+        builder.getCanonicalizationAlgorithmName();
+      hardwareCryptoModules = builder.buildHardwareCryptoModules();
+      hardwareKeyModules =
+        builder.buildHardwareKeyModules(Collections.EMPTY_LIST);
+      softwareKeyModules =
+        builder.buildSoftwareKeyModules(hardwareKeyModules);
+      allKeyModules = new ArrayList(hardwareKeyModules);
+      allKeyModules.addAll(softwareKeyModules);
+      keyGroups = builder.buildKeyGroups(allKeyModules);
+      keyGroupMappings =
+        builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
+      
+      pdfAsConfiguration = builder.getPDFASConfiguration();
+      xadesVersion = builder.getXAdESVersion();
+      defaultChainingMode = builder.getDefaultChainingMode();
+      chainingModes = builder.buildChainingModes();
+      useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
+      autoAddCertificates_ = builder.getAutoAddCertificates();
+      //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+      
+      
+      distributionPoints = builder.buildDistributionPoints();
+      enableRevocationChecking_ = builder.getEnableRevocationChecking();
+      maxRevocationAge_ = builder.getMaxRevocationAge();
+      serviceOrder_ = builder.getServiceOrder();
+      enableRevocationArchiving_ = builder.getEnableRevocationArchiving();
+      cRLArchiveDuration = builder.getRevocationArchiveDuration();
+      revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL();
+      revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
+      
+      
+      
+      //check TSL configuration
+      checkTSLConfiguration();
+      
+      
+      
+      certStoreLocation_ = builder.getCertStoreLocation();
+      createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles();
+      createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles();
+      verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles();
+      supplementProfiles = builder.buildSupplementProfiles();
+      warnings = new ArrayList(builder.getWarnings());
+      permitFileURIs = builder.getPermitFileURIs();
+      crlRetentionIntervals = builder.getCrlRetentionIntervals();
+
+      allowExternalUris_= builder.allowExternalUris();
+      
+      if (allowExternalUris_) { 
+    	  blackListedUris_ = builder.buildPermitExternalUris();
+    	  whiteListedUris_ = null;
+      }
+      else {
+    	  info("config.35", null);
+    	  blackListedUris_ = null;
+    	  whiteListedUris_ = builder.buildForbidExternalUris();
+      }
+    	
+      
+      
+//      Set set = crlRetentionIntervals.entrySet();
+//      Iterator i = set.iterator();
+//      while(i.hasNext()){
+//        Map.Entry me = (Map.Entry)i.next();
+//        System.out.println("Key: " + me.getKey() + " - Value: " + me.getValue() );
+//      }
+      
+            
+    } catch (Throwable t) {
+      throw new ConfigurationException("config.11", null, t);
+    } finally {
+      try {
+        if (stream != null) {
+          stream.close();
+        }
+      } catch (IOException e) {
+        // don't complain about this
+      }
+    }
+  }
+  
+  private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException {
+	  boolean bTSLEnabledTPExist = false;
+	  Iterator it = trustProfiles.entrySet().iterator();
+	  while (it.hasNext()) {
+	      Map.Entry pairs = (Map.Entry)it.next();
+	      TrustProfile tp = (TrustProfile) pairs.getValue();
+	      if (tp.isTSLEnabled())
+	    	  bTSLEnabledTPExist = bTSLEnabledTPExist || true;
+	  }
+	  
+	  return bTSLEnabledTPExist;
+	  
+  }
+  
+  private void  checkTSLConfiguration() throws ConfigurationException {
+	  boolean bTSLEnabledTPExist = false;
+	  Iterator it = trustProfiles.entrySet().iterator();
+	  while (it.hasNext()) {
+	      Map.Entry pairs = (Map.Entry)it.next();
+	      TrustProfile tp = (TrustProfile) pairs.getValue();
+	      if (tp.isTSLEnabled())
+	    	  bTSLEnabledTPExist = bTSLEnabledTPExist || true;
+	  }
+	  
+	  if (!bTSLEnabledTPExist) {
+		  // if no trustprofile has TSL support enabled, delete TSL configuration
+		  tslconfiguration_ = null;
+		  return;
+	  }
+	  
+	  if (bTSLEnabledTPExist && (tslconfiguration_ == null)) {
+		  error("config.40", null);
+		  throw new ConfigurationException("config.40", null);
+	  }
+	  
+	  File workingDir = new File(tslconfiguration_.getWorkingDirectory());
+	  File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu");
+	  if (!eu_trust.exists()) {
+		  error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+		  throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+	  }
+	  else {
+		  File[] eutrustFiles = eu_trust.listFiles();
+		  if (eutrustFiles == null) {
+			  error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+			  throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+		  }
+		  else {
+			  if (eutrustFiles.length == 0) {
+				  error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+				  throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+			  }
+		  }
+			  
+	  }
+	  
+	  File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache");
+      if (!hashcache.exists()) {
+    	  hashcache.mkdir();
+      }
+      if (!hashcache.isDirectory()) {
+    	  error("config.38", new Object[] { hashcache.getAbsolutePath() });
+          return;  
+      }
+
+      System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
+//    String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+//    System.out.println("Hashcache: " + hashcachedir);
+
+
+      Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+	  
+      
+  }
+  
+
+  /**
+   * Returns the warnings encountered during building the configuration.
+   * 
+   * @return A <code>List</code> of <code>String</code>s, containing the
+   * warning messages.
+   */
+  public List getWarnings() {
+    return warnings;
+  }
+
+  /**
+   * Return the name of the digest algorithm used during signature creation.
+   * 
+   * @return The digest method algorithm name, or an empty <code>String</code>,
+   * if none has been configured.
+   */
+  public String getDigestMethodAlgorithmName() {
+    return digestMethodAlgorithmName;
+  }
+  
+  /**
+   * Return the XAdES version used for signature creation.
+   * 
+   * @return The XAdES version used for signature creation, or an empty <code>String</code>,
+   * if none has been configured.
+   */
+  public String getXAdESVersion() {
+    return xadesVersion;
+  }
+  
+  public String getPDFASConfiguration() {
+	    return pdfAsConfiguration;
+	  }
+ 
+  public boolean getAllowExternalUris() {
+	  return this.allowExternalUris_;
+  }
+  
+  public List getBlackListedUris() {
+	  return this.blackListedUris_;
+  }
+  public List getWhiteListedUris() {
+	  return this.whiteListedUris_;
+  }
+  
+  /**
+   * Return the name of the canonicalization algorithm used during signature
+   * creation.
+   * 
+   * @return The canonicalization algorithm name, or an empty
+   * <code>String</code> if none has been configured.
+   */
+  public String getCanonicalizationAlgorithmName() {
+    return canonicalizationAlgorithmName;
+  }
+
+  /**
+   * Return the configured hardware crypto modules.
+   * 
+   * @return A <code>List</code> of <code>HardwareCryptoModule</code> objects
+   * containing the hardware crypto module configurations.
+   */
+  public List getHardwareCryptoModules() {
+    return hardwareCryptoModules;
+  }
+
+  /**
+   * Return the hardware key modules configuration.
+   * 
+   * @return A <code>List</code> of <code>HardwareKeyModule</code> objects
+   * containing the configuration of the hardware key modules.
+   */
+  public List getHardwareKeyModules() {
+    return hardwareKeyModules;
+  }
+
+  /**
+   * Return the software key module configuration.
+   * 
+   * @return A <code>List</code> of <code>SoftwareKeyModule</code> objects
+   * containing the configuration of the software key modules.
+   */
+  public List getSoftwareKeyModules() {
+    return softwareKeyModules;
+  }
+
+  /**
+   * Return the key group mapping.
+   * 
+   * @return A mapping from key group ID (a <code>String</code>) to 
+   * <code>KeyGroup</code> mapping.
+   */
+  public Map getKeyGroups() {
+    return keyGroups;
+  }
+  
+  public KeyGroup getKeyGroup(String keyGroupId) {	  
+	  KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
+	  return keyGroup;
+  }
+
+  /**
+   * Return the set of <code>KeyGroupEntry</code>s of a given key group, which a
+   * client (identified by an issuer/serial pair) may access.
+   * 
+   * @param issuer The issuer of the client certificate.
+   * @param serial The serial number of the client certificate.
+   * @param keyGroupId The ID of the key group.
+   * @return A <code>Set</code> of all the <code>KeyGroupEntry</code>s in the
+   * given key group, if the user may access them. Returns <code>null</code>, if
+   * the user may not access the given key group or if the key group does not
+   * exist.
+   */
+  public Set getKeyGroupEntries(
+    Principal issuer,
+    BigInteger serial,
+    String keyGroupId) {
+
+    IssuerAndSerial issuerAndSerial;
+    Map mapping;
+
+    if (issuer == null && serial == null) {
+      issuerAndSerial = ANONYMOUS_ISSUER_SERIAL;
+    } else {
+      issuerAndSerial = new IssuerAndSerial(issuer, serial);
+    }
+
+//    System.out.println("Issuer: " + issuer);
+//    System.out.println("serial: " + serial);
+//    
+//    Iterator entries = keyGroupMappings.entrySet().iterator();
+//    while (entries.hasNext()) {
+//      Entry thisEntry = (Entry) entries.next();
+//      System.out.println("Entry: " + thisEntry.getKey());
+//      System.out.println("Value: " + thisEntry.getValue());
+//    }      
+    
+    mapping = (Map) keyGroupMappings.get(issuerAndSerial);
+    if (mapping != null) {
+      KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId);
+
+      if (keyGroup != null) {
+        return keyGroup.getKeyGroupEntries();
+      }
+    }
+    
+    // If no key group is available for a client identified by a certificate,
+    // try to find a key group in the anonymous key group mapping
+    if (issuer != null || serial != null)
+    {
+      mapping = (Map) keyGroupMappings.get(ANONYMOUS_ISSUER_SERIAL);
+      if (mapping != null)
+      {
+        KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId);
+        if (keyGroup != null) return keyGroup.getKeyGroupEntries();
+      }
+    }
+    
+    return null;
+  }
+
+  /**
+   * Return the chaining mode for a given trust anchor.
+   * 
+   * @param trustAnchor The trust anchor for which the chaining mode should be
+   * returned.
+   * @return The chaining mode for the given trust anchor. If the trust anchor
+   * has not been configured separately, the system default will be returned.
+   */
+  public String getChainingMode(X509Certificate trustAnchor) {
+    Principal issuer = trustAnchor.getIssuerDN();
+    BigInteger serial = trustAnchor.getSerialNumber();
+    IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
+
+    String mode = (String) chainingModes.get(issuerAndSerial);
+    return mode != null ? mode : defaultChainingMode;
+  }
+
+  /**
+   * Return the distribution points for a given CA.
+   * 
+   * @param cert The certificate for which the distribution points should be
+   *             looked up. The issuer information is used to perform the lookup.
+   * 
+   * @return A <code>Set</code> of <code>DistributionPoint</code> objects. The
+   *         set will be empty, if no distribution points have been configured 
+   *         for this certificate.
+   */
+  public Set getDistributionPoints(X509Certificate cert) 
+  {
+    try {
+      RFC2253NameParser nameParser =
+        new RFC2253NameParser(cert.getIssuerDN().toString());
+      String caIssuerDN = nameParser.parse().getName();
+      Set dps = (Set) distributionPoints.get(caIssuerDN);
+
+      if (dps == null) {
+        return Collections.EMPTY_SET;
+      }
+      return dps;
+    } catch (RFC2253NameParserException e) {
+      return Collections.EMPTY_SET;
+    }
+  }
+
+  /**
+   * Return the CRL archive duration.
+   * 
+   * @return The duration of how long to keep CRL archive entries (measured in
+   * days).
+   */
+  public int getCRLArchiveDuration() {
+    return cRLArchiveDuration;
+  }
+  
+  /**
+   * Returns whether revocation information should be archived.
+   * 
+   * @return whether revocation information should be archived.
+   */
+  public boolean getEnableRevocationArchiving()
+  {
+    return enableRevocationArchiving_;
+  }
+  
+  /**
+   * Returns the location of the certificate store.
+   * 
+   * @return the location of the certificate store.
+   */
+  public String getCertStoreLocation()
+  {
+    return certStoreLocation_;
+  }
+
+  /**
+   * Return a <code>CreateTransformsInfoProfile</code> with the given ID.
+   * 
+   * @param id The <code>CreateTransformsInfoProfile</code> ID.
+   * @return The <code>CreateTransformsInfoProfile</code> with the given
+   * ID or <code>null</code>, if none exists.
+   */
+  public Element getCreateTransformsInfoProfile(String id) {
+    return (Element) createTransformsInfoProfiles.get(id);
+  }
+
+  /**
+   * Return a <code>CreateSignatureEnvironmentProfile</code> with the given ID.
+   * 
+   * @param id The <code>CreateSignatureEnvironmentProfile</code> ID.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> with the given
+   * ID or <code>null</code>, if none exists.
+   */
+  public Element getCreateSignatureEnvironmentProfile(String id) {
+    return (Element) createSignatureEnvironmentProfiles.get(id);
+  }
+
+  /**
+   * Return a <code>VerifyTransformsInfoProfile</code> with the given ID.
+   * 
+   * @param id The <code>VerifyTransformsInfoProfile</code> ID.
+   * @return The <code>VerifyTransformsInfoProfile</code> with the given ID or
+   * <code>null</code>, if none exists.
+   */
+  public Element getVerifyTransformsInfoProfile(String id) {
+    return (Element) verifyTransformsInfoProfiles.get(id);
+  }
+
+  /**
+   * Return a <code>SupplementProfile</code> with the given ID.
+   * 
+   * @param id The <code>SupplementProfile</code> ID.
+   * @return The <code>SupplementProfile</code> with the given ID or
+   * <code>null</code>, if none exists.
+   */
+  public Element getSupplementProfile(String id) {
+    return (Element) supplementProfiles.get(id);
+  }
+
+  /**
+   * Return a <code>TrustProfile</code> with the given ID.
+   * 
+   * @param id The <code>TrustProfile</code> ID.
+   * @return The <code>TrustProfile</code> with the given ID or
+   * <code>null</code>, if none exists.
+   */
+  public TrustProfile getTrustProfile(String id) {
+    return (TrustProfile) trustProfiles.get(id);
+  }
+  
+  /**
+   * Returns a map of <code>TrustProfiles</code>
+   * @return
+   */
+  public Map getTrustProfiles() {
+	  return trustProfiles;
+  }
+
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param parameters Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private static void info(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+    Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+  
+  /**
+   * Log a debug message.
+   * 
+   * @param messageId The message ID.
+   * @param parameters Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private static void debug(String message) {
+    Logger.debug(message);
+  }
+  
+     /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void warn(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt));
+    warnings.add(txt);
+  }
+
+  /**
+   * Log an error.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void error(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt));
+//    warnings.add(txt);
+  }
+  
+  /**
+   * Returns the JDBC URL for the revocation archive database.
+   * 
+   * @return the JDBC URL for the revocation archive database.
+   */
+  public String getRevocationArchiveJDBCURL()
+  {
+    return revocationArchiveJDBCURL_;
+  }
+
+  /**
+   * Returns the JDBC driver class name for the revocation archive database.
+   * 
+   * @return the JDBC driver class name for the revocation archive database.
+   */
+  public String getRevocationArchiveJDBCDriverClass()
+  {
+    return revocationArchiveJDBCDriverClass_;
+  }
+
+  /**
+   * Returns whether revocation checking should be done.
+   * 
+   * @return whether revocation checking should be done.
+   */
+  public boolean getEnableRevocationChecking()
+  {
+    return enableRevocationChecking_;
+  }
+
+  /**
+   * Returns the maximum age of a revocation information for considering it 
+   * still as valid.
+   * 
+   * @return the maximum age of a revocation information for considering it 
+   *         still as valid.
+   */
+  public long getMaxRevocationAge()
+  {
+    return maxRevocationAge_;
+  }
+
+  /**
+   * Returns the service order for revocation checking.
+   * 
+   * @return the service order for revocation checking. Valid array entries are
+   *         {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}.
+   */
+  public String[] getServiceOrder()
+  {
+    return serviceOrder_;
+  }
+
+  /**
+   * Returns whether certificates found during certificate path construction 
+   * should be added to the certificate store.
+   * 
+   * @return whether certificates found during certificate path construction 
+   *         should be added to the certificate store.
+   */
+  public boolean getAutoAddCertificates()
+  {
+    return autoAddCertificates_;
+  }
+
+  /**
+   * Returns whether the certificate extension Authority Info Access should 
+   * be used during certificate path construction.
+   * 
+   * @return whether the certificate extension Authority Info Access should 
+   *         be used during certificate path construction.
+   */
+  public boolean getUseAuthorityInfoAccess()
+  {
+    return useAuthorityInfoAccess_;
+  }
+  
+  /**
+   * Returns whether the file URIs are permitted or not
+   * @return whether the file URIs are permitted or not
+   */
+  public boolean getPermitFileURIs()
+  {
+    return permitFileURIs; 
+  }
+  
+  /**
+   * Returns the map of retention intervals
+   * @return The map of retention intervals
+   */
+  public Map getCrlRetentionIntervals() {
+     return crlRetentionIntervals;
+  }
+ 
+  /**
+   * Returns the global TSL configuration
+   * @return The global TSL configuration
+   */
+  public TSLConfiguration getTSLConfiguration() {
+	  return tslconfiguration_;
+  }
+ 
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java
new file mode 100644
index 0000000..a2e5b93
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * Abstract base class for distribution points.
+ * 
+ * @author Gregor Karlinger
+ * @version $Id$
+ * */
+public abstract class DistributionPoint implements iaik.pki.revocation.DistributionPoint
+{
+  /** 
+   * The distribution point URI. 
+   */
+  private String uri_;
+
+  /**
+   * Create a <code>DistributionPoint</code> with a URI.
+   * 
+   * @param uri The URI of the distribution point.
+   */
+  public DistributionPoint(String uri)
+  {
+    uri_ = uri;
+  }
+  
+  /**
+   * @see iaik.pki.revocation.DistributionPoint#getType()
+   */
+  public abstract String getType();
+
+  /**
+   * @see iaik.pki.revocation.DistributionPoint#getUri()
+   */
+  public String getUri()
+  {
+    return uri_;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java
new file mode 100644
index 0000000..c0487f6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * Contains configuration data for a hardware crypto module.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareCryptoModule {
+  /** The name of the module. */
+  private String name;
+  /** The slod ID of the module. */
+  private String slotID;
+  /** The user PIN of the module. */
+  private String userPIN;
+  
+  /**
+   * Create a new <code>HardwareCryptoModule</code>.
+   * 
+   * @param name The name of this <code>HardwareCryptoModule</code>.
+   * @param slotID The slot ID of this <code>HardwareCryptoModule</code>.
+   * @param userPIN The user PIN to access this
+   * <code>HardwareCryptoModule</code>.
+   */
+  public HardwareCryptoModule(String name, String slotID, String userPIN) {
+    this.name = name;
+    this.slotID = slotID;
+    this.userPIN = userPIN;
+  }
+  
+  /**
+   * Returns the name of this <code>HardwareCryptoModule</code>.
+   * 
+   * @return The name of this <code>HardwareCryptoModule</code>.
+   */
+  public String getName() {
+    return name;
+  }
+
+  /**
+   * Returns the slot ID of this <code>HardwareCryptoModule</code>.
+   * 
+   * @return The slot ID.
+   */
+  public String getSlotID() {
+    return slotID;
+  }
+
+
+  /**
+   * Returns the user PIN of this <code>HardwareCryptoModule</code>.
+   * 
+   * @return The user PIN used to access the module.
+   */
+  public String getUserPIN() {
+    return userPIN;
+  }
+
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java
new file mode 100644
index 0000000..18fd085
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * A class that contains information about a hardware key module.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareKeyModule extends KeyModule {
+  /** The name of the module. */
+  private String name;
+  /** The slod ID of the module. */
+  private String slotID;
+  /** The user PIN of the module. */
+  private String userPIN;
+  
+  /**
+   * Create a new <code>HardwareKey</code>.
+   * 
+   * @param id The key module ID.
+   * @param name The name of the key.
+   * @param slotID The slot ID of the key within the hardware module. May be
+   * <code>null</code>.
+   * @param userPIN The user PIN to access the key.
+   */
+  public HardwareKeyModule(String id, String name, String slotID, String userPIN) {
+    super(id);
+    this.name = name;
+    this.slotID = slotID;
+    this.userPIN = userPIN;   
+  }
+  
+  /**
+   * Return the name of this <code>HardwareKey</code>.
+   * 
+   * @return The name of this <code>HardwareKey</code>.
+   */
+  public String getName() {
+    return name;
+  }
+  
+  /**
+   * Return the slot ID of this <code>HardwareKey</code>.
+   * 
+   * @return The slot ID of this <code>HardwareKey</code>.
+   */
+  public String getSlotID() {
+    return slotID;
+  }
+  
+  /**
+   * Return the user PIN to access this <code>HardwareKey</code>.
+   * 
+   * @return The user PIN to access this <code>HardwareKey</code>.
+   */
+  public String getUserPIN() {
+    return userPIN;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java
new file mode 100644
index 0000000..38a3ae9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import java.math.BigInteger;
+import java.security.Principal;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+/**
+ * A class containing the issuer and serial number of a certificate, which can
+ * be used to uniquely identify the certificate.
+ * 
+ * The issuer is contained as an RFC2253 encoded <code>String</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IssuerAndSerial {
+
+  /** The issuer distinguished name. */
+  private String issuerDN;
+  /** The certificate serial number. */
+  private BigInteger serial;
+
+  /**
+   * Create an <code>IssuerAndSerial</code> object.
+   * 
+   * The name of the issuer is converted to RFC2253. If it cannot be parsed, the
+   * DN contained in the <code>issuer</code> is set. 
+   * 
+   * @param issuer The isser of a certificate.
+   * @param serial The serial number of the certificate.
+   */
+  public IssuerAndSerial(Principal issuer, BigInteger serial) {
+    String issuerDN = null;
+    if (issuer instanceof Name) {
+      try {
+        issuerDN = ((Name)issuer).getRFC2253String();
+      } catch (RFC2253NameParserException e) {
+        // do nothing
+      }
+    }
+    if (issuerDN == null) {
+      RFC2253NameParser parser = new RFC2253NameParser(issuer.getName());
+      try {
+        issuerDN = ((Name)parser.parse()).getRFC2253String();
+      } catch (RFC2253NameParserException e) {
+        issuerDN = issuer.getName();
+      }
+    }
+    this.serial = serial;
+    this.issuerDN = issuerDN;
+  }
+  
+  /**
+   * Create an <code>IssuerAndSerial</code> object.
+   * 
+   * @param issuerDN The issuer distinguished name. Should be an RFC2253 name.
+   * @param serial The serial number of the certificate.
+   */
+  public IssuerAndSerial(String issuerDN, BigInteger serial) {
+    this.issuerDN = issuerDN;
+    this.serial = serial;
+  }
+
+  /**
+   * Return the issuer DN in RFC2253 format.
+   * 
+   * @return The issuer part of this object.
+   */
+  public String getIssuerDN() {
+    return issuerDN;
+  }
+
+  /**
+   * Return the serial number.
+   * 
+   * @return The serial number of this object.
+   */
+  public BigInteger getSerial() {
+    return serial;
+  }
+
+  /**
+   * Compare this <code>IssuerAndSerial</code> to another object.
+   * 
+   * @param other The object to compare this <code>IssuerAndSerial</code> to.
+   * @return <code>true</code>, if <code>other</code> is an
+   * <code>IssuerAndSerial</code> object and the <code>issuer</code> and
+   * <code>serial</code> fields are both equal. <code>false</code> otherwise.
+   * @see java.lang.Object#equals(java.lang.Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof IssuerAndSerial) {
+      IssuerAndSerial ias = (IssuerAndSerial) other;
+      return getIssuerDN().equals(ias.getIssuerDN())
+        && getSerial().equals(ias.getSerial());
+    }
+    return false;
+  }
+
+  /**
+   * Return the hash code of this <code>IssuerAndSerial</code>.
+   * 
+   * @return The hash code of this <code>IssuerAndSerial</code>.
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return issuerDN.hashCode() ^ serial.hashCode();
+  }
+
+  /**
+   * Return a <code>String</code> representation of this
+   * <code>IssuerAndSerial</code> object.
+   * 
+   * @return The <code>String</code> representation.
+   * @see java.lang.Object#toString()
+   */
+  public String toString() {
+    return ("(IssuerAndSerial - Issuer<" + getIssuerDN())
+      + ("> Serial<" + serial.toString() + ">)");
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
new file mode 100644
index 0000000..c2490f9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * A collection of <code>KeyGroupEntry</code>s with its own ID.
+ * 
+ * @author Sven Aigner
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class KeyGroup {
+
+  /** The keys belonging to this key group. */
+  private Set keyGroupEntries;
+  /** The key group ID. */
+  private String id;
+  /** The digest method algorithm for the key group */
+  private String digestMethodAlgorithm;
+
+  /**
+   * Create a <code>KeyGroup</code>.
+   * 
+   * @param id The ID of this <code>KeyGroup</code>.
+   * @param keyGroupEntries The keys belonging to this <code>KeyGroup</code>.
+   * @param digestMethodAlgorithm The signature algorithm used for this key group
+   */
+  public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm) {
+    this.id = id;
+    this.keyGroupEntries = keyGroupEntries;
+    this.digestMethodAlgorithm = digestMethodAlgorithm; 
+  }
+
+  /**
+   * Return the <code>KeyEntry</code>s contained in this <code>KeyGroup</code>.
+   * 
+   * @return The <code>KeyEntry</code>s contained in this <code>KeyGroup</code>.
+   */
+  public Set getKeyGroupEntries() {
+    return keyGroupEntries;
+  }
+  
+  /**
+   * Returnd the digest method algorithm used for this key group
+   * @return The digest method signature algorithm used for this key group
+   */
+  public String getDigestMethodAlgorithm() {
+	  return digestMethodAlgorithm;
+  }
+
+  /**
+   * Return the ID of this <code>KeyGroup</code>.
+   * 
+   * @return The <code>KeyGroup</code> ID.
+   */
+  public String getId() {
+    return id;
+  }
+
+  /** 
+   * Return a <code>String</code> representation of this <code>KeyGroup</code>.
+   * 
+   * @return The <code>String</code> representation.
+   * @see java.lang.Object#toString()
+   */
+  public String toString() {
+    StringBuffer sb = new StringBuffer();
+    Iterator i;
+
+    if (getKeyGroupEntries() != null) {
+      i = getKeyGroupEntries().iterator();
+
+      while (i.hasNext()) {
+        sb.append(" " + i.next());
+      }
+    }
+    return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: " + digestMethodAlgorithm;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java
new file mode 100644
index 0000000..fcedfb0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import java.math.BigInteger;
+
+/**
+ * A class containing information about an entry in a key group.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class KeyGroupEntry {
+  /** The module ID of the key. */
+  private String moduleID;
+  /** The issuer DN of the certificate identifying the key. */
+  private String issuerDN;
+  /** The serial number of the certificate identifying the key. */
+  private BigInteger serialNumber;
+
+  /**
+   * Create a new <code>KeyGroupEntry</code>.
+   * 
+   * @param moduleID The key module ID to which this entry belongs to.
+   * @param issuerAndSerial The issuer and serial number which uniquely
+   * identifies a certificate within the key module.
+   */
+  public KeyGroupEntry(String moduleID, IssuerAndSerial issuerAndSerial) {
+    this.moduleID = moduleID;
+    this.issuerDN = issuerAndSerial.getIssuerDN();
+    this.serialNumber = issuerAndSerial.getSerial();
+  }
+
+  /**
+   * Create a new <code>KeyGroupEntry</code>.
+   * 
+   * @param moduleID The key module ID to which this entry belongs to.
+   * @param issuerDN The isser DN of the certificate within the key module.
+   * @param serialNumber The serial number of the certificate within the key
+   * module.
+   */
+  public KeyGroupEntry(
+    String moduleID,
+    String issuerDN,
+    BigInteger serialNumber) {
+    this.moduleID = moduleID;
+    this.issuerDN = issuerDN;
+    this.serialNumber = serialNumber;
+  }
+
+  /**
+   * Return the key module ID to which this <code>KeyGroupEntry</code> belongs
+   * to.
+   * 
+   * @return The key module ID.
+   */
+  public String getModuleID() {
+    return moduleID;
+  }
+
+  /**
+   * Return the issuer DN of this <code>KeyGroupEntry</code> for identifying the
+   * certificate within the key module.
+   * 
+   * @return The issuer DN of the certificate.
+   */
+  public String getIssuerDN() {
+    return issuerDN;
+  }
+
+  /**
+   * Return the serial number of this <code>KeyGroupEntry</code> for identifying
+   * the certificate within the key module.
+   * 
+   * @return The serial number of the certificate.
+   */
+  public BigInteger getSerialNumber() {
+    return serialNumber;
+  }
+
+  /**
+   * Compare this <code>KeyGroupEntry</code> to another.
+   *
+   * @param other The <code>KeyGroupEntry</code> to compare to.
+   * @return <code>true</code>, if module ID, isser DN and serial number of
+   * <code>other</code> match the ones contained in this object, otherwise
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof KeyGroupEntry) {
+      KeyGroupEntry entry = (KeyGroupEntry) other;
+      return getModuleID().equals(entry.getModuleID())
+        && getIssuerDN().equals(entry.getIssuerDN())
+        && getSerialNumber().equals(entry.getSerialNumber());
+    }
+    return false;
+  }
+  
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getModuleID().hashCode()
+      ^ getIssuerDN().hashCode()
+      ^ getSerialNumber().hashCode();
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java
new file mode 100644
index 0000000..45d8d7e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * A class that contains information about a key module.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class KeyModule {
+
+  /** The key module ID. */
+  private String id;
+
+  /**
+   * Create a <code>Key</code> object.
+   * 
+   * @param id The key module ID.
+   */
+  public KeyModule(String id) {
+    this.id = id;
+  }
+
+  /**
+   * Return the key ID.
+   * 
+   * @return The key ID.
+   */
+  public String getId() {
+    return id;
+  }
+
+  /**
+   * Return a <code>String</code> representation of this <code>Key</code>.
+   * 
+   * @return The <code>String</code> representation.
+   * @see java.lang.Object#toString()
+   */
+  public String toString() {
+    return "(Key - Id<" + id + ">)";
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java
new file mode 100644
index 0000000..2e91c6b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.pki.revocation.RevocationSourceTypes;
+
+/**
+ * A class representing a CRL distribution point.
+ * 
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class OCSPDistributionPoint 
+  extends DistributionPoint 
+  implements iaik.pki.revocation.DistributionPoint
+{
+  /**
+   * Create a <code>OCSPDistributionPoint</code> with a URI.
+   * 
+   * @param uri The URI of the ocsp distribution point.
+   */
+  public OCSPDistributionPoint(String uri)
+  {
+    super(uri);
+  }
+
+  /**
+   * @see iaik.pki.revocation.DistributionPoint#getType()
+   */
+  public String getType()
+  {
+    return RevocationSourceTypes.OCSP;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java
new file mode 100644
index 0000000..0ed83bb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * A class containing information about a software key, stored in PKCS12 format.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SoftwareKeyModule extends KeyModule {
+  /** The name of the file containing the keys. */
+  private String fileName;
+  /** The password for accessing the file. */
+  private String passWord;
+  
+  /**
+   * Create a new <code>SoftwareKey</code>.
+   * 
+   * @param id The key ID.
+   * @param fileName The name of the PKCS12 keystore file containing the key.
+   * @param passWord The password to access the keystore file.
+   */
+  public SoftwareKeyModule(String id, String fileName, String passWord) {
+    super(id);
+    this.fileName = fileName;
+    this.passWord = passWord;
+  }
+  
+  /**
+   * Return the name of the PKCS12 keystore file containing this
+   * <code>SoftwareKey</code>.
+   * 
+   * @return The name of the PKCS12 keystore file.
+   */
+  public String getFileName() {
+    return fileName;
+  }
+  
+  /**
+   * Return the password to access the keystore file.
+   * 
+   * @return The password to access the keystore file.
+   */
+  public String getPassWord() {
+    return passWord;
+  }
+  
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
new file mode 100644
index 0000000..21063c7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.x509.X509Certificate;
+
+/**
+ * Information about a trust profile.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TrustProfile {
+  /** The ID of the trust profile. */
+  private String id;
+  /** The URI giving the location of the trust profile. */
+  private String uri;
+  /** The URI giving the location of the allowed signer certificates. */
+  private String signerCertsUri;
+  /** Defines if Trustprofile makes use of EU TSL*/
+  private boolean tslEnabled;
+  /** The original URI (out of the configuration) giving the location of the trust profile (used when TSL is enabled) */
+  private String uriOrig;
+  /** The countries given */  
+  private String countries;
+  /** */
+  private X509Certificate[] certificatesToBeRemoved;
+  
+  /**
+   * Create a <code>TrustProfile</code>.
+   * 
+   * @param id The ID of the <code>TrustProfile</code> to create.
+   * @param uri The URI of the <code>TrustProfile</code> to create.
+   * @param signerCertsUri The URI of the location of the allowed signer
+   *        certificates of the <code>TrustProfile</code> to create.
+   */
+  public TrustProfile(String id, String uri, String signerCertsUri, boolean tslEnabled, String countries) {
+    this.id = id;
+    this.uri = uri;
+    this.signerCertsUri = signerCertsUri;
+    this.tslEnabled = tslEnabled;
+    this.countries = countries;
+    this.certificatesToBeRemoved = new X509Certificate[0];
+  }
+
+  /**
+   * Return the ID of this <code>TrustProfile</code>.
+   * 
+   * @return The <code>TrustProfile</code> ID.
+   */
+  public String getId() {
+    return id;
+  }
+
+  /**
+   * Return the URI of this <code>TrustProfile</code>.
+   * 
+   * @return The URI of <code>TrustProfile</code>.
+   */
+  public String getUri() {
+    return uri;
+  }
+  
+  /**
+   * Return the original URI of this <code>TrustProfile</code>.
+   * 
+   * @return The original URI of <code>TrustProfile</code>.
+   */
+  public String getUriOrig() {
+    return uriOrig;
+  }
+
+  /**
+   * Return the URI giving the location of the allowed signer certificates
+   * of this <code>TrustProfile</code>.
+   * 
+   * @return The URI of <code>TrustProfile</code>.
+   */
+  public String getSignerCertsUri() {
+    return signerCertsUri;
+  }
+  /**
+   * Returns if Trustprofile is TSL enabled
+   * @return
+   */
+  public boolean isTSLEnabled() {
+	  return tslEnabled;
+  }
+  /**
+   * Returns the given countries
+   * @return Given countries
+   */
+  public String getCountries() {
+	  if (!tslEnabled)
+		  return null;
+	  else
+		  return countries;
+  }
+  
+     
+  /**
+   * Sets the original URI of this <code>TrustProfile</code>.
+   * 
+   * @return The original URI of <code>TrustProfile</code>.
+   */
+  public void setUriOrig(String uriOrig) {
+    this.uriOrig = uriOrig;
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
new file mode 100644
index 0000000..49e5ecc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.cmssign;
+
+import iaik.server.modules.algorithms.SignatureAlgorithms;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.AlgorithmUnavailableException;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * An object providing auxiliary information for creating a CMS signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureCreationProfileImpl
+  implements CMSSignatureCreationProfile {
+
+  /** The set of keys available to the signing process. */
+  private Set keySet;
+  /** The MIME type of the data to be signed*/
+  private String mimeType;
+  /** Whether the created signature is to be Security Layer conform. */ 
+  private boolean securityLayerConform;
+  /** Properties to be signed during signature creation. */ 
+  private List signedProperties;
+  /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */
+  private boolean includeData;
+  /** Digest Method algorithm  */
+  private String digestMethod;
+  
+  
+  /**
+   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * 
+   * @param createProfileCount Provides external information about the 
+   * number of calls to the signature creation module, using the same request.
+   * @param reservedIDs The set of IDs that must not be used while generating
+   * new IDs.
+   */
+  public CMSSignatureCreationProfileImpl(
+    Set keySet,
+    String digestMethod,
+    List signedProperties,
+    boolean securityLayerConform,
+    boolean includeData,
+    String mimeType) {
+	  this.keySet = keySet;
+	  this.signedProperties = signedProperties;
+	  this.securityLayerConform = securityLayerConform;
+	  this.includeData = includeData;
+	  this.mimeType = mimeType;
+	  this.digestMethod = digestMethod;
+
+  }
+
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
+   */
+  public Set getKeySet() {
+    return keySet;
+  }
+
+  /**
+   * Set the set of <code>KeyEntryID</code>s which may be used for signature
+   * creation.
+   * 
+   * @param keySet The set of <code>KeyEntryID</code>s to set.
+   */
+  public void setKeySet(Set keySet) {
+    this.keySet = keySet;
+  }
+
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
+   */
+  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
+    throws AlgorithmUnavailableException {
+
+	  
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    TransactionId tid = new TransactionId(context.getTransactionID());
+    KeyModule module = KeyModuleFactory.getInstance(tid);
+    Set algorithms;
+
+    try {
+      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
+    } catch (UnknownKeyException e) {
+      throw new AlgorithmUnavailableException(
+        "Unknown key entry: " + selectedKeyID,
+        e,
+        null);
+    }
+    
+      	if (digestMethod.compareTo("SHA-1") == 0) {
+    		Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
+             }
+    		
+    	} else if (digestMethod.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethod,
+         			null,
+         	        null);
+         }
+  
+
+  }
+
+
+ 
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   * 
+   * @param securityLayerConform <code>true</code>, if the created signature
+   * is to be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+ 
+  public void setDigestMethod(String digestMethod) {
+	  this.digestMethod = digestMethod;
+  }
+ 
+
+  public String getMimeType() {
+	  return mimeType;
+  }
+
+  public boolean includeData() {
+	return this.includeData;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
new file mode 100644
index 0000000..972b540
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.cmsverify;
+
+import iaik.pki.PKIProfile;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
+
+/**
+ * An implementation of the <code>CMSSignatureVerificationProfile</code>
+ * interface.
+ * 
+ * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureVerificationProfileImpl
+  implements CMSSignatureVerificationProfile {
+    
+  /** The profile for validating the certificate. */
+  private PKIProfile certificateValidationProfile;
+
+  /**
+   * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile#getCertificateValidationProfile()
+   */
+  public PKIProfile getCertificateValidationProfile() {
+    return certificateValidationProfile;
+  }
+
+  /**
+   * Sets the profile for validating the signer certificate.
+   * 
+   * @param certificateValidationProfile The certificate validation profile to
+   * set.
+   */
+  public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) {
+    this.certificateValidationProfile = certificateValidationProfile;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java
new file mode 100644
index 0000000..90e6793
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.server.modules.keys.KeyModuleConfiguration;
+
+/**
+ * Base implementation class for the <code>KeyModuleConfiguration</code>
+ * interface and the interfaces derived from it.
+ * 
+ * @see iaik.server.modules.keys.KeyModuleConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class AbstractKeyModuleConfigurationImpl
+  implements KeyModuleConfiguration {
+
+  /** The module ID. */    
+  private String moduleID;
+  
+  /**
+   * Creata new <code>AbstractKeyModuleConfigurationImpl</code>.
+   * 
+   * @param moduleID The key module ID of this
+   * <code>KeyModuleConfiguration</code>.
+   */
+  public AbstractKeyModuleConfigurationImpl(String moduleID) {
+    this.moduleID = moduleID;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.KeyModuleConfiguration#getModuleID()
+   */
+  public String getModuleID() {
+    return moduleID;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java
new file mode 100644
index 0000000..e2d828b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pki.store.observer.NotificationData;
+import iaik.pki.store.observer.Observable;
+import iaik.pki.store.observer.Observer;
+
+/**
+ * A base class for observable configuration data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class AbstractObservableConfiguration implements Observable {
+
+  /** The observers registered with this <code>Observable</code>. */
+  private List observers = new ArrayList();
+
+  /**
+   * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
+   */
+  public void addObserver(Observer observer) {
+    observers.add(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
+   */
+  public boolean removeObserver(Observer observer) {
+    return observers.remove(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
+   */
+  public void notify(NotificationData data) {
+    Iterator iter = observers.iterator();
+
+    for (iter = observers.iterator(); iter.hasNext();) {
+      Observer observer = (Observer) iter.next();
+      observer.notify(data);
+    }
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java
new file mode 100644
index 0000000..4a300a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveParameters;
+import iaik.pki.store.revocation.archive.ArchiveTypes;
+
+import java.sql.Driver;
+import java.sql.DriverManager;
+import java.util.Enumeration;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>ArchiveConfiguration</code> interface
+ * using configuration data provided by the MOA configuration file.
+ * 
+ * @see iaik.pki.store.revocation.archive.ArchiveConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ArchiveConfigurationImpl
+  extends AbstractObservableConfiguration
+  implements ArchiveConfiguration {
+    
+  /** The configuration parameters of the archive. */
+  private ArchiveParameters archiveParameters;
+
+  /**
+   * Create a new <code>ArchiveConfigurationImpl</code>.
+   * 
+   * @param config The MOA configuration from which the configuration data is being read.
+   */
+  public ArchiveConfigurationImpl(ConfigurationProvider config) 
+  {
+    String jdbcUrl = config.getRevocationArchiveJDBCURL();
+    this.archiveParameters = new DataBaseArchiveParameterImpl(jdbcUrl);
+    
+    // Register JDBC driver class 
+    if (jdbcUrl != null)
+    {
+      String jdbcDriverClass = config.getRevocationArchiveJDBCDriverClass();
+      try
+      {
+        Class.forName(jdbcDriverClass);
+      }
+      catch (ClassNotFoundException e)
+      {
+        // TODO 20030709 GK Improve exception handling
+        throw new RuntimeException("JDBC driver class \"" + jdbcDriverClass + " could not be found.");       
+      }
+      
+      Enumeration regDrivers = DriverManager.getDrivers();
+      boolean isRegistered = false;
+      while (regDrivers.hasMoreElements())
+      {
+        Object currentDriver = regDrivers.nextElement();
+        if (jdbcDriverClass.equals(currentDriver.getClass().getName())) isRegistered = true;
+      }
+      if (!isRegistered)
+      {
+        // Workaround for a driver which does not register itselve at invocation of Class.forName(drvname)
+        try
+        {
+          DriverManager.registerDriver((Driver)Class.forName(jdbcDriverClass).newInstance()); 
+        }
+        catch (Exception e)
+        {
+          // TODO 20030709 GK Improve exception handling
+          throw new RuntimeException("Registering JDBC driver \"" + jdbcDriverClass + " failed.");       
+        }
+      }
+    }
+  }
+
+  /**
+   * Return the type of archive.
+   * 
+   * This will always return <code>ArchiveTypes.DATABASE</code>.
+   * @return <code>ArchiveTypes.DATABASE</code>.
+   * @see iaik.pki.store.revocation.archive.ArchiveConfiguration#getType()
+   */
+  public String getType() {
+    return ArchiveTypes.DATABASE;
+  }
+
+  /**
+   * Return the <code>ArchiveParameters</code> describing this
+   * <code>ArchiveConfiguration</code>.
+   * 
+   * @return The archive parameters.
+   * @see iaik.pki.store.revocation.archive.ArchiveConfiguration#getArchiveParameters()
+   */
+  public ArchiveParameters getArchiveParameters() {
+    return archiveParameters;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
new file mode 100644
index 0000000..981ea05
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.logging.TransactionId;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.revocation.RevocationInfoRetriever;
+import iaik.pki.store.revocation.RevocationSource;
+import iaik.pki.store.revocation.RevocationStoreException;
+import iaik.pki.ldap.Handler;
+
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLStreamHandler;
+import java.util.Collection;
+import java.util.Date;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * A customized implementation of
+ * {@link iaik.pki.store.revocation.RevocationInfoRetriever}. Will be used
+ * instead of the default implementation
+ * {@link iaik.pki.store.revocation.CRLRetriever} to overcome a classloader
+ * problem in connection with the {@link java.net.URL} class in a Tomcat
+ * deployment environment.
+ * 
+ * @author Gregor Karlinger
+ * @version $$
+ */
+public class CRLRetriever implements RevocationInfoRetriever {
+	public void update(RevocationSource source, Collection supplementalRequestData, TransactionId tid)
+			throws RevocationStoreException {
+		if (source == null) {
+			throw new NullPointerException("RevocationSource parameter mustn't be null.");
+		}
+		Logger.info("Downloading crl from " + source.getUri());
+		if (!source.getType().equals(RevocationSourceTypes.CRL)) {
+			throw new RevocationStoreException(source.getType() + " not supported", null, getClass().getName() + ":1");
+		}
+		try {
+			URL crlUrl;
+			try {
+				crlUrl = new URL(source.getUri());
+			} catch (MalformedURLException e) {
+				// Workaround for classloader problem with deployment in Tomcat
+				// 4.1
+				URLStreamHandler handler = new Handler();
+				crlUrl = new URL(null, source.getUri(), handler);
+			}
+
+			InputStream crlInputStream = crlUrl.openStream();
+			source.readFrom(crlInputStream, tid);
+			source.setDownloadTime(new Date());
+			crlInputStream.close();
+		} catch (Exception iox) {
+			Logger.warn("Cannot retrieve crl", iox);
+			throw new RevocationStoreException("Cannot retrieve CRL", iox, getClass().getName() + ":1");
+		}
+	}
+
+	@Override
+	public void setConnectTimeout(int arg0) {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+	}
+
+	@Override
+	public void setReadTimeout(int arg0) {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+	}
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
new file mode 100644
index 0000000..a4f7660
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.commons.io.FileUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import iaik.logging.Log;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+import iaik.pki.store.certstore.directory.DirectoryStoreException;
+import iaik.pki.store.certstore.utils.DirectoryCertStoreConverter;
+
+/**
+ * An implementation of the <code>CertStoreConfiguration</code> interface based
+ * on MOA configuration data.
+ * 
+ * @see iaik.pki.store.certstore.CertStoreConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CertStoreConfigurationImpl extends AbstractObservableConfiguration implements CertStoreConfiguration {
+
+	private static final Logger logger = LoggerFactory.getLogger(CertStoreConfigurationImpl.class);
+
+	/** The configuration parameters of the <code>CertStore</code>. */
+	private CertStoreParameters[] parameters;
+
+	/**
+	 * Create a new <code>CertStoreConfigurationImpl</code>.
+	 * 
+	 * @param config
+	 *            The MOA configuration from which the configuration data is
+	 *            being read.
+	 */
+	public CertStoreConfigurationImpl(ConfigurationProvider config) {
+		String certStoreRoot = config.getCertStoreLocation();
+
+		DirectoryCertStoreParameters dirParameters = new DirectoryCertStoreParametersImpl("MOA Directory CertStore",
+				certStoreRoot, true, false);
+
+		parameters = new CertStoreParameters[] { dirParameters };
+	}
+
+	/**
+	 * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
+	 */
+	public CertStoreParameters[] getParameters() {
+		return parameters;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java
new file mode 100644
index 0000000..dff78d6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.logging.LoggerConfig;
+import iaik.pki.PKIConfiguration;
+import iaik.server.ConfigurationData;
+
+import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule;
+import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule;
+
+/**
+ * An implementation of the <code>ConfigurationData</code> interface using
+ * MOA configuration data.
+ * 
+ * @see iaik.server.ConfigurationData
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationDataImpl implements ConfigurationData {
+  /** PKI configuration data. */
+  private PKIConfiguration pkiConfiguration;
+  /** Crypto modules configuration data. */
+  private List cryptoModuleConfigurations;
+  /** Key modules configuration data. */
+  private List keyModuleConfigurations;
+  /** Logging configuration data. */
+  private LoggerConfig loggerConfig;
+
+  /**
+   * Create a new <code>ConfigurationDataImpl</code>.
+   * 
+   * @param config The underlying MOA configuration data.
+   */
+  public ConfigurationDataImpl(ConfigurationProvider config) {
+    this.pkiConfiguration = new PKIConfigurationImpl(config);
+    this.cryptoModuleConfigurations = buildCryptoModuleConfigurations(config);
+    this.keyModuleConfigurations = buildKeyModuleConfigurations(config);
+    this.loggerConfig = new LoggerConfigImpl();
+  }
+
+  /**
+   * Build the list of <code>CryptoModuleConfiguration</code>s.
+   * 
+   * @param config The underlying MOA configuration data.
+   * @return The list of <code>CryptoModuleConfiguration</code>s configured in
+   * the MOA configuration.
+   */
+  private List buildCryptoModuleConfigurations(ConfigurationProvider config) {
+    List modules = new ArrayList();
+    Iterator iter = config.getHardwareCryptoModules().iterator();
+    
+    while (iter.hasNext()) {
+      HardwareCryptoModule module = (HardwareCryptoModule) iter.next();
+      modules.add(new HardwareCryptoModuleConfigurationImpl(module));
+    }
+    
+    return modules;
+  }
+  
+  /**
+   * Build the list of <code>KeyModuleConfiguration</code>s.
+   * 
+   * @param config The underlying MOA configuration data.
+   * @return The list of <code>KeyModuleConfiguration</code>s configured in the
+   * MOA configuration.
+   */
+  private List buildKeyModuleConfigurations(ConfigurationProvider config) {
+    List keys = new ArrayList();
+    Iterator iter;
+    
+    // add the hardware keys
+    iter = config.getHardwareKeyModules().iterator();
+    while (iter.hasNext()) {
+      HardwareKeyModule key = (HardwareKeyModule) iter.next();
+      keys.add(new HardwareKeyModuleConfigurationImpl(key));
+    }
+    
+    // add the software keys
+    iter = config.getSoftwareKeyModules().iterator();
+    while (iter.hasNext()) {
+      SoftwareKeyModule key = (SoftwareKeyModule) iter.next();
+      keys.add(new SoftwareKeyModuleConfigurationImpl(key));
+    }
+    
+    return keys;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getPKIConfiguration()
+   */
+  public PKIConfiguration getPKIConfiguration() {
+    return pkiConfiguration;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getCryptoModuleConfigurations()
+   */
+  public List getCryptoModuleConfigurations() {
+    return cryptoModuleConfigurations;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getKeyModuleConfigurations()
+   */
+  public List getKeyModuleConfigurations() {
+    return keyModuleConfigurations;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getLoggerConfig()
+   */
+  public LoggerConfig getLoggerConfig() {
+    return loggerConfig;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
new file mode 100644
index 0000000..f4658a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.store.revocation.archive.DataBaseArchiveParameters;
+
+/**
+ * An implementation of the <code>DataBaseArchiveParameter</code> interface.
+ * 
+ * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DataBaseArchiveParameterImpl implements DataBaseArchiveParameters {
+
+  /** The JDBC URL for accessing the archive. */
+  private String jDBCUrl;
+
+  /**
+   * Create a new <code>DataBaseArchiveParameterImpl</code>.
+   * 
+   * @param jDBCUrl The JDBC URL of the archive.
+   */
+  public DataBaseArchiveParameterImpl(String jDBCUrl) {
+    this.jDBCUrl = jDBCUrl;
+  }
+
+  /**
+   * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter#getJDBCUrl()
+   */
+  public String getJDBCUrl() {
+    return jDBCUrl;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java
new file mode 100644
index 0000000..9dd0ffe
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.Collections;
+import java.util.Set;
+
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.CertStoreTypes;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+
+/**
+ * An implementation of the <code>DirectoryCertStoreParameters</code> interface.
+ * 
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DirectoryCertStoreParametersImpl
+  implements DirectoryCertStoreParameters {
+
+  /** The root directory of the <code>CertStore</code>. */
+  private String rootDirectory;
+  /** Whether a new directory may be created. */
+  private boolean createNew;
+  /** The <code>CertStore</code> ID. */
+  private String id;
+  /** Whether the <code>CertStore</code> is read-only. */
+  private boolean readOnly;
+
+  /**
+   * Create a new <code>DirectoryCertStoreParameterImpl</code>.
+   * 
+   * @param id The <code>CertStore</code> ID.
+   * @param rootDirectory The root directory of the <code>CertStore</code>.
+   * @param createNew Whether a new directory may be created.
+   * @param readOnly Whether the <code>CertStore</code> is read-only.
+   */
+  public DirectoryCertStoreParametersImpl(
+    String id,
+    String rootDirectory,
+    boolean createNew,
+    boolean readOnly) {
+    
+    this.id = id;  
+    this.rootDirectory = rootDirectory;
+    this.createNew = createNew;
+    this.readOnly = readOnly;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+   */
+  public String getRootDirectory() {
+    return rootDirectory;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+   */
+  public boolean createNew() {
+    return createNew;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+   */
+  public String getId() {
+    return id;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+   */
+  public boolean isReadOnly() {
+    return readOnly;
+  }
+
+  /**
+   * @return <code>CertStoreTypes.DIRECTORY</code>
+   * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+   */
+  public String getType() {
+    return CertStoreTypes.DIRECTORY;
+  }
+
+@Override
+public Set getVirtualStores() {
+	// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+	return Collections.EMPTY_SET;
+}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java
new file mode 100644
index 0000000..c9904c5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.server.modules.crypto.HardwareCryptoModuleConfiguration;
+
+import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule;
+
+/**
+ * An implementation of the <code>HardwareCryptoModuleConfiguration</code>
+ * wrapping a <code>HardwareCryptoModule</code> from the MOA configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareCryptoModuleConfigurationImpl
+  implements HardwareCryptoModuleConfiguration {
+  
+  /** The wrapped <code>HardwareCryptoModule</code>. */  
+  private HardwareCryptoModule module;
+  
+  /**
+   * Create a new <code>HardwareCryptoModuleConfigurationImpl</code>.
+   * 
+   * @param module The <code>HardwareCryptoModule</code> from the underlying MOA
+   * configuration.
+   */  
+  public HardwareCryptoModuleConfigurationImpl(HardwareCryptoModule module) {
+    this.module = module;
+  }
+
+  /**
+   * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getModuleName()
+   */
+  public String getModuleName() {
+    return module.getName();
+  }
+
+  /**
+   * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getSlotID()
+   */
+  public String getSlotID() {
+    return module.getSlotID();
+  }
+
+  /**
+   * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getUserPIN()
+   */
+  public char[] getUserPIN() {
+    return module.getUserPIN().toCharArray();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java
new file mode 100644
index 0000000..05f5633
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.server.modules.keys.HardwareKeyModuleConfiguration;
+
+import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule;
+
+/**
+ * An implementation of the <code>HardwareKeyModuleConfiguration</code>
+ * interface wrapping a <code>HardwareKeyModule</code> from the MOA
+ * configuration.
+ * 
+ * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareKeyModuleConfigurationImpl
+  extends AbstractKeyModuleConfigurationImpl
+  implements HardwareKeyModuleConfiguration {
+
+  /** The wrapped <code>HardwareKeyModule</code>. */
+  private HardwareKeyModule keyModule;
+
+  /**
+   * Create a new <code>HardwareKeyModuleConfigurationImpl</code>.
+   * 
+   * @param keyModule The <code>HardwareKeyModule</code> from the underlying
+   * MOA configuration.
+   */
+  public HardwareKeyModuleConfigurationImpl(HardwareKeyModule keyModule) {
+    super(keyModule.getId());
+    this.keyModule = keyModule;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getModuleName()
+   */
+  public String getModuleName() {
+    return keyModule.getName();
+  }
+
+  /**
+   * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getSlotID()
+   */
+  public String getSlotID() {
+    return keyModule.getSlotID();
+  }
+
+  /**
+   * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getUserPIN()
+   */
+  public char[] getUserPIN() {
+    return keyModule.getUserPIN().toCharArray();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
new file mode 100644
index 0000000..87dd572
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.store.revocation.RevocationFactory;
+import iaik.pki.store.revocation.RevocationSourceStore;
+import iaik.pki.store.truststore.TrustStoreFactory;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.server.ConfigurationData;
+import iaik.server.Configurator;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroup;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.util.CertStoreConverter;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.SecProviderUtils;
+
+/**
+ * A class responsible for configuring the IAIK MOA modules.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikConfigurator {
+
+  /** The warnings encountered during configuration. */
+  private List warnings = new ArrayList();
+
+  /**
+   * Configure the IAIK MOA subsystem.
+   * 
+   * 
+   * @param moaConfig The underlying MOA configuration.
+   * @return Returns the config data of the underlying MOA subsystem
+   * @throws ConfigurationException An error occurred configuring the IAIK
+   * MOA subsystem.
+   */
+  public ConfigurationData configure(ConfigurationProvider moaConfig)
+    throws ConfigurationException {
+    ConfigurationData configData = new ConfigurationDataImpl(moaConfig);
+    
+    warnings = new ArrayList();
+
+    try {
+      TransactionId transId = new TransactionId("IaikConfigurator");
+      
+      //SecProviderUtils.dumpSecProviders("Starting configuration");
+      
+      try {
+    	  iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), 
+    			  transId);
+    	  //SecProviderUtils.dumpSecProviders("initCommon");
+    	  String certStoreRoot = moaConfig.getCertStoreLocation();
+    	  CertStoreConverter.convert(certStoreRoot, transId);
+      } finally {
+    	  //Security.removeProvider(ECCelerate.getInstance().getName());
+      }
+      
+      Configurator.init(configData, transId);
+      
+      SecProviderUtils.dumpSecProviders("Fully configured!");
+      
+      // Set customized CRL retriever to overcome a classloader problem when MOA is deployed in Tomcat
+      RevocationSourceStore rss = RevocationFactory.getInstance(transId).getRevocationSourceStore();
+      //rss.setRetriever(new CRLRetriever(), RevocationSourceTypes.CRL);
+      if ((moaConfig.getSoftwareKeyModules().size() > 0) || (moaConfig.getHardwareKeyModules().size() > 0)) {
+        dumpKeyEntryIDs();
+      }
+      checkKeyGroupConfig(moaConfig);
+      TrustStoreFactory.reset();
+      
+      return configData;
+    } catch (iaik.server.ConfigurationException e) {
+      throw new ConfigurationException("config.08", null, e);
+    } catch (Throwable t) {
+      throw new ConfigurationException("config.08", null, t);
+    }
+  }
+
+  /**
+   * Return the warnings encountered during configuration.
+   * 
+   * @return The warnings.
+   */  
+  public List getWarnings() {
+    return warnings;
+  }
+
+  /**
+   * Dump all <code>KeyEntryID</code>s contained in the configured
+   * <code>KeyModule</code>s to the log file.
+   */
+  private void dumpKeyEntryIDs() {
+    MessageProvider msg = MessageProvider.getInstance();
+    KeyModule module = KeyModuleFactory.getInstance(new TransactionId("dump"));
+    Set keyEntryIds = module.getPrivateKeyEntryIDs();
+    Iterator iter;
+
+    for (iter = keyEntryIds.iterator(); iter.hasNext();) {
+      KeyEntryID keyEntryId = (KeyEntryID) iter.next();
+      Logger.info(
+        new LogMsg(msg.getMessage("config.19", new Object[] { keyEntryId })));
+    }
+  }
+
+  /**
+   * Check that each key group entry in each key group can be resolved to a 
+   * KeyEntryID.
+   * 
+   * Logs a warning for each key group entry that cannot be resolved.
+   * 
+   * @param moaConfig The MOA configuration to check.
+   */
+  private void checkKeyGroupConfig(ConfigurationProvider moaConfig) {
+    Map keyGroups = moaConfig.getKeyGroups();
+    Iterator iter;
+
+    for (iter = keyGroups.values().iterator(); iter.hasNext();) {
+      KeyGroup keyGroup = (KeyGroup) iter.next();
+      Set keyGroupEntries = keyGroup.getKeyGroupEntries();
+      Iterator kgIter;
+
+      for (kgIter = keyGroupEntries.iterator(); kgIter.hasNext();) {
+        KeyGroupEntry entry = (KeyGroupEntry) kgIter.next();
+
+        if (!findKeyEntryID(entry)) {
+          warn(
+            "config.31",
+            new Object[] {
+              keyGroup.getId(),
+              entry.getModuleID(),
+              entry.getIssuerDN(),
+              entry.getSerialNumber()});
+        }
+      }
+    }
+  }
+
+  /**
+   * Find out that a certain KeyGroupEntry could be resolved to a KeyEntryID
+   * by the Configurator.
+   *
+   * @param keyGroupEntry The key group entry to find.
+   * @return <code>true</code>, if the <code>keyGroupEntry</code> could be
+   * resolved to a <code>KeyEntryID</code>; otherwise <code>false</code>.
+   */
+  private boolean findKeyEntryID(KeyGroupEntry keyGroupEntry) {
+    KeyModule module = KeyModuleFactory.getInstance(new TransactionId("check"));
+    Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+    Iterator iter;
+
+    for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+      KeyEntryID entry = (KeyEntryID) iter.next();
+
+      if (entry.getCertificateIssuer().equals(keyGroupEntry.getIssuerDN())
+        && entry.getCertificateSerialNumber().equals(
+          keyGroupEntry.getSerialNumber())
+        && entry.getModuleID().equals(keyGroupEntry.getModuleID())) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void warn(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt));
+    warnings.add(txt);
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java
new file mode 100644
index 0000000..3fb842f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.Properties;
+
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LoggerConfig;
+
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+/**
+ * Default implementation of the <code>LoggerConfig</code> interface.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class LoggerConfigImpl implements LoggerConfig {
+  
+  /** The implementation of iaik.logging.LogFactory. */
+  private static final String DEFAULT_IMPLEMENTATION = 
+    "at.gv.egovernment.moa.spss.server.logging.IaikLogFactory";
+
+  public String getFactory() {
+    return DEFAULT_IMPLEMENTATION;
+  }
+
+  public Properties getProperties() throws LogConfigurationException {
+    return new Properties();
+  }
+
+  public String getNodeId() {
+    return LoggingContextManager.getInstance().getLoggingContext().getNodeID();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java
new file mode 100644
index 0000000..5e29b5c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.pathvalidation.ValidationConfiguration;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>PKIConfiguration</code> interface using data
+ * from the MOA configuration.
+ * 
+ * @see iaik.pki.PKIConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class PKIConfigurationImpl implements PKIConfiguration {
+	/** The <code>CertStore</code> configuration. */
+	private CertStoreConfiguration certStoreConfiguration;
+	/** The revocation checking configuration. */
+	private RevocationConfiguration revocationConfiguration;
+	/** The revocation archive configuration. */
+	private ArchiveConfiguration archiveConfiguration;
+	/** The certificate validation configuration. */
+	private ValidationConfiguration validationConfiguration;
+
+	/**
+	 * Create a new <code>PKIConfigurationImpl</code>.
+	 * 
+	 * @param config
+	 *            The underlying MOA configuration which will be used to build
+	 *            the configuration data contained in this object.
+	 */
+	public PKIConfigurationImpl(ConfigurationProvider config) {
+
+		this.certStoreConfiguration = new CertStoreConfigurationImpl(config);
+		this.revocationConfiguration = new RevocationConfigurationImpl(config);
+
+		boolean archiveInfo = config.getEnableRevocationArchiving();
+		if (archiveInfo) {
+			this.archiveConfiguration = new ArchiveConfigurationImpl(config);
+		} else {
+			this.archiveConfiguration = null;
+		}
+
+		this.validationConfiguration = new ValidationConfigurationImpl(config);
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
+	 */
+	public CertStoreConfiguration getCertStoreConfiguration() {
+		return certStoreConfiguration;
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
+	 */
+	public RevocationConfiguration getRevocationConfiguration() {
+		return revocationConfiguration;
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
+	 */
+	public ArchiveConfiguration getArchiveConfiguration() {
+		return archiveConfiguration;
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
+	 */
+	public ValidationConfiguration getValidationConfiguration() {
+		return validationConfiguration;
+	}
+
+	@Override
+	public int getConnectTimeout() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return 0;
+	}
+
+	@Override
+	public int getReadTimeout() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return 0;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java
new file mode 100644
index 0000000..b03c4a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
+
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>RevocationConfiguration</code> interface using
+ * MOA configuration data.
+ * 
+ * @see iaik.pki.revocation.RevocationConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RevocationConfigurationImpl extends AbstractObservableConfiguration implements RevocationConfiguration {
+
+	/**
+	 * The <code>ConfigurationProvider</code> to read the configuration data
+	 * from.
+	 */
+	private ConfigurationProvider config;
+
+	/**
+	 * Create a new <code>RevocationConfigurationImpl</code>.
+	 * 
+	 * @param config
+	 *            The underlying MOA configuration containing the configuration
+	 *            data.
+	 */
+	public RevocationConfigurationImpl(ConfigurationProvider config) {
+		this.config = config;
+	}
+
+	/**
+	 * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints
+	 */
+	public Set getAlternativeDistributionPoints(X509Certificate cert, X509Certificate issuer, Date date) {
+		return config.getDistributionPoints(cert);
+	}
+
+	/**
+	 * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String,
+	 *      java.lang.String)
+	 */
+	public boolean archiveRevocationInfo(String type, String uri) {
+		return config.getEnableRevocationArchiving();
+	}
+
+	/**
+	 * @see iaik.pki.revocation.RevocationConfiguration#getCrlRetentionInterval(java.lang.String)
+	 */
+	public Integer getCrlRetentionInterval(String issuername) {
+		Map map = config.getCrlRetentionIntervals();
+		Integer interval = (Integer) map.get(issuername);
+
+		return interval;
+	}
+
+	@Override
+	public DBCrlConfig getDataBaseCRLConfig() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return null;
+	}
+
+	@Override
+	public boolean getKeepRevocationInfo() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return false;
+	}
+
+	@Override
+	public Set getPositiveOCSPResponders() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return null;
+	}
+
+	@Override
+	public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return false;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java
new file mode 100644
index 0000000..937f32f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import iaik.server.modules.keys.ConfigurationException;
+import iaik.server.modules.keys.SoftwareKeyModuleConfiguration;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+
+import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * An implementation of the <code>SoftwareKeyModuleConfiguration</code> wrapping
+ * a <code>SoftwareKeyModule</code> from the MOA configuration.
+ * 
+ * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SoftwareKeyModuleConfigurationImpl
+  extends AbstractKeyModuleConfigurationImpl
+  implements SoftwareKeyModuleConfiguration {
+
+  /** The wrapped <code>SoftwareKeyModule</code>. */
+  private SoftwareKeyModule keyModule;
+
+  /**
+   * Create a new <code>SoftwareKeyModuleConfigurationImpl</code>.
+   * 
+   * @param keyModule The <code>SoftwareKeyModule</code> from the underlying MOA
+   * configuration.
+   */
+  public SoftwareKeyModuleConfigurationImpl(SoftwareKeyModule keyModule) {
+    super(keyModule.getId());
+    this.keyModule = keyModule;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreTypeName()
+   */
+  public String getKeyStoreTypeName() {
+    return KEY_STORE_TYPE_NAME_PKCS12;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreAsStream()
+   */
+  public InputStream getKeyStoreAsStream() {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    try {
+      String message = 
+        msg.getMessage("config.18", new Object[] { keyModule.getFileName()});
+      Logger.info(new LogMsg(message));
+      return new FileInputStream(keyModule.getFileName());
+    } catch (FileNotFoundException e) {
+      String message =
+        msg.getMessage("config.09", new Object[] { keyModule.getFileName()});
+
+      throw new ConfigurationException(message, e, null);
+    }
+  }
+
+  /**
+   * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreAuthenticationData()
+   */
+  public char[] getKeyStoreAuthenticationData() {
+    return keyModule.getPassWord().toCharArray();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java
new file mode 100644
index 0000000..9e26fb8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+import iaik.pki.pathvalidation.ValidationConfiguration;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>ValidationConfiguration</code> interface using
+ * MOA configuration data.
+ * 
+ * @see iaik.pki.pathvalidation.ValidationConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ValidationConfigurationImpl
+  extends AbstractObservableConfiguration
+  implements ValidationConfiguration {
+
+  /** The <code>ConfigurationProvider</code> to read the configuration data
+   * from. */
+  private ConfigurationProvider config;
+
+  /**
+   * Create a new <code>ValidationConfigurationImpl</code>.
+   * 
+   * @param config The underlying MOA configuration data.
+   */
+  public ValidationConfigurationImpl(ConfigurationProvider config) {
+    this.config = config;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
+   */
+  public String getChainingMode(X509Certificate cert) {
+    return config.getChainingMode(cert);
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
+   */
+  public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate cert) {
+    return null;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
+   */
+  public X509Certificate getPublicKeyParamsAsCert(X509Certificate cert) {
+    return null;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
new file mode 100644
index 0000000..491986b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.pki;
+
+import iaik.pki.PKIProfile;
+import iaik.pki.pathvalidation.ValidationProfile;
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+
+/**
+ * Implementation of the <code>PKIProfile</code> interface containing
+ * information needed for certificate path validation. It uses configuration
+ * data from the MOA configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class PKIProfileImpl implements PKIProfile {
+
+	/** Profile information for revocation checking. */
+	private RevocationProfile revocationProfile;
+	/** Profile information about the trust profile to use. */
+	private TrustStoreProfile trustStoreProfile;
+	/** Profile information about the certificate validation. */
+	private ValidationProfile validationProfile;
+	/**
+	 * The <code>ConfigurationProvider</code> to read the MOA configuration data
+	 * from.
+	 */
+	private ConfigurationProvider config;
+
+	/**
+	 * Create a new <code>PKIProfileImpl</code>.
+	 * 
+	 * @param config
+	 *            The MOA configuration providing configuration data about
+	 *            certificate path validation.
+	 * @param trustProfileID
+	 *            The trust profile ID denoting the location of the trust store.
+	 * @throws MOAApplicationException
+	 *             An error occurred building the profile.
+	 */
+	public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException {
+
+		this.config = config;
+		setRevocationProfile(new RevocationProfileImpl(config));
+		setTrustStoreProfile(new TrustStoreProfileImpl(config, trustProfileID));
+		setValidationProfile(new ValidationProfileImpl(config));
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#autoAddCertificates()
+	 */
+	/*public boolean autoAddCertificates() {
+		return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates();
+	}*/
+
+	/**
+	 * @see iaik.pki.PKIProfile#getRevocationProfile()
+	 */
+	public RevocationProfile getRevocationProfile() {
+		return revocationProfile;
+	}
+
+	/**
+	 * Sets the <code>RevocationProfile</code>.
+	 * 
+	 * @param revocationProfile
+	 *            The <code>RevocationProfile</code> used for revocation
+	 *            checking.
+	 */
+	protected void setRevocationProfile(RevocationProfile revocationProfile) {
+		this.revocationProfile = revocationProfile;
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#getTrustStoreProfile()
+	 */
+	public TrustStoreProfile getTrustStoreProfile() {
+		return trustStoreProfile;
+	}
+
+	/**
+	 * Sets the <code>TrustStoreProfile</code>.
+	 * 
+	 * @param trustStoreProfile
+	 *            The <code>TrustStoreProfile</code>.
+	 */
+	protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) {
+		this.trustStoreProfile = trustStoreProfile;
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#getValidationProfile()
+	 */
+	public ValidationProfile getValidationProfile() {
+		return validationProfile;
+	}
+
+	/**
+	 * Sets the <code>ValidationProfile</code>.
+	 * 
+	 * @param validationProfile
+	 *            The <code>ValidationProfile</code> to set.
+	 */
+	protected void setValidationProfile(ValidationProfile validationProfile) {
+		this.validationProfile = validationProfile;
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
+	 */
+	public boolean useAuthorityInfoAccess() {
+		return config.getUseAuthorityInfoAccess();
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#autoAddCertificates()
+	 */
+	@Override
+	public int autoAddCertificates() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return 0;
+	}
+
+	@Override
+	public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return null;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java
new file mode 100644
index 0000000..7e62d60
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation;
+
+import iaik.pki.pathvalidation.ValidationProfile;
+
+import java.util.Collections;
+import java.util.Set;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>ValidationProfile</code> interface providing
+ * information about certificat path validation. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ValidationProfileImpl implements ValidationProfile {
+
+  /** The <code>ConfigurationProvider</code> to read the configuration data
+   * from. */
+  private ConfigurationProvider config;
+  private boolean initialAnyPolicyInhibit;
+  private boolean initialExplicitPolicy;
+  private boolean initialPolicyMappingInhibit;
+  private Set initialPolicySet;
+  private boolean nameConstraintsProcessing;
+  private boolean policyProcessing;
+
+  /**
+   * Create a new <code>ValidationProfileImpl</code> object.
+   * 
+   * This objects's fields are preset to the following values:
+   * 
+   * <ul>
+   * <li><code>initialAnyPolicyInhibit = true</code></li>
+   * <li><code>initialExplicitPoliy = true</code></li>
+   * <li><code>initialPolicyMappingInhibit = true</code></li>
+   * <li><code>initialPolicySet = empty</code></li>
+   * <li><code>policyProcessing = false</code></li>
+   * <li><code>nameConstraintsProcessing = false</code></li>
+   * <li><code>revocationChecking = false</code></li>
+   * </ul>
+   * 
+   * @param config MOA configuration data for additional configuration
+   * information (currently unused). 
+   */
+  public ValidationProfileImpl(ConfigurationProvider config) {
+    this.config = config;
+    initialAnyPolicyInhibit = true;
+    initialExplicitPolicy = true;
+    initialPolicyMappingInhibit = true;
+    initialPolicySet = Collections.EMPTY_SET;
+    policyProcessing = false;
+    nameConstraintsProcessing = false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
+   */
+  public boolean getInitialAnyPolicyInhibit() {
+    return initialAnyPolicyInhibit;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
+   */
+  public boolean getInitialExplicitPolicy() {
+    return initialExplicitPolicy;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
+   */
+  public boolean getInitialPolicyMappingInhibit() {
+    return initialPolicyMappingInhibit;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
+   */
+  public Set getInitialPolicySet() {
+    return initialPolicySet;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
+   */
+  public boolean getPolicyProcessing() {
+    return policyProcessing;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
+   */
+  public boolean getNameConstraintsProcessing() {
+    return nameConstraintsProcessing;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
+   */
+  public boolean getRevocationChecking() 
+  {
+    return config.getEnableRevocationChecking();
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java
new file mode 100644
index 0000000..14627b2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.pki.revocation;
+
+import java.security.cert.X509Certificate;
+
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.revocation.RevocationSourceTypes;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>RevocationProfile</code> interface providing
+ * information about revocation status checking, based on MOA configuration
+ * data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RevocationProfileImpl implements RevocationProfile {
+  /** The default service order. */
+  private static final String[] DEFAULT_SERVICE_ORDER =
+    { RevocationSourceTypes.CRL, RevocationSourceTypes.OCSP };
+  /** The <code>ConfigurationProvider</code> to read the MOA configuration data
+   * from. */
+  private ConfigurationProvider config;
+  /** The OCSP request hash algorithm. Currently only "SHA" is supported. */
+  private static final String oCSPRequestHashAlgorithm = "SHA";
+
+  /**
+   * Create a new <code>RevocationProfileImpl</code>.
+   * 
+   * @param config The MOA configuration data.
+   */
+  public RevocationProfileImpl(ConfigurationProvider config) {
+    this.config = config;
+    // currently only "SHA" is supported
+//    this.oCSPRequestHashAlgorithm = "";
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(String)
+   */
+  public long getMaxRevocationAge(String distributionPointUri) 
+  {
+    return config.getMaxRevocationAge();
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
+   */
+  public String getOCSPRequestHashAlgorithm() {
+    return oCSPRequestHashAlgorithm;
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
+   */
+  public String[] getPreferredServiceOrder(X509Certificate cert) 
+  {
+    String[] serviceOrder = config.getServiceOrder();
+    if (serviceOrder == null || serviceOrder.length == 0) return DEFAULT_SERVICE_ORDER; 
+    return serviceOrder;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
new file mode 100644
index 0000000..50f237a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+import iaik.pki.store.observer.NotificationData;
+import iaik.pki.store.observer.Observer;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+
+/**
+ * An implementation of the <code>TrustStoreProfile</code> interface, using data
+ * from the MOA configuration.
+ * 
+ * @see iaik.pki.store.truststore.TrustStoreProfile 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TrustStoreProfileImpl implements TrustStoreProfile {
+
+  /** The observers of this profile. */
+  private List observers = new ArrayList();
+  
+  /**
+   * The trust profile identifier. 
+   */
+  private String id_;
+  
+  /** The type of the trust profile. */
+  private String type;
+  /** The URI of the trust profile.*/
+  private String URI;
+
+  /**
+   * Create a new <code>TrustStoreProfileImpl</code>.
+   * 
+   * @param config The MOA configuration data, from which trust store
+   * configuration data is read.
+   * @param trustProfileId The trust profile id on which this
+   * <code>TrustStoreProfile</code> is based.
+   * @throws MOAApplicationException The <code>trustProfileId</code> could not
+   * be found in the MOA configuration.
+   */
+  public TrustStoreProfileImpl(
+    ConfigurationProvider config,
+    String trustProfileId)
+    throws MOAApplicationException {
+
+    TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId);
+    if (tp != null) 
+    {
+      id_ = trustProfileId;
+      setURI(tp.getUri());
+      setType(TrustStoreTypes.DIRECTORY);
+    } 
+    else 
+    {
+      throw new MOAApplicationException("2203", new Object[] { trustProfileId });
+    }
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
+   */
+  public String getType() {
+    return type;
+  }
+
+  /**
+   * Sets the the trust store type.
+   * 
+   * @param type The trust store type to set. 
+   */
+  protected void setType(String type) {
+    this.type = type;
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
+   */
+  public String getURI() {
+    return URI;
+  }
+
+  /**
+   * Sets the trust store URI.
+   * 
+   * @param URI The trust store URI to set.
+   */
+  protected void setURI(String URI) {
+    this.URI = URI;
+  }
+
+  //
+  // Methods of iaik.pki.store.observer.Observable interface
+  //
+
+  /**
+   * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
+   */
+  public void addObserver(Observer observer) {
+    observers.add(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
+   */
+  public boolean removeObserver(Observer observer) {
+    return observers.remove(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
+   */
+  public void notify(NotificationData notificationData) {
+    for (Iterator iter = observers.iterator(); iter.hasNext();) {
+      Observer observer = (Observer) iter.next();
+      observer.notify(notificationData);
+    }
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
+   */
+  public String getId()
+  {
+    return id_;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java
new file mode 100644
index 0000000..cc12861
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.Base64Transformation;
+
+/**
+ * An implementation of the <code>Base64Transformation</code>
+ * <code>Transformation</code> type.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class Base64TransformationImpl
+  extends TransformationImpl
+  implements Base64Transformation {
+  
+  /**
+   * Create a new <code>Base64TransformationImpl</code>.
+   * 
+   * @see java.lang.Object#Object()
+   */  
+  public Base64TransformationImpl() {
+    setAlgorithmURI(Base64Transformation.BASE64_DECODING);
+  }
+
+  /**
+   * Compare this <code>Base64Transformation</code> to another.
+   * 
+   * @param other The object to compare this<code>Base64Transformation</code> 
+   * to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>Base64Transformation</code> and the algorithm URIs match, otherwise
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */  
+  public boolean equals(Object other) {
+    if (other instanceof Base64Transformation) {
+      Base64Transformation transform = (Base64Transformation) other;
+      return getAlgorithmURI().equals(transform.getAlgorithmURI());
+    }
+    return false;
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java
new file mode 100644
index 0000000..4d627d7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import iaik.server.modules.xml.BinaryDataObject;
+
+/**
+ * A <code>BinaryDataObject</code> encapsulating Base64 data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ByteArrayDataObjectImpl
+  extends DataObjectImpl
+  implements BinaryDataObject {
+
+  /** The binary data contained in this <code>BinaryDataObject</code>. */
+  private byte[] bytes;
+
+  /**
+   * Create a new <code>ByteArrayDataObjectImpl</code>.
+   * 
+   * @param bytes The binary data contained in this 
+   * <code>BinaryDataObject</code>.
+   */
+  public ByteArrayDataObjectImpl(byte[] bytes) {
+    setBytes(bytes);
+  }
+
+  /**
+   * Set the Base64 data.
+   * 
+   * @param bytes The binary data contained in this 
+   * <code>BinaryDataObject</code>.
+   */
+  public void setBytes(byte[] bytes) {
+    this.bytes = bytes;
+  }
+
+  /**
+   * Return the binary data encoded in the Base64 <code>String</code> as a
+   * stream.
+   * 
+   * @return The binary data contained in this object, as a
+   * <code>InputStream</code>. Repeated calls to this function will return a
+   * new stream to the Base64 data.
+   * @see iaik.server.modules.xml.BinaryDataObject#getInputStream()
+   */
+  public InputStream getInputStream() {
+    return new ByteArrayInputStream(bytes);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java
new file mode 100644
index 0000000..b982c8e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.io.InputStream;
+
+import iaik.server.modules.xml.BinaryDataObject;
+
+/**
+ * A <code>BinaryDataObject</code> encapsulating binary data from a stream. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ByteStreamDataObjectImpl
+  extends DataObjectImpl
+  implements BinaryDataObject {
+
+  /** The <code>InputStream</code> containing the binary data. */
+  private InputStream inputStream;
+
+  /**
+   * Create a new <code>ByteStreamDataObjectImpl</code>.
+   * 
+   * @param inputStream The stream from which to read the binary data.
+   */
+  public ByteStreamDataObjectImpl(InputStream inputStream) {
+    setInputStream(inputStream);
+  }
+
+  /**
+   * Set the input stream from which to read the binary data.
+   * 
+   * @param inputStream The input stream from which to read the binary data.
+   */
+  public void setInputStream(InputStream inputStream) {
+    this.inputStream = inputStream;
+  }
+
+  /**
+   * Return the binary data from this object as a stream.
+   * 
+   * @return The stream containing the binary data. Calling this function
+   * repeatedly will always return the same <code>InputStream</code>.
+   * @see iaik.server.modules.xml.BinaryDataObject#getInputStream()
+   */
+  public InputStream getInputStream() {
+    return inputStream;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java
new file mode 100644
index 0000000..0c3a8da
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.Canonicalization;
+
+/**
+ * An implementation of the <code>CanonicalizationTransform</code>
+ * <code>Transformation</code> type.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CanonicalizationImpl
+  extends TransformationImpl
+  implements Canonicalization {
+   
+  /**
+   * Create a new <code>CanonicalizationTransformImpl</code> object.
+   * 
+   * @param algorithmURI The canonicalization algorithm URI.
+   */ 
+  public CanonicalizationImpl(String algorithmURI) {
+    setAlgorithmURI(algorithmURI);
+  }
+    
+  /**
+   * Compare this object to another <code>Canonicalization</code>.
+   * 
+   * @param other The object to compare this 
+   * <code>Canonicalization</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>Canonicalization</code> and the algorithm URIs match, otherwise
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof Canonicalization) {
+      Canonicalization c14n = (Canonicalization) other;
+      return getAlgorithmURI().equals(c14n.getAlgorithmURI());
+    }
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java
new file mode 100644
index 0000000..702caaf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.DataObject;
+
+/**
+ * Abstract base implementation for the classes derived from
+ * <code>DataObject</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class DataObjectImpl implements DataObject {
+  
+  /** The MIME type of the data object. */
+  private String mimeType;
+  /** The refernce ID. */
+  private String referenceID;
+  /** The URI of the type. */
+  private String typeURI;
+  /** The URI identifying the data. */
+  private String URI;
+  
+  /**
+   * @see iaik.server.modules.xml.DataObject#getMimeType()
+   */
+  public String getMimeType() {
+    return mimeType;
+  }
+
+  /**
+   * Set the mime type.
+   * 
+   * @param mimeType The mime type to set.
+   */
+  public void setMimeType(String mimeType) {
+    this.mimeType = mimeType;
+  }
+  
+  /**
+   * @see iaik.server.modules.xml.DataObject#getReferenceID()
+   */
+  public String getReferenceID() {
+    return referenceID;
+  }
+  
+  /**
+   * Set the reference ID.
+   * 
+   * @param referenceID The reference ID.
+   */
+  public void setReferenceID(String referenceID) {
+    this.referenceID = referenceID;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.DataObject#getTypeURI()
+   */
+  public String getTypeURI() {
+    return typeURI;
+  }
+
+  /**
+   * Set the type URI.
+   * 
+   * @param typeURI The type URI.
+   */
+  public void setTypeURI(String typeURI) {
+    this.typeURI = typeURI;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.DataObject#getURI()
+   */
+  public String getURI() {
+    return URI;
+  }
+  
+  /**
+   * Set the URI.
+   * 
+   * @param URI The URI.
+   */
+  public void setURI(String URI) {
+    this.URI = URI;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java
new file mode 100644
index 0000000..d582594
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.EnvelopedSignatureTransformation;
+
+/**
+ * An implementation of the <code>EnvelopedSignatureTransformation</code>
+ * <code>Transformation</code> type.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class EnvelopedSignatureTransformationImpl
+  extends TransformationImpl
+  implements EnvelopedSignatureTransformation {
+
+  /**
+   * Create a new <code>EnvelopedSignatureTransformationImpl</code>.
+   */
+  public EnvelopedSignatureTransformationImpl() {
+    setAlgorithmURI(EnvelopedSignatureTransformation.ENVELOPED_SIGNATURE);
+  }
+
+  /**
+   * Compare this object to another <code>EnvelopedSignatureTransformation</code>.
+   * 
+   * @param other The object to compare this 
+   * <code>EnvelopedSignatureTransformation</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>EnvelopedSignatureTransformation</code>, otherwise 
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof EnvelopedSignatureTransformation) {
+      EnvelopedSignatureTransformation transform =
+        (EnvelopedSignatureTransformation) other;
+      return getAlgorithmURI().equals(transform.getAlgorithmURI());
+    }
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java
new file mode 100644
index 0000000..dfadf0c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.List;
+
+import iaik.server.modules.xml.ExclusiveCanonicalization;
+
+/**
+ * An implementation of the <code>ExclusiveCanonicalization</code> type
+ * of <code>Transformation</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ExclusiveCanonicalizationImpl
+  extends TransformationImpl
+  implements ExclusiveCanonicalization {
+
+  /** The prefixes of the namespaces to treat according to canonical XML. */
+  private List inclusiveNamespacePrefixes;
+
+  /**
+   * Create a new <code>ExclusiveCanonicalizationImpl</code> object.
+   * 
+   * @param algorithmURI The exclusive canonicalization algorithm URI.
+   * @param inclusiveNamespacePrefixes The namespace prefixes to be processed
+   * according to canonical XML.
+   */
+  public ExclusiveCanonicalizationImpl(
+    String algorithmURI,
+    List inclusiveNamespacePrefixes) {
+    setAlgorithmURI(algorithmURI);
+    setInclusiveNamespacePrefixes(inclusiveNamespacePrefixes);
+  }
+
+  /**
+   * Sets the namespace prefixes to be processed according to canonical XML.
+   * 
+   * @param inclusiveNamespacePrefixes The prefixes of the namespaces to treat
+   * according to canonical XML.
+   */
+  protected void setInclusiveNamespacePrefixes(List inclusiveNamespacePrefixes) {
+    this.inclusiveNamespacePrefixes = inclusiveNamespacePrefixes;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.ExclusiveCanonicalization#getInclusiveNamespacePrefixes()
+   */
+  public List getInclusiveNamespacePrefixes() {
+    return inclusiveNamespacePrefixes;
+  }
+
+  /**
+   * Compare this object to another <code>CanonicalizationTransform</code>.
+   * 
+   * @param other The object to compare this 
+   * <code>ExclusiveCanonicalization</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>ExclusiveCanonicalization</code> and the algorithm URIs match, 
+   * otherwise <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof ExclusiveCanonicalization) {
+      ExclusiveCanonicalization eC14n =
+        (ExclusiveCanonicalization) other;
+      boolean algURIEquals = getAlgorithmURI().equals(eC14n.getAlgorithmURI());
+      boolean inclNSPrefs = 
+        (getInclusiveNamespacePrefixes() == null || getInclusiveNamespacePrefixes().isEmpty())
+        ? eC14n.getInclusiveNamespacePrefixes() == null || eC14n.getInclusiveNamespacePrefixes().isEmpty()
+        : getInclusiveNamespacePrefixes().equals(eC14n.getInclusiveNamespacePrefixes());
+      return algURIEquals && inclNSPrefs;
+    }
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java
new file mode 100644
index 0000000..9026d33
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.Date;
+
+import iaik.server.modules.xml.SigningTime;
+
+/**
+ * An implementation of the <code>SigningTime</code> <code>Property</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SigningTimeImpl implements SigningTime {
+  
+  /** The signing time. */
+  private Date signingTime;
+  
+  /**
+   * Create a new <code>SigningTimeImpl</code>.
+   * 
+   * @param signingTime The signing time.
+   */
+  public SigningTimeImpl(Date signingTime) {
+    this.signingTime = signingTime;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.SigningTime#getSigningTime()
+   */
+  public Date getSigningTime() {
+    return signingTime;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java
new file mode 100644
index 0000000..1595446
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.Transformation;
+
+/**
+ * Base implementation class for <code>Transformation</code> derived classes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class TransformationImpl implements Transformation {
+
+  /** The algorithm URI identifying the transformation algorithm. */
+  private String algorithmURI;
+  
+  /**
+   * @see iaik.server.modules.xml.Transformation#getAlgorithmURI()
+   */
+  public String getAlgorithmURI() {
+    return algorithmURI;
+  }
+
+  /**
+   * Sets the algorithm URI.
+   * 
+   * @param algorithmURI The algorithm URI to set.
+   */
+  protected void setAlgorithmURI(String algorithmURI) {
+    this.algorithmURI = algorithmURI;
+  }
+  
+  /**
+   * Returns the hash code of the algorithm URI. Should be overridden if a
+   * transformation distinguishes itself from others by more than just the
+   * algorithm URI.
+   * 
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getAlgorithmURI().hashCode();
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java
new file mode 100644
index 0000000..e8444b9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import org.w3c.dom.Element;
+
+import iaik.server.modules.xml.XMLDataObject;
+
+/**
+ * A <code>DataObject</code> containing a single DOM element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLDataObjectImpl
+  extends DataObjectImpl
+  implements XMLDataObject {
+  
+  /** The XML data contained in this <code>XMLDataObject</code>. */  
+  private Element element;
+  
+  /**
+   * Create a new <code>XMLDataObjectImpl</code>.
+   * 
+   * @param element The DOM element contained in this
+   * <code>XMLDataObject</code>.
+   */
+  public XMLDataObjectImpl(Element element) {
+    setElement(element);
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XMLDataObject#getElement()
+   */
+  public Element getElement() {
+    return element;
+  }
+
+  /**
+   * Set the DOM element contained in this <code>XMLDataObject</code>.
+   * 
+   * @param element The DOM element to set.
+   */
+  public void setElement(Element element) {
+    this.element = element;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java
new file mode 100644
index 0000000..2fb9df9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import org.w3c.dom.NodeList;
+
+import iaik.server.modules.xml.XMLNodeListDataObject;
+
+/**
+ * A <code>DataObject</code> containing a list of DOM nodes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLNodeListDataObjectImpl
+  extends DataObjectImpl
+  implements XMLNodeListDataObject {
+
+  /** The nodes contained in this <code>XMLNodeListDataObject</code>. */
+  private NodeList nodeList;
+
+  /**
+   * Create a new <code>XMLNodeListDataObjectImpl</code>.
+   * 
+   * @param nodeList The list of DOM nodes contained in this
+   * <code>XMLNodeListDataObject</code>.
+   */
+  public XMLNodeListDataObjectImpl(NodeList nodeList) {
+    setNodeList(nodeList);
+  }
+
+  /**
+   * Set the list of DOM nodes contained in this
+   * <code>XMLNodeListDataObject</code>.
+   * 
+   * @param nodeList The list of DOM nodes to set.
+   */
+  public void setNodeList(NodeList nodeList) {
+    this.nodeList = nodeList;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XMLNodeListDataObject#getNodeList()
+   */
+  public NodeList getNodeList() {
+    return nodeList;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java
new file mode 100644
index 0000000..0774726
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import org.w3c.dom.Element;
+
+import iaik.server.modules.xml.XMLSignature;
+
+/**
+ * An object containing an XMLDsig signature in the form of a 
+ * <code>dsig:Signature</code> DOM element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureImpl implements XMLSignature {
+  /** The signature DOM element. */
+  private Element element;
+  
+  /**
+   * Create a new <code>XMLSignatureImpl</code>.
+   * 
+   * @param element The <code>dsig:Signature</code> DOM element.
+   */
+  public XMLSignatureImpl(Element element) {
+    setElement(element);
+  }
+  
+  /**
+   * Set the <code>dsig:Signature</code> DOM element.
+   * 
+   * @param element The <code>dsig:Signature</code> element to set.
+   */
+  public void setElement(Element element) {
+    this.element = element;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XMLSignature#getElement()
+   */
+  public Element getElement() {
+    return element;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java
new file mode 100644
index 0000000..d309302
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.Map;
+
+import iaik.server.modules.xml.XPath2Transformation;
+import iaik.server.modules.xml.XPath2Transformation.XPath2Filter;
+
+/**
+ * An object encapsulating an XPath-Filter2 expression.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPath2FilterImpl implements XPath2Filter {
+
+  /** The type of this filter. */
+  private String filterType;
+  /** The XPath expression of this filter. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to use for evaluating the XPath. */
+  private Map namespaceDeclarations;
+
+  /**
+   * Create a new <code>XPath2FilterImpl</code> object.
+   * 
+   * @param filterType The type of filter. Must be one of the filter type
+   * constants declared in <code>iaik.server.modules.xml.XPath2Transformation.XPath2Filter</code>
+   * @param xPathExpression The XPath expression belonging to this filter.
+   * @param namespaceDeclarations The namespace declarations visible for this
+   * XPath2Filter.
+   */
+  public XPath2FilterImpl(
+    String filterType,
+    String xPathExpression,
+    Map namespaceDeclarations) {
+
+    setFilterType(filterType);
+    setXPathExpression(xPathExpression);
+    setNamespaceDeclarations(namespaceDeclarations);
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getFilterType()
+   */
+  public String getFilterType() {
+    return filterType;
+  }
+
+  /**
+   * Set the filter type.
+   * 
+   * @param filterType The filter type to set.
+   */
+  protected void setFilterType(String filterType) {
+    this.filterType = filterType;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getXPathExpression()
+   */
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * Set the XPath expression.
+   * 
+   * @param xPathExpression The XPath expression to set.
+   */
+  protected void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getNamespaceDeclarations()
+   */
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+  /**
+   * Set the namespace declarations.
+   * 
+   * @param namespaceDeclarations The mapping between namespace prefixes and
+   * their associated URI.
+   */
+  protected void setNamespaceDeclarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  /**
+   * Compare this object to another.
+   * 
+   * @param other The object to compare this <code>XPath2Filter</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>XPath2Filter</code> and the filter types match and the XPath
+   * expressions match. Otherwise <code>false</code> is returned.
+   * @see java.lang.Object#equals(java.lang.Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof XPath2Transformation.XPath2Filter) {
+      XPath2Filter filter = (XPath2Transformation.XPath2Filter) other;
+      return getFilterType().equals(filter.getFilterType())
+        && getXPathExpression().equals(filter.getXPathExpression());
+    }
+    return false;
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getXPathExpression().hashCode() * 31 + getFilterType().hashCode();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java
new file mode 100644
index 0000000..f483b18
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.server.modules.xml.XPath2Transformation;
+
+/**
+ * An object encapsulating a <code>Transformation</code> containing several
+ * XPath-Filter2 expressions.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPath2TransformationImpl
+  extends TransformationImpl
+  implements XPath2Transformation {
+
+  /** The filters contained in this <code>XPath2Transformation</code> */
+  private List xPathFilters = new ArrayList();
+
+  /**
+   * Create a new <code>XPath2TransformationImpl</code>.
+   * 
+   * The list of XPath-Filter2 expression is initially empty.
+   */
+  public XPath2TransformationImpl() {
+    setAlgorithmURI(XPath2Transformation.XPATH2);
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation#getXPathFilters()
+   */
+  public List getXPathFilters() {
+    return xPathFilters;
+  }
+
+  /**
+   * Add an XPath-Filter2 expression to the list of filters.
+   * 
+   * @param filter The filter to add.
+   */
+  public void addXPathFilter(XPath2Filter filter) {
+    xPathFilters.add(filter);
+  }
+
+  /**
+   * Compare this <code>XPath2Transformation</code> to another.
+   * 
+   * @param other The object to compare this 
+   * <code>XPath2Transformation</code> to.
+   * @return <code>true</code>, if <code>other</code> is an
+   * <code>XPath2Transformation</code> and <code>getXPathFilters()</code> equals
+   * <code>other.getXPathFilters()</code>. Otherwise <code>false</code> is
+   * returned.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof XPath2Transformation) {
+      XPath2Transformation transform = (XPath2Transformation) other;
+
+      return getXPathFilters().equals(transform.getXPathFilters());
+    }
+    return false;
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    Iterator iter = getXPathFilters().iterator();
+    int hashCode = 0;
+
+    while (iter.hasNext()) {
+      hashCode ^= iter.next().hashCode();
+    }
+
+    return hashCode;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java
new file mode 100644
index 0000000..06cc319
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.Map;
+
+import iaik.server.modules.xml.XPathTransformation;
+
+/**
+ * A <code>Transformation</code> containing an XPath expression.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPathTransformationImpl
+  extends TransformationImpl
+  implements XPathTransformation {
+
+  /** The XPath expression. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to use for XPath evaluation. */
+  private Map namespaceDeclarations;
+
+  /**
+   * Create a new <code>XPathTransformationImpl</code>.
+   * 
+   * The namespace declarations are initialized empty.
+   * 
+   * @param xPathExpression The XPath expression this object will contain.
+   * @param namespaceDeclarations The namespace declarations visible for this
+   * XPath.
+   */
+  public XPathTransformationImpl(
+    String xPathExpression,
+    Map namespaceDeclarations) {
+
+    setAlgorithmURI(XPathTransformation.XPATH);
+    setXPathExpression(xPathExpression);
+    setNamespaceDeclarations(namespaceDeclarations);
+  }
+
+  /**
+   * Set the XPath expression.
+   * 
+   * @param xPathExpression The XPath expression.
+   */
+  protected void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPathTransformation#getXPathExpression()
+   */
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPathTransformation#getNamespaceDeclarations()
+   */
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+  /**
+   * Set the namespace declarations.
+   * 
+   * @param namespaceDeclarations The mapping between namespace prefixes and
+   * their associated URI.
+   */
+  protected void setNamespaceDeclarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  /**
+   * Compare this <code>XPathTransformation</code> to another.
+   * 
+   * @param other The object to compare this 
+   * <code>XPathTransformation</code> to.
+   * @return <code>true</code>, if <code>other</code> is an
+   * <code>XPathTransformation</code> and if this object contains the same XPath
+   * expression as <code>other</code>. Otherwise <code>false</code> is returned.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof XPathTransformation) {
+      XPathTransformation transform = (XPathTransformation) other;
+      return getXPathExpression().equals(transform.getXPathExpression());
+    }
+    return false;
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getXPathExpression().hashCode();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java
new file mode 100644
index 0000000..1c5d26a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Collections;
+
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.TransformException;
+import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.util.NodeListToNodeSetDataAdapter;
+import at.gv.egovernment.moa.util.NodeListAdapter;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.XPathException;
+import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.server.modules.xml.XSLTTransformation;
+import iaik.xml.crypto.dsig.XMLSignatureFactory;
+
+/**
+ * A <code>Transformation</code> containing an XSLT transformation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XSLTTransformationImpl extends TransformationImpl implements XSLTTransformation {
+
+	/** The XSLT stylesheet. */
+	private Element styleSheetElement;
+	/**
+	 * The hash code of the canonicalized stylesheet. If calculated, this value
+	 * should be != 0.
+	 */
+	private int hashCode;
+
+	/**
+	 * Create a new <code>XSLTTransformationImpl</code> object.
+	 * 
+	 * @param styleSheetElement
+	 *            The XSLT stylesheet element.
+	 */
+	public XSLTTransformationImpl(Element styleSheetElement) {
+		setAlgorithmURI(XSLTTransformation.XSLT);
+		setStyleSheetElement(styleSheetElement);
+	}
+
+	/**
+	 * Set the XSLT stylesheet element.
+	 * 
+	 * @param styleSheetElement
+	 *            The XSLT stylesheet element to set.
+	 */
+	protected void setStyleSheetElement(Element styleSheetElement) {
+		this.styleSheetElement = styleSheetElement;
+		this.hashCode = 0;
+	}
+
+	/**
+	 * @see iaik.server.modules.xml.XSLTTransformation#getStylesheetElement()
+	 */
+	public Element getStylesheetElement() {
+		return styleSheetElement;
+	}
+
+	/**
+	 * Compare this <code>XSLTTransformation</code> to another.
+	 * 
+	 * @param other
+	 *            The object to compare this <code>XSLTTransformation</code> to.
+	 * @return <code>true</code>, if <code>other</code> is an
+	 *         <code>XSLTTransformation</code> and if the canonicalized
+	 *         representations of the stylesheets contained in <code>this</code>
+	 *         and <code>other</code> match. Otherwise, <code>false</code> is
+	 *         returned.
+	 * @see java.lang.Object#equals(Object)
+	 */
+	public boolean equals(Object other) {
+		if (other instanceof XSLTTransformation) {
+			XSLTTransformation xslt = (XSLTTransformation) other;
+
+			return compareElements(getStylesheetElement(), xslt.getStylesheetElement());
+		}
+		return false;
+	}
+
+	/**
+	 * @see java.lang.Object#hashCode()
+	 */
+	public int hashCode() {
+		if (hashCode == 0) {
+			hashCode = calculateHashCode(getStylesheetElement());
+		}
+		return hashCode;
+	}
+
+	/**
+	 * Calculate the hash code for a DOM element by canonicalizing it.
+	 * 
+	 * @param element
+	 *            The DOM element for which the hash code is to be calculated.
+	 * @return int The hash code, or <code>0</code>, if it could not be
+	 *         calculated.
+	 */
+	private static int calculateHashCode(Element element) {
+		try {
+			InputStream is = canonicalize(element);
+			byte[] buf = new byte[256];
+			int hashCode = 1;
+			int length;
+			int i;
+
+			while ((length = is.read(buf)) > 0) {
+				for (i = 0; i < length; i++) {
+					hashCode += buf[i] * 31 + i;
+				}
+			}
+			is.close();
+			return hashCode;
+		} catch (IOException e) {
+			return 0;
+		} catch (NoSuchAlgorithmException e) {
+			return 0;
+		} catch (InvalidAlgorithmParameterException e) {
+			return 0;
+		} catch (TransformException e) {
+			return 0;
+		}
+	}
+
+	/**
+	 * Compare two DOM elements by canonicalizing their contents and comparing
+	 * the resulting byte stream.
+	 * 
+	 * @param elem1
+	 *            The 1st element to compare.
+	 * @param elem2
+	 *            The 2nd element to compare.
+	 * @return boolean <code>true</code>, if the elements are considered equal
+	 *         after canonicalization. Otherwise <code>false</code> is returned.
+	 */
+	private static boolean compareElements(Element elem1, Element elem2) {
+		try {
+			InputStream is1 = canonicalize(elem1);
+			InputStream is2 = canonicalize(elem2);
+			return StreamUtils.compareStreams(is1, is2);
+		} catch (IOException e) {
+			return false;
+		} catch (NoSuchAlgorithmException e) {
+			return false;
+		} catch (InvalidAlgorithmParameterException e) {
+			return false;
+		} catch (TransformException e) {
+			return false;
+		}
+	}
+
+	/**
+   * Canonicalize a DOM element.
+   * 
+   * @param element The element to canonicalize.
+   * @return InputStream A stream with the canonicalized data.
+	 * @throws InvalidAlgorithmParameterException 
+	 * @throws IOException 
+	 * @throws TransformException 
+   * @throws AlgorithmException An error occurred canonicalizing the element.
+   */
+  private static InputStream canonicalize(Element element)
+    throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, TransformException {
+	  CanonicalizationMethod canonicalizationMethod = XMLSignatureFactory.getInstance().newCanonicalizationMethod(
+			  CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec());
+	  
+    //CanonicalizationAlgorithm c14n =
+     // new CanonicalizationAlgorithmImplExclusiveCanonicalXML();
+    NodeList nodeList;
+  
+    try {
+      nodeList = XPathUtils.selectNodeList(element, XPathUtils.ALL_NODES_XPATH);
+    } catch (XPathException e) {
+      nodeList = new NodeListAdapter(Collections.EMPTY_LIST);
+    }
+    //c14n.setInput(nodeList);
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    canonicalizationMethod.transform(new NodeListToNodeSetDataAdapter(nodeList), null, baos);
+    baos.close();
+    return new ByteArrayInputStream(baos.toByteArray());
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java
new file mode 100644
index 0000000..310f2dd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+
+import java.util.List;
+
+import iaik.server.modules.xmlsign.DataObjectTreatment;
+
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+
+/**
+ * An object encapsulating how to treat an associated <code>DataObject</code>
+ * when creating a signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DataObjectTreatmentImpl implements DataObjectTreatment {
+  /** The final content MIME type. */
+  private String finalContentType;
+  /** The name of the hash algorithm. */
+  private String hashAlgorithmName;
+  /** This transformations to apply to the associated data object. */
+  private List transformationList;
+  /** Supplemental information for the transformations. */
+  private List transformationSupplements;
+  /** Whether to include the associated data object in the signature. */
+  private boolean includedInSignature;
+  /** Whether to include the associated data object in the manifest. */
+  private boolean referenceInManifest;
+  /** The object ID generator. */
+  private IdGenerator objIdGen;
+  
+  /**
+   * Create a new <code>DataObjectTreatmentImpl</code>.
+   * 
+   * @param objIdGen The <code>IdGenerator</code> for unique object IDs.
+   */
+  public DataObjectTreatmentImpl(IdGenerator objIdGen) {
+    this.objIdGen = objIdGen;
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getFinalContentType()
+   */
+  public String getFinalContentType() {
+    return finalContentType;
+  }
+
+  /**
+   * Sets the final content type.
+   * 
+   * @param finalContentType The final content type to set (a MIME-type type of
+   * <code>String</code>).
+   */
+  public void setFinalContentType(String finalContentType) {
+    this.finalContentType = finalContentType;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getHashAlgorithmName()
+   */
+  public String getHashAlgorithmName() {
+    return hashAlgorithmName;
+  }
+
+  /**
+   * Sets the hash algorithm name.
+   * 
+   * @param hashAlgorithmName The hash algorithm name to set.
+   */
+  public void setHashAlgorithmName(String hashAlgorithmName) {
+    this.hashAlgorithmName = hashAlgorithmName;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#isIncludedInSignature()
+   */
+  public boolean isIncludedInSignature() {
+    return includedInSignature;
+  }
+
+  /**
+   * Sets whether the associated <code>DataObject</code> is to be included in
+   * the signature.
+   * 
+   * @param includedInSignature If <code>true</code>, the associated
+   * <code>DataObject</code> will be included in the signature, otherwise not.
+   */
+  public void setIncludedInSignature(boolean includedInSignature) {
+    this.includedInSignature = includedInSignature;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#isReferenceInManifest()
+   */
+  public boolean isReferenceInManifest() {
+    return referenceInManifest;
+  }
+
+  /**
+   * Sets whether the associated <code>DataObject</code> is
+   * to be included in the <code>dsig:Manifest</code>.
+   * 
+   * @param referenceInManifest If <code>true</code>, the associated
+   * <code>DataObject</code> will be included in the manifest, otherwise not.
+   */
+  public void setReferenceInManifest(boolean referenceInManifest) {
+    this.referenceInManifest = referenceInManifest;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getTransformationList()
+   */
+  public List getTransformationList() {
+    return transformationList;
+  }
+
+  /**
+   * Set the list of transformations for the associated <code>DataObject</code>.
+   * 
+   * @param transformationList The transformations to set.
+   */
+  public void setTransformationList(List transformationList) {
+    this.transformationList = transformationList;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getTransformationSupplements()
+   */
+  public List getTransformationSupplements() {
+    return transformationSupplements;
+  }
+
+  /**
+   * Sets the transformation supplements for the associated
+   * <code>DataObject</code>.
+   * 
+   * @param transformationSupplements The transformation supplements to set.
+   */
+  public void setTransformationSupplements(List transformationSupplements) {
+    this.transformationSupplements = transformationSupplements;
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getDsigDataObjectID()
+   */
+  public String getDsigDataObjectID() {
+    return objIdGen.uniqueId();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
new file mode 100644
index 0000000..7d0c5a0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -0,0 +1,399 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+
+import iaik.server.modules.algorithms.SignatureAlgorithms;
+import iaik.server.modules.keys.AlgorithmUnavailableException;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+import iaik.server.modules.xml.Canonicalization;
+import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
+import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
+
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+
+/**
+ * An object providing auxiliary information for creating an XML signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureCreationProfileImpl
+  implements XMLSignatureCreationProfile {
+
+  /** The transformations to apply to a data object. */
+  private List dataObjectTreatmentList;
+  /** The set of keys available to the signing process. */
+  private Set keySet;
+  /** The type URI of the signature manifest. */
+  private String securityLayerManifestTypeURI;
+  /** Whether the created signature is to be Security Layer conform. */ 
+  private boolean securityLayerConform;
+  /** Where to insert the signature into the signature environment. */
+  private XMLSignatureInsertionLocation signatureInsertionLocation;
+  /** The signature structur type. */
+  private String signatureStructureType;
+  /** The type of <code>Canonicalization</code> to use for the signed info. */
+  private Canonicalization signedInfoCanonicalization;
+  /** Properties to be signed during signature creation. */ 
+  private List signedProperties;
+  /** The ID generator for signature IDs. */
+  private IdGenerator signatureIDGenerator;
+  /** The ID generator for manifst IDs. */
+  private IdGenerator manifestIDGenerator;
+  /** The ID generator for XMLDsig manifest IDs. */
+  private IdGenerator dsigManifestIDGenerator;
+  /** The ID generator for signed property IDs. */
+  private IdGenerator propertyIDGenerator;
+  /** The selected digest method algorithm if XAdES 1.4.2 is used   */
+  private String digestMethodXAdES142;
+  
+  
+  /**
+   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * 
+   * @param createProfileCount Provides external information about the 
+   * number of calls to the signature creation module, using the same request.
+   * @param reservedIDs The set of IDs that must not be used while generating
+   * new IDs.
+   */
+  public XMLSignatureCreationProfileImpl(
+    int createProfileCount,
+    Set reservedIDs,
+    String digestMethodXAdES142) {
+    signatureIDGenerator =
+      new IdGenerator("signature-" + createProfileCount, reservedIDs);
+    manifestIDGenerator =
+      new IdGenerator("manifest-" + createProfileCount, reservedIDs);
+    dsigManifestIDGenerator =
+      new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs);
+    propertyIDGenerator =
+      new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
+    this.digestMethodXAdES142 = digestMethodXAdES142;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDataObjectTreatmentList()
+   */
+  public List getDataObjectTreatmentList() {
+    return dataObjectTreatmentList;
+  }
+
+  /**
+   * Sets the list of <code>DataObjectTreatment</code>s.
+   * 
+   * @param dataObjectTreatmentList The <code>DataObjectTreatment</code>s to
+   * set.
+   */
+  public void setDataObjectTreatmentList(List dataObjectTreatmentList) {
+    this.dataObjectTreatmentList = dataObjectTreatmentList;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
+   */
+  public Set getKeySet() {
+    return keySet;
+  }
+
+  /**
+   * Set the set of <code>KeyEntryID</code>s which may be used for signature
+   * creation.
+   * 
+   * @param keySet The set of <code>KeyEntryID</code>s to set.
+   */
+  public void setKeySet(Set keySet) {
+    this.keySet = keySet;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestTypeURI()
+   */
+  public String getSecurityLayerManifestTypeURI() {
+    return securityLayerManifestTypeURI;
+  }
+
+  /**
+   * Set the SecurityLayerManifestTypeURI.
+   * 
+   * @param securityLayerManifestTypeURI The SecurityLayerManifestTypeURI to
+   * set.
+   */
+  public void setSecurityLayerManifestTypeURI(String securityLayerManifestTypeURI) {
+    this.securityLayerManifestTypeURI = securityLayerManifestTypeURI;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
+   */
+  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
+    throws AlgorithmUnavailableException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    TransactionId tid = new TransactionId(context.getTransactionID());
+    KeyModule module = KeyModuleFactory.getInstance(tid);
+    Set algorithms;
+
+    try {
+      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
+    } catch (UnknownKeyException e) {
+      throw new AlgorithmUnavailableException(
+        "Unknown key entry: " + selectedKeyID,
+        e,
+        null);
+    }
+    
+    if (digestMethodXAdES142 == null) {
+    	// XAdES 1.4.2 not enabled - legacy MOA
+        if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)  
+        		|| algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+
+        	return SignatureAlgorithms.SHA1_WITH_RSA;
+        } else if (
+        		algorithms.contains(SignatureAlgorithms.ECDSA)) {
+        	return SignatureAlgorithms.ECDSA;
+        } else if (
+        		algorithms.contains(SignatureAlgorithms.DSA)) {
+        	return SignatureAlgorithms.DSA; 
+        } else {
+        	throw new AlgorithmUnavailableException(
+        			"No algorithm for key entry: " + selectedKeyID,
+        			null,
+        	        null);
+        }
+    }
+    else {
+    	// XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method
+    	if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
+    		Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
+             }
+    		
+    	} else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethodXAdES142,
+         			null,
+         	        null);
+         }
+    	
+    }
+    
+
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureInsertionLocation()
+   */
+  public XMLSignatureInsertionLocation getSignatureInsertionLocation() {
+    return signatureInsertionLocation;
+  }
+
+  /**
+   * Set the location where the signature is to be inserted into the signature
+   * parent.
+   * 
+   * @param signatureInsertionLocation The location to set.
+   */
+  public void setSignatureInsertionLocation(XMLSignatureInsertionLocation signatureInsertionLocation) {
+    this.signatureInsertionLocation = signatureInsertionLocation;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureStructureType()
+   */
+  public String getSignatureStructureType() {
+    return signatureStructureType;
+  }
+
+  /**
+   * Set the signature structure type.
+   * @param signatureStructureType The signature structure type to set.
+   */
+  public void setSignatureStructureType(String signatureStructureType) {
+    this.signatureStructureType = signatureStructureType;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedInfoCanonicalization()
+   */
+  public Canonicalization getSignedInfoCanonicalization() {
+    return signedInfoCanonicalization;
+  }
+
+  /**
+   * Sets the canonicalization method to use for the SignedInfo object.
+   * 
+   * @param signedInfoCanonicalization The canonicalization method to set.
+   */
+  public void setSignedInfoCanonicalization(Canonicalization signedInfoCanonicalization) {
+    this.signedInfoCanonicalization = signedInfoCanonicalization;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * Set the signed properties.
+   * 
+   * @param signedProperties The signed properties to set.
+   */
+  public void setSignedProperties(List signedProperties) {
+    this.signedProperties = signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   * 
+   * @param securityLayerConform <code>true</code>, if the created signature
+   * is to be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureID()
+   */
+  public String getSignatureID() {
+    return signatureIDGenerator.uniqueId();
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestID()
+   */
+  public String getSecurityLayerManifestID() {
+    return manifestIDGenerator.uniqueId();
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDsigManifestID()
+   */
+  public String getDsigManifestID() {
+    return dsigManifestIDGenerator.uniqueId();
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedPropertiesID()
+   */
+  public String getSignedPropertiesID() {
+    return propertyIDGenerator.uniqueId();
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs()
+   */
+  public boolean getPermitFileURIs() {
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java
new file mode 100644
index 0000000..90c1f49
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+
+import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
+
+/**
+ * An object giving the location of where the signature will be
+ * inserted into the parent element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureInsertionLocationImpl
+  implements XMLSignatureInsertionLocation {
+
+  /** Where to put the signature into the signature parent element. */
+  private int signatureChildIndex;
+  
+  /**
+   * Create a new <code>XMLSignatureInsertLocationImpl</code>.
+   * 
+   * @param signatureChildIndex The position index at which to append the
+   * signature to the parent element.
+   */
+  public XMLSignatureInsertionLocationImpl(int signatureChildIndex) {
+    setSignatureChildIndex(signatureChildIndex);
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureInsertionLocation#getSignatureChildIndex()
+   */
+  public int getSignatureChildIndex() {
+    return signatureChildIndex;
+  }
+
+  /**
+   * Sets the position index at which to append the signature to the parent
+   * element.
+   * 
+   * @param signatureChildIndex The position index to set.
+   */
+  public void setSignatureChildIndex(int signatureChildIndex) {
+    this.signatureChildIndex = signatureChildIndex;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
new file mode 100644
index 0000000..f4c9126
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlverify;
+
+import java.util.List;
+
+import iaik.pki.PKIProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+
+/**
+ * An object providing auxiliary information for verifying an XML signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureVerificationProfileImpl
+  implements XMLSignatureVerificationProfile {
+
+  /** Whether to check the Security Layer manifest. */
+  private boolean checkSecurityLayerManifest;
+  /** Whether to check the XMLDsig manifest. */
+  private boolean checkXMLDsigManifests;
+  /** The profile for validating the signer certificate. */
+  private PKIProfile certificateValidationProfile;
+  /** Supplements for the transformations. */
+  private List transformationSupplements;
+  /** Whether to include hash input data in the response. */
+  private boolean includeHashInputData;
+  /** Whether to include reference input data in the response. */
+  private boolean includeReferenceInputData;
+  /** Whether the file URIs are permitted */
+  private boolean permitFileURIs;
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest()
+   */
+  public boolean checkSecurityLayerManifest() {
+    return checkSecurityLayerManifest;
+  }
+
+  /**
+   * Set whether to check the references in the Security Layer manifest.
+   * 
+   * @param checkSecurityLayerManifest <code>true</code>, if the references
+   * in the Security Layer manifest must be checked.
+   */
+  public void setCheckSecurityLayerManifest(boolean checkSecurityLayerManifest) {
+    this.checkSecurityLayerManifest = checkSecurityLayerManifest;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkXMLDsigManifests()
+   */
+  public boolean checkXMLDsigManifests() {
+    return checkXMLDsigManifests;
+  }
+
+  /**
+   * Sets whether to check the references of all XML Dsig manifests.
+   * 
+   * @param checkXMLDSigManifests <code>true</code>, if the references in the
+   * XML Dsig manifest must be checked.
+   */
+  public void setCheckXMLDsigManifests(boolean checkXMLDSigManifests) {
+    this.checkXMLDsigManifests = checkXMLDSigManifests;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getCertificateValidationProfile()
+   */
+  public PKIProfile getCertificateValidationProfile() {
+    return certificateValidationProfile;
+  }
+
+  /**
+   * Sets the profile for validating the signer certificate.
+   * 
+   * @param certificateValidationProfile The certificate validation profile to
+   * set.
+   */
+  public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) {
+    this.certificateValidationProfile = certificateValidationProfile;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getTransformationSupplements()
+   */
+  public List getTransformationSupplements() {
+    return transformationSupplements;
+  }
+
+  /**
+   * Sets the transformation supplements.
+   * 
+   * @param transformationSupplements The transformation supplements to set.
+   */
+  public void setTransformationSupplements(List transformationSupplements) {
+    this.transformationSupplements = transformationSupplements;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#includeHashInputData()
+   */
+  public boolean includeHashInputData() {
+    return includeHashInputData;
+  }
+
+  /**
+   * Set whether to include the hash input data in the result.
+   * 
+   * @param includeHashInputData If <code>true</code>, the hash input data
+   * will be returned in the result.
+   */
+  public void setIncludeHashInputData(boolean includeHashInputData) {
+    this.includeHashInputData = includeHashInputData;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#includeReferenceInputData()
+   */
+  public boolean includeReferenceInputData() {
+    return includeReferenceInputData;
+  }
+
+  /**
+   * Set whether to include the reference input data in the result.
+   * 
+   * @param includeReferenceInputData If <code>true</code>, the reference
+   * input data will be included in the result.
+   */
+  public void setIncludeReferenceInputData(boolean includeReferenceInputData) {
+    this.includeReferenceInputData = includeReferenceInputData;
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs() 
+   */
+  public boolean getPermitFileURIs() {
+    return permitFileURIs;
+  }
+  
+  /**
+   * Set whether the file URIs are permitted or not
+   * 
+   * @param permitFileURIs whether the file URIs are permitted or not
+   */
+  public void setPermitFileURIs(boolean permitFileURIs)
+  {
+    this.permitFileURIs = permitFileURIs;
+  }
+
+  @Override
+  public String getTargetLevel() {
+	return XMLSignatureVerificationProfile.LEVEL_B;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ConfiguratorImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ConfiguratorImpl.java
new file mode 100644
index 0000000..8ab01d6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ConfiguratorImpl.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.init;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+
+/**
+ * Default implementation of <code>Configurator</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfiguratorImpl extends Configurator {
+  /** whether the configuration has been initialized */
+  private boolean initialized = false;
+
+  public void init() throws MOAException {
+    if (!initialized) {
+      SystemInitializer.init();
+      initialized = true;
+    }
+  }
+
+  public void update() throws MOAException {
+    if (!initialized) {
+      return;
+    }
+    
+    try {
+      // reconfigure the system
+      ConfigurationProvider config = ConfigurationProvider.reload();
+      new IaikConfigurator().configure(config);
+    } catch (MOAException e) {
+      throw e;
+    } catch (Throwable t) {
+      throw new ConfigurationException("", null, t);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ExternalInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ExternalInitializer.java
new file mode 100644
index 0000000..692ee53
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ExternalInitializer.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.spss.server.init;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+public interface ExternalInitializer {
+	public void initialize(ConfigurationProvider configurationProvider);
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
new file mode 100644
index 0000000..f2663cf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -0,0 +1,253 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.init;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.Iterator;
+import java.util.ServiceLoader;
+import java.util.Timer;
+
+import org.slf4j.LoggerFactory;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.service.RevocationArchiveCleaner;
+import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
+import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.truststore.TrustStoreException;
+import iaik.server.ConfigurationData;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
+
+/**
+ * MOA SP/SS web service initialization.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SystemInitializer {
+  /** Interval between archive cleanups in seconds */
+  private static final long ARCHIVE_CLEANUP_INTERVAL = 60 * 60; // 1h
+  /** The MOA SP/SS logging hierarchy. */
+  private static final String LOGGING_HIERARCHY = "moa.spss.server";
+  /** Whether XML schema grammars have been initialized. */
+  private static boolean grammarsInitialized = false;
+  
+  private static final org.slf4j.Logger logger = LoggerFactory.getLogger(SystemInitializer.class);
+
+  private static ServiceLoader<ExternalInitializer> initializerServices = 
+		  ServiceLoader.load(ExternalInitializer.class);
+  
+  
+  private static void runInitializer(ConfigurationProvider configurationProvider) {
+	  Iterator<ExternalInitializer> initializerIterator = initializerServices.iterator();
+	  
+	  while(initializerIterator.hasNext()) {
+		  ExternalInitializer externalInitializer = initializerIterator.next();
+		  externalInitializer.initialize(configurationProvider);
+	  }
+  }
+  
+  /**
+   * Initialize the MOA SP/SS webservice.
+   */
+  public static void init() {
+	  
+	  logger.info("##############################################################################");
+	  logger.info("##############################################################################");
+	  logger.info("###                                                                        ###");
+	  logger.info("###                          LOADING MOA-SIG                               ###");
+	  logger.info("###                          ===============                               ###");
+	  logger.info("###                                                                        ###");
+	  logger.info("##############################################################################");
+	  logger.info("##############################################################################");
+	  
+    MessageProvider msg = MessageProvider.getInstance();
+
+    Thread archiveCleaner;
+
+    // set up the MOA SPSS logging hierarchy
+    Logger.setHierarchy(LOGGING_HIERARCHY);
+
+    // set up a logging context for logging the startup
+    LoggingContextManager.getInstance().setLoggingContext(
+      new LoggingContext("startup"));
+ 
+//    AxisProperties.setProperty("enableNamespacePrefixOptimization","false");
+//    AxisProperties.setProperty("disablePrettyXML", "true");
+//    AxisProperties.setProperty("axis.doAutoTypes", "true");
+    
+    // initialize preparsed Xerces grammar pool for faster XML 
+    // parsing/validating
+    try {
+      if (!grammarsInitialized) {
+        Class clazz = SystemInitializer.class;
+        // preparse XML schema
+        DOMUtils.addSchemaToPool(
+          clazz.getResourceAsStream(Constants.XML_SCHEMA_LOCATION),
+          Constants.XML_NS_URI);
+        // preparse XMLDsig Filter2 schema
+        DOMUtils.addSchemaToPool(
+          clazz.getResourceAsStream(Constants.DSIG_FILTER2_SCHEMA_LOCATION),
+          Constants.DSIG_FILTER2_NS_URI);
+        // preparse XMLDsig schema
+        DOMUtils.addSchemaToPool(
+          clazz.getResourceAsStream(Constants.DSIG_SCHEMA_LOCATION),
+          Constants.DSIG_NS_URI);
+        // preparse MOA schema
+        DOMUtils.addSchemaToPool(
+          clazz.getResourceAsStream(Constants.MOA_SCHEMA_LOCATION),
+          Constants.MOA_NS_URI);
+        grammarsInitialized = true;
+      }
+    } catch (IOException e) {
+      Logger.warn(new LogMsg(msg.getMessage("init.04", null)), e);
+    }
+    
+    // initialize configuration
+    try {
+      ConfigurationProvider config = ConfigurationProvider.getInstance();
+      Logger.info("Building ConfigurationData");
+      ConfigurationData configData = new IaikConfigurator().configure(config);
+      
+      //initialize TSL module
+      TSLConfiguration tslconfig = config.getTSLConfiguration();
+      
+      TSLConnector tslconnector = new TSLConnector();
+      if (tslconfig != null) {
+    	  //Logger.info(new LogMsg(msg.getMessage("init.01", null)));
+    	  Logger.info(new LogMsg(msg.getMessage("config.41", null)));
+    	  tslconnector.initialize(tslconfig.getEuTSLUrl(), tslconfig.getWorkingDirectory(), null, null);
+  		  
+      }
+            
+      //start TSL Update
+      TSLUpdaterTimerTask.tslconnector_ = tslconnector;
+      TSLUpdaterTimerTask.configData_ = configData;
+      TSLUpdaterTimerTask.update();
+      
+      //initialize TSL Update Task
+      initTSLUpdateTask(tslconfig);
+
+      runInitializer(config);
+      
+      Logger.info(new LogMsg(msg.getMessage("init.01", null)));
+    } catch (MOAException e) {
+      Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } 
+    catch (TSLEngineDiedException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+	} 
+    catch (TSLSearchException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } 
+    catch (CertStoreException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } catch (TrustStoreException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } catch (FileNotFoundException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } catch (IOException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } catch (CertificateException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+	}
+
+    
+    
+    // CHANGE IXSIL to XSECT
+    // set IXSIL debug output
+    //IXSILInit.setPrintDebugLog(
+    //  Logger.isDebugEnabled(IaikLog.IAIK_LOG_HIERARCHY));
+    //Logger.info("Registering XSECT");
+    //XSecProvider.addAsProvider(true);
+    
+    // start the archive cleanup thread
+    archiveCleaner =
+      new Thread(new RevocationArchiveCleaner(ARCHIVE_CLEANUP_INTERVAL));
+    archiveCleaner.setName("RevocationArchiveCleaner");
+    archiveCleaner.setDaemon(true);
+    archiveCleaner.setPriority(Thread.MIN_PRIORITY);
+    archiveCleaner.start();
+
+    // unset the startup logging context
+    LoggingContextManager.getInstance().setLoggingContext(null);
+    logger.info("==============================================================================");
+    logger.info("===                            CONFIGURATION DONE                          ===");
+    logger.info("==============================================================================");
+  }
+  
+  private static void initTSLUpdateTask(TSLConfiguration tslconfig) {
+	  MessageProvider msg = MessageProvider.getInstance();
+      if (tslconfig != null) {
+    	  // get start time and period from config
+    	  long period = tslconfig.getUpdateSchedulePeriod();
+    	  Date startConfig = tslconfig.getUpdateScheduleStartTime();
+    	  
+    	  // get hh:mm:ss from config date
+    	  Calendar calendar = GregorianCalendar.getInstance(); // creates a new calendar instance
+    	  calendar.setTime(startConfig);   		// assigns calendar to given date 
+    	  int hour = calendar.get(Calendar.HOUR_OF_DAY);
+    	  int min = calendar.get(Calendar.MINUTE);
+    	  int sec = calendar.get(Calendar.SECOND);
+    	  
+    	  // create date with today and time from config
+    	  Calendar cal = Calendar.getInstance();
+    	  Date now = cal.getTime();
+    	  cal.set(Calendar.HOUR_OF_DAY, hour);
+    	  cal.set(Calendar.MINUTE, min);
+    	  cal.set(Calendar.SECOND, sec);
+
+    	  // proposed start time
+    	  Date start = cal.getTime();
+    	   
+    	  // if start time has already passed today - add one day (86400000 milliseconds = 1 day)
+    	  if (start.before(now))
+    		  start = new Date(start.getTime() + 86400000);    		
+    	  
+    	  Logger.debug(new LogMsg(msg.getMessage("config.46", new String[]{start.toString(), "" + period})));
+    	  
+    	  // start TSL updater task
+    	  Timer timer = new Timer();
+          timer.schedule(new TSLUpdaterTimerTask(), start, period);
+      }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
new file mode 100644
index 0000000..718673a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -0,0 +1,437 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.algorithms.HashAlgorithms;
+import iaik.server.modules.cmssign.CMSSignature;
+import iaik.server.modules.cmssign.CMSSignatureCreationException;
+import iaik.server.modules.cmssign.CMSSignatureCreationModule;
+import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureResponseImpl;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A class providing an API based interface to the
+ * <code>CMSSignatureCreationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.cmssign.CMSSignatureCreationModule</code> from a
+ * <code>CreateCMSSignatureRequest</code> given as an API object. The result of
+ * the invocation is integrated into a <code>CreateCMSSignatureResponse</code>
+ * and returned.
+ * 
+ * @version $Id$
+ */
+public class CMSSignatureCreationInvoker {
+	
+	 private static Map HASH_ALGORITHM_MAPPING;
+
+	  static {
+	    HASH_ALGORITHM_MAPPING = new HashMap();
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512);
+	  }
+	  
+
+  /** The single instance of this class. */
+  private static CMSSignatureCreationInvoker instance = null;
+
+  /**
+   * Get the only instance of this class.
+   * 
+   * @return The only instance of this class.
+   */
+  public static synchronized CMSSignatureCreationInvoker getInstance() {
+    if (instance == null) {
+      instance = new CMSSignatureCreationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>CMSSignatureCreationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected CMSSignatureCreationInvoker() {
+  }
+  
+ 
+
+  /**
+   * Process the <code>CreateCMSSignatureRequest<code> message and invoke the
+   * <code>XMLSignatureCreationModule</code> for every
+   * <code>SingleSignatureInfo</code> contained in the request.
+   * 
+   * @param request A <code>CreateCMSSignatureRequest<code> API object
+   * containing the information for creating the signature(s).
+   * @param reserved A <code>Set</code> of reserved object IDs.
+   * 
+   * @return A <code>CreateCMSSignatureResponse</code> API object containing
+   * the created signature(s). The response contains either a
+   * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code>
+   * for each <code>SingleSignatureInfo</code> in the request.
+   * @throws MOAException An error occurred during signature creation. 
+   */
+  public CreateCMSSignatureResponse createCMSSignature(
+    CreateCMSSignatureRequest request,
+    Set reserved)
+    throws MOAException {
+
+	  TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();	  
+	  //LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
+
+	  CreateCMSSignatureResponseBuilder responseBuilder = new CreateCMSSignatureResponseBuilder();
+	  CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl();
+
+	  boolean isSecurityLayerConform = false;
+	  String structure = null;
+	  String mimetype = null;
+	  
+	  // select the SingleSignatureInfo elements
+	  Iterator singleSignatureInfoIter = request.getSingleSignatureInfos().iterator();
+
+    // iterate over all the SingleSignatureInfo elements in the request
+	  while (singleSignatureInfoIter.hasNext()) {
+		  SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next();
+		  isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
+		  
+		  
+		  DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
+		  structure = dataObjectInfo.getStructure();
+		  
+		  CMSDataObject dataobject = dataObjectInfo.getDataObject();
+		  MetaInfo metainfo = dataobject.getMetaInfo();
+		  mimetype = metainfo.getMimeType();
+			  
+		  CMSContent content = dataobject.getContent();
+		  InputStream contentIs = null;
+		  // build the content data
+		  switch (content.getContentType()) {
+		  	case CMSContent.EXPLICIT_CONTENT :			    	  
+		  		contentIs = ((CMSContentExcplicit) content).getBinaryContent();
+		  		break;
+		  	case CMSContent.REFERENCE_CONTENT :
+		  		String reference = ((CMSContentReference) content).getReference();
+		  		if (!"".equals(reference)) {
+		  			ExternalURIResolver resolver = new ExternalURIResolver();
+		  			contentIs = resolver.resolve(reference);
+		  		} else {
+		  			throw new MOAApplicationException("2301", null);
+		  		}
+			    break;
+		  	default : {
+		  		throw new MOAApplicationException("2301", null);
+		  	}
+		  }
+			
+		  // create CMSSignatureCreationModuleFactory
+		  CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance();			    
+			    
+		  List signedProperties = null;
+		  boolean includeData = true;
+		  if (structure.compareTo("enveloping") == 0)
+			  includeData = true;
+		  if (structure.compareTo("detached") == 0)
+			  includeData = false;
+			    
+		  ConfigurationProvider config = context.getConfiguration();
+			    
+		  // get the key group id
+		  String keyGroupID = request.getKeyIdentifier();
+		  // set the key set
+		  Set keySet = buildKeySet(keyGroupID);
+		  if (keySet == null) {
+			  throw new MOAApplicationException("2231", null);
+		  } else if (keySet.size() == 0) {
+			  throw new MOAApplicationException("2232", null);
+		  }
+			    
+		  // get digest algorithm
+		  String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
+			    
+		  // create CMSSignatureCreation profile:			    
+		  CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
+				  keySet,
+				  digestAlgorithm, 
+				  signedProperties,
+				  isSecurityLayerConform, 
+				  includeData, 
+				  mimetype);
+		  
+		  // create CMSSignature from the CMSSignatureCreationModule
+		  // build the additionalSignedProperties
+		  List additionalSignedProperties = buildAdditionalSignedProperties();
+		  TransactionId tid = new TransactionId(context.getTransactionID());
+		  try {
+			  CMSSignature signature = module.createSignature(profile, additionalSignedProperties, tid);
+			  ByteArrayOutputStream out = new ByteArrayOutputStream();
+			  // get CMS SignedData output stream from the CMSSignature and wrap it around out
+			  boolean base64 = true;
+			  OutputStream  signedDataStream = signature.getSignature(out, base64);
+					 
+			  // now write the data to be signed to the signedDataStream
+			  
+			  int byteRead;
+			  BigDecimal counter = new BigDecimal("0");
+			  BigDecimal one = new BigDecimal("1");
+			  
+			  while ((byteRead=contentIs.read()) >= 0) {
+				  //System.out.println("counterXX: " + counter);
+				  
+				  if (inRange(counter, dataobject)) {
+					  //System.out.println("Lösche...");
+					  // set byte to 0x00
+					  signedDataStream.write(0);
+				  }
+				  else
+					  signedDataStream.write(byteRead);
+				  
+				  counter = counter.add(one);				  
+			  }
+			  
+			  
+//			  byte[] buf = new byte[4096];
+//			  int bytesRead;
+//			  while ((bytesRead = contentIs.read(buf)) >= 0) {
+//				  signedDataStream.write(buf, 0, bytesRead);
+//			  } 
+//					 
+			  // finish SignedData processing by closing signedDataStream
+			  signedDataStream.close();
+			  String base64value = out.toString();
+					 
+			  responseBuilder.addCMSSignature(base64value);
+					
+					
+		  } catch (CMSSignatureCreationException e) {
+			  MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+
+	          responseBuilder.addError(
+	            moaException.getMessageId(),
+	            moaException.getMessage());
+	          Logger.warn(moaException.getMessage(), e);
+	          
+		  } 
+		  catch (IOException e) {
+			  throw new MOAApplicationException("2301", null, e);			  
+		  }
+			
+	  }
+	  
+
+    return responseBuilder.getResponse();
+  }
+  
+  private boolean inRange(BigDecimal counter, CMSDataObject dataobject) {
+	  BigDecimal from = dataobject.getExcludeByteRangeFrom();
+	  BigDecimal to = dataobject.getExcludeByteRangeTo();
+	  
+	  if ( (from == null) || (to == null))
+		  return false;
+	  
+	  int compare = counter.compareTo(from);
+	  if (compare == -1)
+		  return false;
+	  else {
+		  compare = counter.compareTo(to);
+		  if (compare == 1)
+			  return false;
+		  else
+			  return true;
+	  }
+				  
+	  
+	  
+  }
+
+  
+  private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException {
+	// get digest method on key group level (if configured)
+	    String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm();
+	    // get default digest method (if configured)
+	    String configDigestMethod = config.getDigestMethodAlgorithmName();
+	    
+	    
+	    String digestMethod = null;
+	    if (configDigestMethodKG != null) {
+	    	// if KG specific digest method is configured
+	    	digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG);
+	    	if (digestMethod == null) {
+	    		error(
+	    				"config.17",
+	    				new Object[] { configDigestMethodKG});
+	    		throw new MOASystemException("2900", null);    			
+	    	}
+	    	Logger.debug("Digest algorithm: " + digestMethod + "(configured in KeyGroup)");
+	    }	    	
+	    else {
+	    	// else get default configured digest method
+	    	digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod);
+	    	if (digestMethod == null) {
+	    		error(
+	    				"config.17",
+	    				new Object[] { configDigestMethod});
+	    		throw new MOASystemException("2900", null);	
+	    	}
+	    	Logger.debug("Digest algorithm: " + digestMethod + "(default)");
+	    	
+	    }
+		return digestMethod;
+  }
+  
+  /**
+   * Utility function to issue an error message to the log.
+   * 
+   * @param messageId The ID of the message to log.
+   * @param parameters Additional message parameters.
+   */
+  private static void error(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    Logger.error(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+  
+  /**
+   * Build the set of <code>KeyEntryID</code>s available to the given
+   * <code>keyGroupID</code>.
+   * 
+   * @param keyGroupID The keygroup ID for which the available keys should be
+   * returned.
+   * @return The <code>Set</code> of <code>KeyEntryID</code>s
+   * identifying the available keys.
+   */
+  private Set buildKeySet(String keyGroupID) {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    Set keyGroupEntries;
+
+    // get the KeyGroup entries from the configuration
+    if (context.getClientCertificate() != null) {
+      X509Certificate cert = context.getClientCertificate()[0];
+      Principal issuer = cert.getIssuerDN();
+      BigInteger serialNumber = cert.getSerialNumber();
+
+      keyGroupEntries =
+        config.getKeyGroupEntries(issuer, serialNumber, keyGroupID);
+    } else {
+      keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
+    }
+
+    // map the KeyGroup entries to a set of KeyEntryIDs
+    if (keyGroupEntries == null) {
+      return null;
+    } else if (keyGroupEntries.size() == 0) {
+      return Collections.EMPTY_SET;
+    } else {
+      KeyModule module =
+        KeyModuleFactory.getInstance(
+          new TransactionId(context.getTransactionID()));
+      Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+      Set keySet = new HashSet();
+      Iterator iter;
+
+      // filter out the keys that do not exist in the IAIK configuration
+      // by walking through the key entries and checking if the exist in the
+      // keyGroupEntries
+      for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+        KeyEntryID entryID = (KeyEntryID) iter.next();
+        KeyGroupEntry entry =
+          new KeyGroupEntry(
+            entryID.getModuleID(),
+            entryID.getCertificateIssuer(),
+            entryID.getCertificateSerialNumber());
+        if (keyGroupEntries.contains(entry)) {
+          keySet.add(entryID);
+        }
+      }
+      return keySet;
+    }
+  }
+
+  /**
+   * Build the list of additional signed properties.
+   * 
+   * Based on the generic configuration setting
+   * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a
+   * constant <code>SigningTime</code> will be added to the properties.
+   * 
+   * @return The <code>List</code> of additional signed properties.
+   */
+  private List buildAdditionalSignedProperties() {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List additionalSignedProperties = Collections.EMPTY_LIST;
+
+    return additionalSignedProperties;
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
new file mode 100644
index 0000000..aca6f58
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -0,0 +1,371 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationModule;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
+import at.gv.egovernment.moa.spss.util.QCSSCDResult;
+
+/**
+ * A class providing an interface to the
+ * <code>CMSSignatureVerificationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.cmsverify.CMSSignatureVerificationModule</code>
+ * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation 
+ * is integrated into a <code>VerifyCMSSignatureResponse</code> returned.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureVerificationInvoker {
+
+  /** The single instance of this class. */
+  private static CMSSignatureVerificationInvoker instance = null;
+
+  /**
+   * Return the only instance of this class.
+   * 
+   * @return The only instance of this class.
+   */
+  public static synchronized CMSSignatureVerificationInvoker getInstance() {
+    if (instance == null) {
+      instance = new CMSSignatureVerificationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>CMSSignatureVerificationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected CMSSignatureVerificationInvoker() {
+  }
+
+  /**
+   * Verify a CMS signature.
+   * 
+   * @param request The <code>VerifyCMSSignatureRequest</code> containing the
+   * CMS signature, as well as additional data needed for verification.
+   * @return Element A <code>VerifyCMSSignatureResponse</code> containing the
+   * answer to the <code>VerifyCMSSignatureRequest</code>.
+   * @throws MOAException An error occurred while processing the request.
+   */
+  public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request)
+    throws MOAException {
+	  
+    CMSSignatureVerificationProfileFactory profileFactory =
+      new CMSSignatureVerificationProfileFactory(request);
+    VerifyCMSSignatureResponseBuilder responseBuilder =
+      new VerifyCMSSignatureResponseBuilder();
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    LoggingContext loggingCtx =
+      LoggingContextManager.getInstance().getLoggingContext();
+    InputStream signature;
+    InputStream signedContent = null;
+    CMSSignatureVerificationProfile profile;
+    Date signingTime;
+    List results;
+    CMSSignatureVerificationResult result;
+    int[] signatories;
+    InputStream input;
+    byte[] buf = new byte[256];
+
+    // get the signature
+    signature = request.getCMSSignature();
+
+ // get the actual trustprofile
+    TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+    
+    try {
+      // get the signed content
+      signedContent = getSignedContent(request);
+      
+      // build the profile
+      profile = profileFactory.createProfile();
+
+      // get the signing time
+      signingTime = request.getDateTime();
+
+      // verify the signature
+      CMSSignatureVerificationModule module =
+        CMSSignatureVerificationModuleFactory.getInstance();
+
+      module.setLog(new IaikLog(loggingCtx.getNodeID()));
+      
+      module.init(
+        signature,
+        signedContent,
+        profile,
+        new TransactionId(context.getTransactionID()));
+      input = module.getInputStream();
+
+      while (input.read(buf) > 0);
+      results = module.verifySignature(signingTime);
+      
+      
+    } catch (IAIKException e) {
+      MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+      throw moaException;
+    } catch (IAIKRuntimeException e) {
+      MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+      throw moaException;
+    } catch (IOException e) {
+      throw new MOAApplicationException("2244", null, e);
+    } catch (MOAException e)
+    {
+      throw e;
+    }
+    finally
+    {
+      try
+      {
+        if (signedContent != null) signedContent.close();
+      }
+      catch (Throwable t)
+      {
+        // Intentionally do nothing here
+      }
+    }
+
+    QCSSCDResult qcsscdresult = new QCSSCDResult();
+    
+    // build the response: for each signatory add the result to the response
+    signatories = request.getSignatories();
+    if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) {
+      Iterator resultIter;
+
+      for (resultIter = results.iterator(); resultIter.hasNext();) {
+        result = (CMSSignatureVerificationResult) resultIter.next();
+        String issuerCountryCode = null;
+        // QC/SSCD check
+        List list = result.getCertificateValidationResult().getCertificateChain();
+        if (list != null) {
+            X509Certificate[] chain = new X509Certificate[list.size()];
+            
+            Iterator it = list.iterator();
+            int i = 0;
+            while(it.hasNext()) {
+            	chain[i] = (X509Certificate)it.next();
+            	i++;
+            }
+            
+            
+            qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+
+            // get signer certificate issuer country code
+            issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
+
+        }
+        
+        responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+      }
+    } else {
+      int i;
+
+      for (i = 0; i < signatories.length; i++) {
+        int sigIndex = signatories[i] - 1;
+
+        try {
+          result =
+            (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
+          
+          String issuerCountryCode = null;
+          // QC/SSCD check
+          List list = result.getCertificateValidationResult().getCertificateChain();
+          if (list != null) {
+              X509Certificate[] chain = new X509Certificate[list.size()];
+              
+              Iterator it = list.iterator();
+              int j = 0;
+              while(it.hasNext()) {
+              	chain[j] = (X509Certificate)it.next();
+              	j++;
+              }
+              
+              
+              qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+              
+              issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); 
+          }
+            
+          responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+        } catch (IndexOutOfBoundsException e) {
+          throw new MOAApplicationException(
+            "2249",
+            new Object[] { new Integer(sigIndex)});
+        }
+      }
+    }
+    
+    return responseBuilder.getResponse();
+  }
+
+ 
+  /**
+   * Get the signed content contained either in the request itself or given as a
+   * reference to external data.
+   * 
+   * @param request The <code>VerifyCMSSignatureRequest</code> containing the
+   * signed content (or the reference to the signed content).
+   * @return InputStream A stream providing the signed content data, or
+   * <code>null</code> if no signed content was provided with the request.
+   * @throws MOAApplicationException An error occurred building the stream.
+   */
+  private InputStream getSignedContent(VerifyCMSSignatureRequest request)
+    throws MOAApplicationException {
+
+	  InputStream is = null;
+    CMSDataObject dataObj;
+    CMSContent content;
+
+    // select the Content element
+    dataObj = request.getDataObject();
+    if (dataObj == null) {
+      return null;
+    }
+    content = dataObj.getContent();
+    
+    // build the content data
+    switch (content.getContentType()) {
+      case CMSContent.EXPLICIT_CONTENT :
+        is = ((CMSContentExcplicit) content).getBinaryContent();
+        is = excludeByteRange(is, request);
+        return is;
+      case CMSContent.REFERENCE_CONTENT :
+        String reference = ((CMSContentReference) content).getReference();
+        if (!"".equals(reference)) {
+          ExternalURIResolver resolver = new ExternalURIResolver();
+          is = resolver.resolve(reference);
+          is = excludeByteRange(is, request);
+          return is;          
+        } else {
+          return null;
+        }
+      default :
+        return null;
+    }
+    
+
+
+  }
+  
+  private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) throws MOAApplicationException {
+	  
+	  int byteRead;
+	  
+	  ByteArrayOutputStream contentOs = new ByteArrayOutputStream();
+	  
+	  CMSDataObject dataobject = request.getDataObject();
+	  BigDecimal from = dataobject.getExcludeByteRangeFrom();
+	  BigDecimal to = dataobject.getExcludeByteRangeTo();
+	  
+	  if ( (from == null) || (to == null))
+		  return contentIs;
+	  
+	  BigDecimal counter = new BigDecimal("0");
+	  BigDecimal one = new BigDecimal("1");
+	  
+	  try {
+		while ((byteRead=contentIs.read()) >= 0) {
+			
+			if (inRange(counter, dataobject)) {
+				  // if byte is in byte range, set byte to 0x00
+				  contentOs.write(0);
+			  }
+			  else
+				  contentOs.write(byteRead);
+			  
+			  counter = counter.add(one);				  
+		}
+		
+		InputStream is = new ByteArrayInputStream(contentOs.toByteArray());
+		
+		return is;
+		
+		
+	} catch (IOException e) {
+		  throw new MOAApplicationException("2301", null, e);			  
+	}
+	  
+  }
+  
+ 
+  private boolean inRange(BigDecimal counter, CMSDataObject dataobject) {
+	  BigDecimal from = dataobject.getExcludeByteRangeFrom();
+	  BigDecimal to = dataobject.getExcludeByteRangeTo();
+	  
+	  if ( (from == null) || (to == null))
+		  return false;
+	  
+	  int compare = counter.compareTo(from);
+	  if (compare == -1)
+		  return false;
+	  else {
+		  compare = counter.compareTo(to);
+		  if (compare == 1)
+			  return false;
+		  else
+			  return true;
+	  }
+				  
+	  
+	  
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java
new file mode 100644
index 0000000..5f459ac
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.cmsverify.CMSSignatureVerificationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * A factory to create a <code>CMSSignatureVerificationProfile</code> from a
+ * <code>VerifyCMSSignatureRequest</code> and the current MOA configuration
+ * data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureVerificationProfileFactory {
+
+  /** The <code>VerifyCMSSignatureRequest</code> to draw profile data from. */  
+  private VerifyCMSSignatureRequest request;
+
+  /**
+   * Create a new <code>CMSSignatureVerificationProfileFactory</code>.
+   *
+   * @param request The <code>VerifyCMSSignatureRequest</code> to draw profile 
+   * data from.
+   */
+  public CMSSignatureVerificationProfileFactory(VerifyCMSSignatureRequest request) {
+    this.request = request;
+  }
+
+  /**
+   * Create a <code>CMSSignatureVerificationProfile</code> from the given
+   * request and the current MOA configuration.
+   * 
+   * @return The <code>CMSSignatureVerificationProfile</code> for the
+   * <code>request</code>, based on the current configuration.
+   * @throws MOAException An error occurred creating the profile.
+   */
+  public CMSSignatureVerificationProfile createProfile()
+    throws MOAException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    CMSSignatureVerificationProfileImpl profile =
+      new CMSSignatureVerificationProfileImpl();
+    String trustProfileID;
+
+    // set the certificate validation profile
+    trustProfileID = request.getTrustProfileId();
+    profile.setCertificateValidationProfile(
+      new PKIProfileImpl(config, trustProfileID));
+
+    return profile;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
new file mode 100644
index 0000000..aa52fe0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+
+/**
+ * A class to build a <code>CreateCMSSignatureResponse</code>.
+ * 
+ * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be
+ * called in any combination to add <code>CMSignature</code> and
+ * <code>ErrorResponse</code> elements to the response. One of these functions
+ * must be called at least once to produce a 
+ * <code>CreateCMSSignatureResponse</code>.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>CreateXMLSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseBuilder {
+
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+  /** The elements to add to the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Get the <code>CreateCMSSignatureResponse</code> built so far.
+   * 
+   * @return The <code>CreateCMSSignatureResponse</code> built so far.
+   */
+  public CreateCMSSignatureResponse getResponse() {
+    return factory.createCreateCMSSignatureResponse(responseElements);
+  }
+
+  /**
+   * Add a <code>SignatureEnvironment</code> element to the response.
+   * 
+   * @param signatureEnvironment The content to put under the
+   * <code>SignatureEnvironment</code> element. This should either be a
+   * <code>dsig:Signature</code> element (in case of a detached signature) or
+   * the signature environment containing the signature (in case of
+   * an enveloping signature).
+   */
+  public void addCMSSignature(String base64value) {
+    CMSSignatureResponse responseElement = 
+      factory.createCMSSignatureResponse(base64value);
+    responseElements.add(responseElement);
+  }
+
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorCode The error code.
+   * @param info Additional information about the error.
+   */
+  public void addError(String errorCode, String info) {
+    ErrorResponse errorResponse = 
+      factory.createErrorResponse(Integer.parseInt(errorCode), info);
+    responseElements.add(errorResponse);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java
new file mode 100644
index 0000000..7a7161d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+
+/**
+ * A class to build a <code>CreateXMLSignatureResponse</code>.
+ * 
+ * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be
+ * called in any combination to add <code>SignatureEnvironment</code> and
+ * <code>ErrorResponse</code> elements to the response. One of these functions
+ * must be called at least once to produce a 
+ * <code>CreateXMLSignatureResponse</code>.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>CreateXMLSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateXMLSignatureResponseBuilder {
+
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+  /** The elements to add to the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Get the <code>CreateXMLSignatureResponse</code> built so far.
+   * 
+   * @return The <code>CreateXMLSignatureResponse</code> built so far.
+   */
+  public CreateXMLSignatureResponse getResponse() {
+    return factory.createCreateXMLSignatureResponse(responseElements);
+  }
+
+  /**
+   * Add a <code>SignatureEnvironment</code> element to the response.
+   * 
+   * @param signatureEnvironment The content to put under the
+   * <code>SignatureEnvironment</code> element. This should either be a
+   * <code>dsig:Signature</code> element (in case of a detached signature) or
+   * the signature environment containing the signature (in case of
+   * an enveloping signature).
+   */
+  public void addSignatureEnvironment(Element signatureEnvironment) {
+    SignatureEnvironmentResponse responseElement = 
+      factory.createSignatureEnvironmentResponse(signatureEnvironment);
+    responseElements.add(responseElement);
+  }
+
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorCode The error code.
+   * @param info Additional information about the error.
+   */
+  public void addError(String errorCode, String info) {
+    ErrorResponse errorResponse = 
+      factory.createErrorResponse(Integer.parseInt(errorCode), info);
+    responseElements.add(errorResponse);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
new file mode 100644
index 0000000..d775fdb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -0,0 +1,1039 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.crypto.Data;
+import javax.xml.crypto.NodeSetData;
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.URIReference;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.xerces.dom.CoreDocumentImpl;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.EntityResolver;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.ContentLocRef;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterBinary;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ByteArrayDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ByteStreamDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.DataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLNodeListDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.EntityResolverChain;
+import at.gv.egovernment.moa.util.MOAErrorHandler;
+import at.gv.egovernment.moa.util.StreamEntityResolver;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.NodeListImplementation;
+import iaik.server.modules.xml.URIReferenceImpl;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.xml.crypto.utils.URIDereferencerImpl;
+
+/**
+ * A class to create <code>DataObject</code>s contained in different
+ * locations of the MOA XML request format.
+ *
+ * @author Patrick Peck
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class DataObjectFactory {
+
+  /**
+   * XPATH for registering ID attributes of known schemas if
+   * validating parsing fails.
+   */
+  private static final String XPATH =
+    "descendant-or-self::node()[" +
+    "namespace-uri()='http://www.w3.org/2000/09/xmldsig#' " +
+    "or namespace-uri()='http://reference.e-government.gv.at/namespace/persondata/20020228#' " +
+    "or starts-with(namespace-uri(), 'http://uri.etsi.org/01903/')" +
+    "]/attribute::Id";
+
+  /** The single instance of this class. */
+  private static DataObjectFactory instance = null;
+
+  /**
+   * Return the only instance of this class.
+   *
+   * @return The only instance of this class.
+   */
+  public static synchronized DataObjectFactory getInstance() {
+    if (instance == null) {
+      instance = new DataObjectFactory();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>DataObjectFactory</code>.
+   *
+   * Protected to disallow multiple instances.
+   */
+  protected DataObjectFactory() {
+  }
+
+  /**
+   * Return the signature environment, i.e., the root element of the
+   * document, into which the signature will be inserted (if created) or which
+   * contains the signature (if verified).
+   *
+   * @param content The <code>Content</code> object containing the signature
+   * environment.
+   * @param supplements Additional schema or DTD information.
+   * @return The signature environment or <code>null</code>, if no
+   * signature environment exists.
+   * @throws MOASystemException A system error occurred building the signature
+   * environment (see message for details).
+   * @throws MOAApplicationException An error occurred building the signature
+   * environment (see message for details).
+   */
+  public XMLDataObject createSignatureEnvironment(
+    Content content,
+    List supplements)
+    throws MOASystemException, MOAApplicationException {
+
+    String reference = content.getReference();
+    EntityResolver entityResolver;
+    byte[] contentBytes;
+
+    // check for content and reference not being set at the same time
+    checkAllowContentAndReference(content, false);
+
+    // build the EntityResolver for validating parsing
+    if ((supplements == null) || supplements.isEmpty()) {
+      entityResolver = new MOASPSSEntityResolver();
+    } else {
+      EntityResolverChain chain = new EntityResolverChain();
+
+      chain.addEntityResolver(buildSupplementEntityResolver(supplements));
+      chain.addEntityResolver(new MOASPSSEntityResolver());
+      entityResolver = chain;
+    }
+
+    // convert the content into a byte array
+    try {
+      switch (content.getContentType()) {
+        case Content.BINARY_CONTENT :
+          {
+            InputStream is = ((ContentBinary) content).getBinaryContent();
+            contentBytes = StreamUtils.readStream(is);
+            break;
+          }
+        case Content.LOCREF_CONTENT:
+          {
+            String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
+            InputStream is = null;
+            try
+            {
+              TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+              is = context.ResolveURI(locRefURI);
+              if (is == null) {
+            	  ExternalURIResolver uriResolver = new ExternalURIResolver();
+        	      is = uriResolver.resolve(locRefURI);
+              }
+              contentBytes = StreamUtils.readStream(is);
+            }
+            catch (MOAApplicationException e)
+            {
+              throw new MOAApplicationException("3203", new Object[]{reference, locRefURI}, e);
+            }
+            finally
+            {
+              closeInputStream(is);
+            }
+            break;
+          }
+        case Content.REFERENCE_CONTENT :
+          {
+            ExternalURIResolver uriResolver = new ExternalURIResolver();
+            InputStream is = null;
+            try
+            {
+              is = uriResolver.resolve(reference);
+              contentBytes = StreamUtils.readStream(is);
+            }
+            catch (Exception e)
+            {
+              throw e;
+            }
+            finally
+            {
+              closeInputStream(is);
+            }
+            break;
+          }
+        case Content.XML_CONTENT :
+          {
+            Element element =
+              checkForSingleElement(((ContentXML) content).getXMLContent());
+            contentBytes = DOMUtils.serializeNode(element, "UTF-8");
+
+            break;
+          }
+        default : {
+          contentBytes = null; // this will not happen
+        }
+      }
+    } catch (MOAApplicationException e) {
+      throw e;
+    } catch (Exception e) {
+      throw new MOAApplicationException("2219", null);
+    }
+
+    if (Logger.isTraceEnabled()) {
+      // For logging in Debug-Mode: Mask baseid with xxx
+      String logString = new String(contentBytes);
+      // TODO use RegExp
+      String startS = "<pr:Identification><pr:Value>";
+      String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+      String logWithMaskedBaseid = logString;
+      int start = logString.indexOf(startS);
+      if (start > -1) {
+        int end = logString.indexOf(endS);
+        if (end > -1) {
+          logWithMaskedBaseid = logString.substring(0, start);
+          logWithMaskedBaseid += startS;
+          logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+          logWithMaskedBaseid += logString.substring(end, logString.length());
+        }
+      }
+
+      // try to parse validating
+      Logger.trace(">>> parsing the following content: \n" + logWithMaskedBaseid);
+    }
+    try {
+      ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
+      Document doc =
+        DOMUtils.parseDocument(
+          is,
+          true,
+          Constants.ALL_SCHEMA_LOCATIONS,
+          null,
+          entityResolver,
+          new MOAErrorHandler());
+      Logger.trace("<<< parsed");
+
+      return new XMLDataObjectImpl(doc.getDocumentElement());
+    } catch (Exception e) {
+      // never mind, we'll try non-validating
+      MessageProvider msg = MessageProvider.getInstance();
+      Logger.info(new LogMsg(msg.getMessage("invoker.00", null)));
+    }
+
+    // try to parse non-validating
+    try {
+      ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
+      Document doc = DOMUtils.parseDocument(is, false, null, null);
+      // Since the parse tree will not contain any post schema validation information,
+      // we need to register any attributes known to be of type xsd:Id manually.
+      NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH);
+      for (int i = 0; i < idAttributes.getLength(); i++) {
+        Node item = idAttributes.item(i);
+        if (item instanceof Attr) {
+          Attr attr = (Attr) item;
+          Element owner = attr.getOwnerElement();
+          // Only available in DOM-Level 3 (Java 1.5):
+          // owner.setIdAttributeNode(attr, true);
+          if (doc instanceof CoreDocumentImpl) {
+            ((CoreDocumentImpl) doc).putIdentifier(attr.getValue(), owner);
+          }
+        }
+      }
+      return new XMLDataObjectImpl(doc.getDocumentElement());
+    } catch (Exception e) {
+      throw new MOAApplicationException("2218", null);
+    }
+  }
+
+  /**
+   * Create an <code>XMLDataObject</code> from the given signature environment.
+   *
+   * @param signatureEnvironment The signature environment contained in the
+   * result.
+   * @param uri The URI identifying the data. This must be either the empty
+   * URI, an URI starting with <code>"#xpointer"</code>, <code>"#xmlns"</code>
+   * or <code>"#element"</code>; or an URI starting with <code>"#"</code> and
+   * followed by an element ID.
+   * @param referenceID The reference ID to set for the data object.
+   * @return A data object containing the signature environment.
+   */
+  public DataObject createFromSignatureEnvironment(
+    Element signatureEnvironment,
+    String uri,
+    String referenceID)
+    throws MOAApplicationException {
+
+    DataObjectImpl dataObject = null;
+
+    if ("".equals(uri)) {
+      dataObject = new XMLDataObjectImpl(signatureEnvironment);
+    } else if (
+      uri.startsWith("#xpointer")
+        || uri.startsWith("#xmlns")
+        || uri.startsWith("#element")) {
+      try {
+    	// CHANGE IXSIL to XSECT
+    	// maybe use   URIDereferencerImpl or XPath ...??
+        //XPointerReferenceResolver resolver = new XPointerReferenceResolver();
+        URIDereferencerImpl uriDereferencer = new URIDereferencerImpl();
+        URIReference uriReference = new URIReferenceImpl(uri, null, signatureEnvironment);
+        Data returnedData = uriDereferencer.dereference(uriReference, null);
+        
+        if(returnedData instanceof NodeSetData) {
+        	NodeSetData nodeSetData = (NodeSetData)returnedData;
+        	Iterator nodesIterator = nodeSetData.iterator();
+        	List nodeList = new ArrayList();
+        	
+        	while(nodesIterator.hasNext()) {
+        		nodeList.add(nodesIterator.next());
+        	}
+        	
+        	NodeList nodes = new NodeListImplementation(nodeList);
+        	dataObject = new XMLNodeListDataObjectImpl(nodes);
+        } else if(returnedData instanceof OctetStreamData) {
+        	OctetStreamData streamData = (OctetStreamData)returnedData;
+        	dataObject = new ByteStreamDataObjectImpl(streamData.getOctetStream());
+        } else {
+        	throw new MOAApplicationException("2237", new Object[] { uri });
+        }
+        
+        //URI uriObj = new URI(uri);
+        //NodeList nodes =
+         // resolver.resolveForest(
+          //  uriObj,
+          //  signatureEnvironment.getOwnerDocument(),
+          //  null);
+        
+      } catch (Exception e) {
+        throw new MOAApplicationException("2237", new Object[] { uri });
+      }
+    } else if (uri.startsWith("#")) {
+      String id = uri.substring(1);
+      Element refElem =
+        signatureEnvironment.getOwnerDocument().getElementById(id);
+
+      if (refElem == null) {
+        throw new MOAApplicationException("2237", new Object[] { id });
+      }
+      dataObject = new XMLDataObjectImpl(refElem);
+    }
+
+    dataObject.setReferenceID(referenceID);
+    dataObject.setURI(uri);
+
+    return dataObject;
+  }
+
+  /**
+   * Build a <code>StreamEntityResolver</code> from a <code>List</code> of
+   * supplements.
+   *
+   * @param supplements The supplements, given as
+   * <code>XMLDataObjectAssociation</code>s.
+   * @return A <code>StreamEntityResolver</code> mapping the supplements by
+   * their reference URI to an <code>InputStream</code> of their respective
+   * content.
+   */
+  private static StreamEntityResolver buildSupplementEntityResolver(List supplements)
+    throws MOAApplicationException
+  {
+    Map entities = new HashMap();
+    Iterator iter;
+
+    for (iter = supplements.iterator(); iter.hasNext();) {
+      XMLDataObjectAssociation supplement =
+        (XMLDataObjectAssociation) iter.next();
+      Content content = supplement.getContent();
+      String reference = content.getReference();
+
+      switch (content.getContentType()) {
+        case Content.BINARY_CONTENT :
+          {
+            entities.put(reference, ((ContentBinary) content).getBinaryContent());
+            break;
+          }
+        case Content.LOCREF_CONTENT:
+          {
+        	String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
+
+            TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+        	if (context.FindResolvedEntity(locRefURI)==null) {
+
+	            ExternalURIResolver uriResolver = new ExternalURIResolver();
+	            InputStream uriStream = null;
+	            byte[] contentBytes;
+	            String contentType = null;
+	            try
+	            {
+	              uriStream = uriResolver.resolve(locRefURI);
+	              contentBytes = StreamUtils.readStream(uriStream);
+	              contentType = uriResolver.getContentType();
+	            }
+	            catch (Exception e)
+	            {
+	              throw new MOAApplicationException("3202", new Object[]{reference, locRefURI}, e);
+	            }
+	            finally
+	            {
+	              closeInputStream(uriStream);
+	            }
+	            context.PutResolvedEntity(locRefURI, contentBytes, contentType);
+        	}
+        	InputStream contentIS = context.ResolveURI(locRefURI);
+        	entities.put(reference, contentIS);
+            break;
+          }
+        case Content.XML_CONTENT :
+          {
+            // serialize the first element node that is found in the supplement
+            // and make it available as a stream
+            NodeList nodes = ((ContentXML) content).getXMLContent();
+            int i = 0;
+
+            // find the first element node
+            while ((i < nodes.getLength())
+              && (nodes.item(i).getNodeType() != Node.ELEMENT_NODE)) {
+              i++;
+            }
+
+            // serialize the node
+            if (i < nodes.getLength()) {
+              try
+              {
+                byte[] serialized = DOMUtils.serializeNode(nodes.item(i), "UTF-8");
+                entities.put(reference, new ByteArrayInputStream(serialized));
+              }
+              catch (Exception e)
+              {
+                throw new MOAApplicationException("2281", new Object[]{reference}, e);
+              }
+            }
+            break;
+          }
+      }
+    }
+
+    return new StreamEntityResolver(entities);
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a <code>Content</code> object.
+   *
+   * @param content The <code>Content</code> object containing the data.
+   * @param finalDataMetaInfo The meta information corresponding with <code>content</code>.
+   * @param referenceID The reference ID to set in the resulting
+   * <code>DataObject</code>. May be <code>null</code>.
+   * @param allowContentAndReference If <code>true</code>, then
+   * <code>content</code> is allowed to contain both a <code>Reference</code>
+   * attribute and content. Otherwise, either a <code>Reference</code>
+   * attribute or content must be set.
+   * @param binaryAsXml If <code>true</code>, a content child given as
+   * <code>Base64Content</code> must contain XML data.
+   * @param xmlAsNodeList If <code>true</code>, the children of a
+   * <code>XMLContent</code> child element are returned as a
+   * <code>XMLNodeListDataObject</code>. Otherwise, <code>XMLContent</code> may
+   * only contain a single child node, which must be an element and which is
+   * returned as an <code>XMLDataObject</code>.
+   * @param referenceAsXml If <code>true</code>, then content loaded from the
+   * URI given as the <code>Reference</code> attribute must be XML data.
+   * If <code>false</code>, an attempt is made to parse the data as XML and
+   * return an <code>XMLDataObject</code> but if this fails, a
+   * <code>BinaryDataObject</code> is returned containing a byte stream to the
+   * data.
+   * @return A <code>DataObject</code> representing the data in
+   * <code>content</code>. If <code>base64AsXml==true</code> and
+   * <code>xmlAsNodeList==false</code> and <code>referenceAsXml==true</code>,
+   * then the result can safely be cast to an <code>XMLDataObject</code>.
+   * @throws MOASystemException An error indicating an internal problem. See the
+   * wrapped exception for details.
+   * @throws MOAApplicationException An error occurred handling the content
+   * (probably while opening a reference or parsing the data). See the wrapped
+   * exception for details.
+   */
+  public DataObject createFromContentOptionalRefType(
+    Content content,
+    MetaInfo finalDataMetaInfo,
+    String referenceID,
+    boolean allowContentAndReference,
+    boolean binaryAsXml,
+    boolean xmlAsNodeList,
+    boolean referenceAsXml)
+    throws MOASystemException, MOAApplicationException {
+
+    String reference = content.getReference();
+    DataObjectImpl dataObject = null;
+
+    checkAllowContentAndReference(content, allowContentAndReference);
+
+    // ok, build the data object; use content first, if available
+    switch (content.getContentType())
+    {
+      case Content.XML_CONTENT :
+      {
+        ContentXML contentXml = (ContentXML) content;
+        dataObject = createFromXmlContent(contentXml, xmlAsNodeList);
+        break;
+      }
+      case Content.BINARY_CONTENT :
+      {
+        ContentBinary contentBinary = (ContentBinary) content;
+        dataObject = createFromBinaryContent(contentBinary, binaryAsXml, false);
+        break;
+      }
+      case Content.LOCREF_CONTENT :
+      {
+        String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
+        try
+        {
+          dataObject = createFromURIImpl(locRefURI, referenceAsXml);
+        }
+        catch (MOAApplicationException e)
+        {
+          throw new MOAApplicationException("3201", new Object[]{reference, locRefURI}, e);
+        }
+        break;
+      }
+      case Content.REFERENCE_CONTENT :
+      {
+        dataObject = createFromURIImpl(reference, referenceAsXml);
+        break;
+      }
+    }
+
+    // set URI and reference ID
+    dataObject.setURI(reference);
+    dataObject.setReferenceID(referenceID);
+
+    // set Type gathered from corresponding meta information
+    dataObject.setTypeURI(finalDataMetaInfo.getType());
+
+    return dataObject;
+  }
+
+  /**
+   * Check, if content and reference URIs are allowed in the content an throw
+   * an exception if an illegal combination of the two occurs.
+   *
+   * @param content The <code>Content</code> to check.
+   * @param allowContentAndReference Whether explicit content and a reference
+   * are allowed at the same time.
+   * @throws MOAApplicationException If <code>allowContentAndRefernece</code>
+   * is <code>false</code> and both explicit content and reference are set,
+   * an exception is thrown.
+   */
+  private static void checkAllowContentAndReference(
+    Content content,
+    boolean allowContentAndReference)
+    throws MOAApplicationException {
+    String reference = content.getReference();
+
+    // check for content and reference not being set
+    if ((content.getContentType() == Content.REFERENCE_CONTENT)
+      && (reference == null)) {
+      String errorCode = allowContentAndReference ? "1111" : "1110";
+      throw new MOAApplicationException(errorCode, null);
+    }
+
+    // if we only allow either content or reference being set at once, check
+    if (!allowContentAndReference
+      && (content.getContentType() != Content.REFERENCE_CONTENT)
+      && (reference != null)) {
+      throw new MOAApplicationException("1110", null);
+    }
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a
+   * <code>XMLDataObjectAssociation</code> object.
+   *
+   * @param xmlDataObjAssoc The <code>XMLDataObjectAssociation</code> object.
+   * @param xmlContentAllowed Whether the content contained in the
+   * <code>xmlDataObjAssoc</code> is allowed to be of type
+   * <code>XML_CONTENT</code>.
+   * @param binaryContentRepeatable If binary content must be provided as a
+   * <code>DataObject</code> that can be read multiple times.
+   * @return A <code>DataObject</code> representing the data in
+   * <code>xmlDataObjAssoc</code>.
+   * @throws MOASystemException An error indicating an internal problem. See the
+   * wrapped exception for details.
+   * @throws MOAApplicationException An error occurred handling the content
+   * (probably while parsing the data). See the wrapped exception for details.
+   */
+  public DataObject createFromXmlDataObjectAssociation(
+    XMLDataObjectAssociation xmlDataObjAssoc,
+    boolean xmlContentAllowed,
+    boolean binaryContentRepeatable)
+    throws MOASystemException, MOAApplicationException {
+
+    Content content = xmlDataObjAssoc.getContent();
+    MetaInfo metaInfo = xmlDataObjAssoc.getMetaInfo();
+    String mimeType = metaInfo != null ? metaInfo.getMimeType() : null;
+    DataObjectImpl dataObject = null;
+
+    switch (content.getContentType())
+    {
+      case Content.XML_CONTENT :
+      {
+        if (xmlContentAllowed)
+        {
+          dataObject = createFromXmlContent((ContentXML) content, true);
+        }
+        else
+        {
+          throw new MOAApplicationException("2280", null);
+        }
+        break;
+      }
+      case Content.BINARY_CONTENT :
+      {
+        dataObject = createFromBinaryContent(
+          (ContentBinary) content,
+          false,
+          binaryContentRepeatable);
+        break;
+      }
+      case Content.LOCREF_CONTENT :
+      {
+        String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
+        try
+        {
+          dataObject = createFromURIImpl(locRefURI, false);
+        }
+        catch (MOAApplicationException e)
+        {
+          throw new MOAApplicationException("3201", new Object[]{content.getReference(), locRefURI}, e);
+        }
+        break;
+      }
+    }
+
+    dataObject.setURI(content.getReference());
+    dataObject.setMimeType(mimeType);
+    return dataObject;
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a <code>TransformParameter</code>
+   * object.
+   *
+   * @param transformParameter The <code>TransformParameter</code> object
+   * containing the data.
+   * @return A <code>DataObject</code> representing the data in
+   * <code>root</code>.
+   * @throws MOASystemException An error indicating an internal problem. See the
+   * wrapped exception for details.
+   * @throws MOAApplicationException An error occurred handling the content
+   * (probably while opening a reference or parsing the data). See the wrapped
+   * exception for details.
+   */
+  public DataObject createFromTransformParameter(TransformParameter transformParameter)
+    throws MOASystemException, MOAApplicationException {
+
+    DataObjectImpl dataObject;
+
+    switch (transformParameter.getTransformParameterType()) {
+      case TransformParameter.BINARY_TRANSFORMPARAMETER :
+        TransformParameterBinary tpBinary =
+          (TransformParameterBinary) transformParameter;
+
+        try {
+          //dataObject = new ByteArrayDataObjectImpl(Base64Utils.encode(tpBinary.getBinaryContent()));
+          dataObject =
+            new ByteArrayDataObjectImpl(
+              StreamUtils.readStream(tpBinary.getBinaryContent()));
+        } catch (Exception e) {
+          return null;
+        }
+        //dataObject = new ByteStreamDataObjectImpl(tpBinary.getBinaryContent());
+        break;
+      default :
+        // resolve uri and build the content
+        ExternalURIResolver resolver = new ExternalURIResolver();
+        InputStream is = resolver.resolve(transformParameter.getURI());
+        ByteArrayInputStream bis;
+        try
+        {
+          bis = new ByteArrayInputStream(StreamUtils.readStream(is));
+        }
+        catch (IOException e)
+        {
+          throw new MOAApplicationException("2238", new Object[] {transformParameter.getURI()}, e);
+        }
+        finally
+        {
+          closeInputStream(is);
+        }
+        String contentType = resolver.getContentType();
+        dataObject = new ByteStreamDataObjectImpl(bis);
+        dataObject.setMimeType(contentType);
+        break;
+    }
+
+    dataObject.setURI(transformParameter.getURI());
+
+    return dataObject;
+  }
+
+  /**
+   * Create a <code>DataObject</code> from data located at the given URI.
+   *
+   * @param uri The <code>URI</code> where the data is located. This method uses
+   * an <code>ExternalURIResolver</code> to resolve URIs.
+   * @param asXml If <code>true</code>, a <code>DataObject</code> is only
+   * returned, if the content consists of XML data. If it does not consist of
+   * XML data, an <code>MOAApplicationException</code> will be thrown. If this
+   * parameter is <code>false</code> and the content consists of XML data, this
+   * method will still attempt to parse it.
+   * @return The <code>DataObject</code> contained at the URI.
+   * @throws MOASystemException A system error parsing the XML content.
+   * @throws MOAApplicationException An error occurred on opening, reading or
+   * parsing the data behind the URI.
+   */
+  public DataObject createFromURI(String uri, boolean asXml)
+    throws MOASystemException, MOAApplicationException {
+    return createFromURIImpl(uri, asXml);
+  }
+
+  /**
+   * Create a <code>DataObject</code> from data located at the given URI.
+   *
+   * @param uri The <code>URI</code> where the data is located. This method uses
+   * an <code>ExternalURIResolver</code> to resolve URIs.
+   * @param asXml If <code>true</code>, a <code>DataObject</code> is only
+   * returned, if the content consists of XML data. If it does not consist of
+   * XML data, an <code>MOAApplicationException</code> will be thrown. If this
+   * parameter is <code>false</code> and the content type is detected as being
+   * XML data, this method will still attemt to parse it.
+   * @return The <code>DataObject</code> contained at the URI.
+   * @throws MOASystemException A system error parsing the XML content.
+   * @throws MOAApplicationException An error occurred on opening, reading or
+   * parsing the data behind the URI.
+   */
+  private DataObjectImpl createFromURIImpl(String uri, boolean asXml)
+    throws MOASystemException, MOAApplicationException {
+
+    Logger.trace(">>> resolving uri \"" + uri + "\"");
+
+    ExternalURIResolver resolver = new ExternalURIResolver();
+
+    TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+    InputStream is = context.ResolveURI(uri);
+    String contentType = null;
+    boolean foundURI = false;
+    if (is == null) {
+        is = resolver.resolve(uri);
+        contentType = resolver.getContentType();
+    } else {
+    	foundURI = true;
+     	contentType = (String) context.FindResolvedEntity(uri).get(1);
+     	Logger.trace("found \"" + uri + "\" InputStream in preread Supplements!, do not read any more. Content=" + contentType);
+    }
+
+    DataObjectImpl dataObject;
+
+    // read the content
+    if ((contentType != null) && contentTypeIsXml(contentType)) {
+      Document doc;
+
+      if (asXml) {
+        try {
+          // try parsing non-validating: this has to succeed or we
+          // bail out by throwing an exception
+          is = resolver.resolve(uri);
+          doc = DOMUtils.parseDocument(is, false, null, null);
+          dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
+        } catch (ParserConfigurationException e) {
+          throw new MOASystemException("1106", null, e);
+        } catch (SAXException e) {
+          throw new MOAApplicationException("2209", null, e);
+        } catch (IOException e) {
+          throw new MOAApplicationException("2210", null, e);
+        }
+        finally
+        {
+          closeInputStream(is);
+        }
+      } else {
+        try {
+          // try parsing non-validating: need not succeed
+          is = resolver.resolve(uri);
+          doc = DOMUtils.parseDocument(is, false, null, null);
+          closeInputStream(is);
+          dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
+        } catch (Exception e) {
+          // this is the last chance: return the data as a byte stream
+          Logger.trace(">>> reading stream for \"" + uri + "\"");
+          is = resolver.resolve(uri);
+          ByteArrayInputStream bis;
+          try
+          {
+            bis = new ByteArrayInputStream(StreamUtils.readStream(is));
+            dataObject = new ByteStreamDataObjectImpl(bis);
+          }
+          catch (IOException e1)
+          {
+            throw new MOAApplicationException("2210", new Object[] { uri }, e1);
+          }
+          finally
+          {
+            closeInputStream(is);
+          }
+          Logger.trace(">>> read stream for \"" + uri + "\"");
+        }
+      }
+    }
+
+    else if (asXml)
+    {
+      // if we need XML data, we're in the wrong place here
+      closeInputStream(is);
+      throw new MOAApplicationException("2211", new Object[] { uri });
+    }
+    else
+    {
+      // content is binary: make it available as a binary input stream
+      Logger.trace(">>> getting binary input for \"" + uri + "\"");
+      byte[] contentBytes;
+      ByteArrayInputStream bis;
+      try
+      {
+          contentBytes = StreamUtils.readStream(is);
+          bis = new ByteArrayInputStream(contentBytes);
+      }
+      catch (IOException e)
+      {
+        throw new MOAApplicationException("2210", null, e);
+      }
+      finally
+      {
+        closeInputStream(is);
+      }
+	  if (!foundURI) {
+		context.PutResolvedEntity(uri, contentBytes, contentType);
+	  }
+      dataObject = new ByteStreamDataObjectImpl(bis);
+      Logger.trace("<<< got binary input for \"" + uri + "\"");
+    }
+
+    dataObject.setMimeType(contentType);
+    dataObject.setURI(uri);
+
+    Logger.trace("<<< resolved uri \"" + uri + "\"");
+
+    return dataObject;
+  }
+
+  /**
+   * Savely closes the specified input stream.
+   *
+   * @param is The input stream to be closed.
+   */
+  private static void closeInputStream(InputStream is)
+  {
+    try
+    {
+      if (is != null) {
+        is.close();
+      }
+    }
+    catch (Throwable t)
+    {
+      // Intentionally do nothing here
+    }
+  }
+
+  /**
+   * Determine whether the content type is XML.
+   *
+   * Content types recognized as XML start with <code>text/xml</code> and
+   * <code>application/xml</code>.
+   *
+   * @param contentType The content MIME type.
+   * @return boolean If <code>true</code>, the content type is XML, otherwise
+   * not.
+   */
+  private static boolean contentTypeIsXml(String contentType) {
+    return contentType.startsWith("text/xml")
+      || (contentType.startsWith("application/xml"));
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a <code>ContentXML</code> object.
+   *
+   * @param xmlContent The <code>ContentXML</code> object from
+   * which the <code>DataObject</code> is to be built.
+   * @param xmlAsNodeList If <code>true</code>, the children of
+   * <code>xmlContent</code> are returned as a
+   * <code>XMLNodeListDataObject</code>. Otherwise,
+   * <code>xmlContent</code> may only contain a single child node, which must be
+   * an element and which is returned as an <code>XMLDataObject</code>.
+   * @return A <code>DataObject</code> representing the XML content in
+   * <code>xmlContent</code>.
+   * @throws MOAApplicationException If <code>xmlAsNodeList</code> is
+   * <code>false</code> and <code>xmlContent</code> does not have a single child
+   * element.
+   */
+  private DataObjectImpl createFromXmlContent(
+    ContentXML xmlContent,
+    boolean xmlAsNodeList)
+    throws MOAApplicationException {
+
+    DataObjectImpl dataObject;
+
+    if (xmlAsNodeList) {
+      dataObject = new XMLNodeListDataObjectImpl(xmlContent.getXMLContent());
+    } else {
+      NodeList nodes = xmlContent.getXMLContent();
+      Element element = checkForSingleElement(nodes);
+
+      // build the XMLDataObject
+      dataObject = new XMLDataObjectImpl(element);
+    }
+    return dataObject;
+  }
+
+  /**
+   * Check, that the given <code>NodeList</code> contains a single DOM element
+   * node and return it, otherwise throw an exception.
+   *
+   * @param nodes The <code>NodeList</code> to check for a single element.
+   * @return The single element contained in <code>nodes</code>.
+   * @throws MOAApplicationException Thrown, if <code>nodes</code> does not
+   * contain exactly 1 element node.
+   */
+  private Element checkForSingleElement(NodeList nodes)
+    throws MOAApplicationException {
+
+    Element element = null;
+    int i;
+
+    // check for a single element node
+    for (i = 0; i < nodes.getLength(); i++) {
+      if (nodes.item(i).getNodeType() == Node.ELEMENT_NODE) {
+        if (element == null) {
+          element = (Element) nodes.item(i);
+        } else {
+          throw new MOAApplicationException("1109", null);
+        }
+      }
+    }
+
+    // return the element node
+    if (element == null) {
+      throw new MOAApplicationException("1107", null);
+    } else {
+      return element;
+    }
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a <code>ContentBinary</code> object.
+   *
+   * @param binaryContent The <code>ContentBinary</code> object containing the
+   * data.
+   * @param asXml If <code>true</code>, <code>binaryContent</code> must
+   * contain XML data. Otherwise, a <code>BinaryDataObject</code> will be
+   * returned containing a byte stream to the decoded Base64 data.
+   * @param repeatable If multiple calls to <code>getInputStream()</code> must
+   * repeatedly return the content of the data object.
+   * @return A <code>DataObject</code> representing the content contained in
+   * <code>binaryContent</code>.
+   * @throws MOASystemException An error indicating an internal problem. See the
+   * wrapped exception for details.
+   * @throws MOAApplicationException An error occurred handling the content
+   * (probably while parsing the data). See the wrapped exception for details.
+   */
+  private DataObjectImpl createFromBinaryContent(
+    ContentBinary binaryContent,
+    boolean asXml,
+    boolean repeatable)
+    throws MOASystemException, MOAApplicationException {
+
+    InputStream byteStream = binaryContent.getBinaryContent();
+    DataObjectImpl dataObject;
+
+    if (asXml) {
+      Document doc;
+
+      try {
+        doc = DOMUtils.parseDocument(byteStream, false, null, null);
+        dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
+      } catch (ParserConfigurationException e) {
+        throw new MOASystemException("1106", null, e);
+      } catch (SAXException e) {
+        throw new MOAApplicationException("2209", null, e);
+      } catch (IOException e) {
+        throw new MOAApplicationException("2210", null, e);
+      }
+    } else {
+      if (repeatable) {
+        try {
+          dataObject =
+            new ByteArrayDataObjectImpl(StreamUtils.readStream(byteStream));
+        } catch (IOException e) {
+          throw new MOAApplicationException("2210", null);
+        }
+      } else {
+        dataObject = new ByteStreamDataObjectImpl(byteStream);
+      }
+    }
+
+    return dataObject;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
new file mode 100644
index 0000000..933d058
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLConnection;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.ExternalURIVerifier;
+
+/**
+ * Resolve external URIs and provide them as a stream.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ExternalURIResolver {
+
+  /** The MIME type of the content currently resolved. */
+  private String contentType;
+
+  /**
+   * Return a stream to data at the given URI.
+   * 
+   * This method will try to open an <code>URLConnection</code> to the given
+   * URI. Access to the file system is disallowed.
+   * 
+   * @param uriStr The URI to resolve.
+   * @return InputStream The data contained at the URI.
+   * @throws MOAApplicationException An error occurred resolving the URI (e.g.,
+   * the URI is syntactically incorrect or the stream could not be opened).
+   */
+  public InputStream resolve(String uriStr) throws MOAApplicationException {
+    URI uri;
+    URL url;
+    URLConnection connection;
+    InputStream is;
+
+    // build the URI
+    try {
+      uri = new URI(uriStr);
+    } catch (URIException e) {
+      throw new MOAApplicationException("2207", new Object[] { uriStr });
+    }
+
+    // disallow access to local file system
+    if ("".equals(uri.getScheme()) || "file".equals(uri.getScheme())) {
+      throw new MOAApplicationException("2213", new Object[] { uriStr });
+    }
+
+    // if we have local content (SOAP with attachments)
+    if ("formdata".equals(uri.getScheme())) {
+      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+      if (context==null) {
+        //no transaction
+        throw new MOAApplicationException("2282", new Object[] { uri });
+      } else {
+        InputStream attachmentIs = context.getAttachmentInputStream(uri);
+        if (attachmentIs != null) {
+          setContentType(context.getAttachmentContentType(uri.getPath()));
+          return attachmentIs;
+        } else {
+          //maybe attachments provided but no suiting attachment found
+          throw new MOAApplicationException("2282", new Object[] { uri });
+        }
+      } 
+    } 
+    
+    // convert URI to URL
+    try {
+      // create the URL
+      url = new URL(uriStr);
+      //System.out.println("ExternalURIResolver: " + url);
+      ExternalURIVerifier.verify(url.getHost(), url.getPort());
+      
+    } catch (MalformedURLException e) {
+      throw new MOAApplicationException("2214", new Object[] { uriStr });
+    }
+
+    // build the URLConnection
+    try {
+      connection = url.openConnection();
+      if ("http".equals(url.getProtocol())) {
+        HttpURLConnection httpConnection = (HttpURLConnection) connection;
+        // disallow redirects
+        httpConnection.setInstanceFollowRedirects(false);
+
+        httpConnection.connect();
+        if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) {
+          throw new MOAApplicationException("2208", new Object[] { uri });
+        }
+      } else if ("https".equals(url.getProtocol())) {
+        /* 
+         * this doesn't work because of some interaction between the IAIK
+         * JCE and Sun JSSE that results in an "Invalid AVA format" exception
+         */
+
+        /*
+        HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
+        InputStream trustStore =
+          getClass().getResourceAsStream(DEFAULT_TRUST_STORE);
+        SSLSocketFactory factory =
+          SSLUtils.getSSLSocketFactory("jks", trustStore, "changeit");
+        httpsConnection.setSSLSocketFactory(factory);
+        httpsConnection.connect();
+        if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) {
+          throw new MOAApplicationException("2208", new Object[] { uri });
+        }
+        */
+        connection.connect();
+      } else {
+        connection.connect();
+      }
+      is = connection.getInputStream();
+    } catch (IOException e) {
+      throw new MOAApplicationException("2208", new Object[] { uri }, e);
+    } /*catch (GeneralSecurityException e) {
+         throw new MOAApplicationException("2208", new Object[] { uri }, e);
+       }*/
+
+    // set the content type
+    setContentType(connection.getContentType());
+
+    return is;
+  }
+
+  /**
+   * Set the content type of the data at the URI.
+   * 
+   * @param contentType The content type to set.
+   */
+  protected void setContentType(String contentType) {
+    this.contentType = contentType;
+  }
+
+  /**
+   * Return the content type of the data detected at the URI from the previous
+   * call of <code>resolve()</code>.
+   * 
+   * @return String The content type.
+   */
+  public String getContentType() {
+    return contentType;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
new file mode 100644
index 0000000..1136ff2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
@@ -0,0 +1,318 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+
+import java.lang.reflect.Constructor;
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+
+
+/**
+ * Map an exception from the <code>iaik</code> namespace to a
+ * <code>MOAException</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikExceptionMapper {
+
+  /** The argument classes for <code>MOAException</code>s. */
+  private static final Class[] CONSTRUCTOR_ARGS =
+    new Class[] { String.class, Object[].class, Throwable.class };
+  /** The exception mapping, as an array. */
+  private static final Object[][] MESSAGES =
+    {
+      { iaik.server.modules.IAIKException.class, "9900", MOASystemException.class },
+      { iaik.server.modules.IAIKRuntimeException.class, "9901", MOASystemException.class },
+      { iaik.server.modules.xmlsign.XMLSignatureCreationException.class, "2220", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.XMLSignatureCreationRuntimeException.class, "2220", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.InvalidKeyException.class, "2221", MOAApplicationException.class }, 
+      { iaik.server.modules.xmlsign.ManifestException.class, "2222", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.ReferenceException.class, "2223", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.HashUnavailableException.class, "2224", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignatureAlgorithmException.class, "2225", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignatureEmbeddingException.class, "2226", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignatureValueException.class, "2227", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignedPropertyException.class, "2228", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignerCertificateUnavailableException.class, "2229", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SupplementException.class, "2230", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.TransformationException.class, "2233", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.CMSSignatureVerificationException.class, "2240", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2240", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.AlgorithmNotSupportedException.class, "2241", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.CMSSignatureParsingException.class, "2242", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.SignerCertificateUnavailableException.class, "2243", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2247", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.InitException.class, "2248", MOAApplicationException.class }, 
+      { iaik.server.modules.xmlverify.XMLSignatureVerificationException.class, "2240", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.XMLSignatureVerificationRuntimeException.class, "2240", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.AlgorithmNotSupportedException.class, "2241", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.ManifestException.class, "2262", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.PropertiesException.class, "2263", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.ReferenceException.class, "2264", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.HashUnavailableException.class, "2224", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.SignerCertificateUnavailableException.class, "2243", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.SupplementException.class, "2230", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.TransformationException.class, "2265", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.TransformationParsingException.class, "2269", MOAApplicationException.class },
+      { iaik.xml.crypto.tsl.ex.TSLEngineDiedException.class, "2290", MOAApplicationException.class },
+      { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class } ,
+      { iaik.server.modules.cmssign.CMSSignatureCreationException.class, "2300", MOAApplicationException.class } ,
+      
+      
+  };
+  
+  /** The single instance of this class. */
+  private static IaikExceptionMapper instance;
+  /** The exception mapping, as a <code>Map</code> for fast lookup. */
+  private Map messages = new HashMap();
+
+  /**
+   * Get the single instance of this class.
+   * 
+   * @return The single instance of this class.
+   */
+  public static synchronized IaikExceptionMapper getInstance() {
+    if (instance == null) {
+      instance = new IaikExceptionMapper();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>IaikExceptionMapper</code>.
+   * 
+   * Protected to disallow multple instances.
+   */
+  protected IaikExceptionMapper() {
+    registerMessages();
+  }
+
+  /**
+   * Build the complete <code>IAIKException</code> to message code mapping.
+   */
+  protected void registerMessages() {
+    int i;
+
+    for (i = 0; i < MESSAGES.length; i++) {
+      registerMessage(
+        (Class) MESSAGES[i][0],
+        (String) MESSAGES[i][1],
+        (Class) MESSAGES[i][2]);
+    }
+  }
+
+  /**
+   * Register a single <code>IAIKException</code> to message mapping.
+   * 
+   * @param iaikExceptionClass An exception from the <code>iaik</code> package. 
+   * @param messageId The corresponding error message id.
+   * @param moaExceptionClass The type of <code>MOAException</code> that the
+   * <code>IAIKException</code> is mapped to (usually
+   * <code>MOAApplicationException</code> or <code>MOASystemException</code>).
+   */
+  protected void registerMessage(
+    Class iaikExceptionClass,
+    String messageId,
+    Class moaExceptionClass) {
+
+    messages.put(
+      iaikExceptionClass,
+      new ExceptionMappingInfo(messageId, moaExceptionClass));
+  }
+
+  /**
+   * Map an <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> to a <code>MOAException</code>.
+   * 
+   * @param tslSearchException The <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> to map. 
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKException</code>.
+   */
+  public MOAException map(iaik.xml.crypto.tsl.ex.TSLSearchException tslSearchException) {
+    return mapImpl(tslSearchException);
+  }
+
+  /**
+   * Map an <code>iaik.xml.crypto.tsl.ex.TSLEngineDiedException</code> to a <code>MOAException</code>.
+   * 
+   * @param tslEngineDiedException The <code>iaik.xml.crypto.tsl.ex.TSLEngineDiedException</code> to map. 
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKException</code>.
+   */
+  public MOAException map(iaik.xml.crypto.tsl.ex.TSLEngineDiedException tslEngineDiedException) {
+    return mapImpl(tslEngineDiedException);
+  }
+  
+  /**
+   * Map an <code>IAIKException</code> to a <code>MOAException</code>.
+   * 
+   * @param iaikException The <code>IAIKException</code> to map. 
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKException</code>.
+   */
+  public MOAException map(IAIKException iaikException) {
+    return mapImpl(iaikException);
+  }
+  
+  /**
+   * Map an <code>IAIKRuntimeException</code> to a <code>MOAException</code>.
+   * 
+   * @param iaikException The <code>IAIKException</code> to map. 
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKRuntimeException</code>.
+   */
+  public MOAException map(IAIKRuntimeException iaikException) {
+    return mapImpl(iaikException);
+  }
+
+  /**
+   * Map an <code>IAIKException</code> or <code>IAIKRuntimeException</code> to a
+   * <code>MOAException</code>.
+   * 
+   * @param iaikException The <code>IAIKException</code> or
+   * <code>IAIKRuntimeException</code> to map.
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKRuntimeException</code>.
+   */
+  private MOAException mapImpl(Exception iaikException) {
+    MOAException moaException = createMoaException(iaikException);
+
+    if (moaException == null) {
+      return new MOASystemException("9999", null, iaikException);
+    }
+    return moaException;
+  }
+
+  /**
+   * Create a <code>MOAException</code> from a given <code>IAIKException</code>
+   * by looking it up in the mapping.
+   * 
+   * @param iaikException The <code>IAIKException</code> to map.
+   * @return A <code>MOAException</code> with an error code corresponding to
+   * the given <code>IAIKException</code>. Returns <code>null</code>, if no
+   * mapping could be found.
+   */
+  protected MOAException createMoaException(Exception iaikException) {
+    ExceptionMappingInfo info = lookupMessage(iaikException.getClass());
+    Constructor constructor;
+
+    if (info == null) {
+      return null;
+    }
+
+    // instantiate the proper MOAException and return it
+    try {
+      constructor =
+        info.getMoaExceptionClass().getConstructor(CONSTRUCTOR_ARGS);
+      return (MOAException) constructor.newInstance(
+        new Object[] {
+          info.getMessageId(),
+          new Object[] { iaikException.getMessage()},
+          iaikException });
+    } catch (Exception e) {
+      return null;
+    }
+  }
+
+  /**
+   * Recursively look up the message associated with an
+   * <code>IAIKException</code>.
+   * 
+   * This method walks up the exception inheritance hierarchy until it finds a
+   * mapping.
+   * 
+   * @param iaikExceptionClass The <code>IAIKException</code> to look up.
+   * @return Information about the message id and
+   * <code>MOAException</code> class that the <code>iaikExceptionClass</code>
+   * maps to. If no mapping could be found, <code>null</code> is returned.
+   */
+  protected ExceptionMappingInfo lookupMessage(Class iaikExceptionClass) {
+    ExceptionMappingInfo info;
+
+    // break if 
+    if (iaikExceptionClass.equals(Exception.class)) {
+      return null;
+    }
+
+    // look up the exception class
+    info = (ExceptionMappingInfo) messages.get(iaikExceptionClass);
+    if (info == null) {
+      return lookupMessage(iaikExceptionClass.getSuperclass());
+    }
+    return info;
+  }
+
+}
+
+/**
+ * A class containing a mapping from an error message ID to a
+ * <code>MOAException</code> class.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+class ExceptionMappingInfo {
+  /** The message ID. */
+  private String messageId;
+  /** The <code>MOAException</code> class. */
+  private Class moaExceptionClass;
+
+  /**
+   * Create a new <code>ExceptionMappingInfo</code>.
+   * 
+   * @param messageId The message ID.
+   * @param moaExceptionClass The <code>MOAException</code> class. 
+   */
+  public ExceptionMappingInfo(String messageId, Class moaExceptionClass) {
+    this.messageId = messageId;
+    this.moaExceptionClass = moaExceptionClass;
+  }
+
+  /**
+   * Return the message ID.
+   * 
+   * @return The message ID.
+   */
+  public String getMessageId() {
+    return messageId;
+  }
+
+  /**
+   * Returns the <code>MOAException</code> class that the message ID maps to.
+   * 
+   * @return The <code>MOAException</code> class.
+   */
+  public Class getMoaExceptionClass() {
+    return moaExceptionClass;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java
new file mode 100644
index 0000000..0bca8ae
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.util.XPathException;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.ElementSelector;
+
+/**
+ * Utility methods for invoking the IAIK MOA modules.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class InvokerUtils {
+
+  /**
+   * Select the signature parent element.
+   * 
+   * @param root The root DOM element which contains the signature parent
+   * element somewhere in its subtree.
+   * @param location The <code>ElementSelector</code> containing the XPath 
+   * expression to select the signature parent element from the document. 
+   * It is also contains the namespace prefix to URI mapping.
+   * @return Element The signature parent element.
+   * @throws MOAApplicationException An error occurred evaluating the
+   * <code>location</code>.
+   */
+  public static Element evaluateSignatureLocation(
+    Element root,
+    ElementSelector location)
+    throws MOAApplicationException {
+
+    NodeList nodes;
+
+    try {
+      nodes =
+        XPathUtils.selectNodeList(
+          root,
+          location.getNamespaceDeclarations(),
+          location.getXPathExpression());
+    } catch (XPathException e) {
+      throw new MOAApplicationException(
+        "2212",
+        new Object[] { location.getXPathExpression()},
+        e);
+    }
+
+    if (nodes.getLength() != 1
+      || !(nodes.item(0).getNodeType() == Node.ELEMENT_NODE)) {
+      throw new MOAApplicationException(
+        "2212",
+        new Object[] { location.getXPathExpression()});
+    }
+    return (Element) nodes.item(0);
+  }
+
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java
new file mode 100644
index 0000000..c6eaa4f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java
@@ -0,0 +1,273 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.xmlbind.ProfileParser;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileID;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileID;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileID;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileID;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * Map ProfileID objects to their explicit represantation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ProfileMapper {
+
+  /** The parser to parse the profiles. */
+  private static ProfileParser profileParser = new ProfileParser();
+
+  /**
+   * Map a <code>CreateTransformsInfoProfile</code> to a 
+   * <code>CreateTransformsInfoProfileExplicit</code>.
+   * 
+   * @param profile The profile object to map.
+   * @param config The MOA configuration to use for looking up the profile.
+   * @return <code>profile</code>, if the given profile is of type
+   * <code>EXPLICIT_CREATETRANSFORMSINFOPROFILE</code>, otherwise the profile
+   * that is looked up and parsed from the configuration. 
+   * @throws MOAApplicationException An error occurred parsing the profile.
+   */
+  public static CreateTransformsInfoProfileExplicit mapCreateTransformsInfoProfile(
+    CreateTransformsInfoProfile profile,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    switch (profile.getCreateTransformsInfoProfileType()) {
+      case CreateTransformsInfoProfile.EXPLICIT_CREATETRANSFORMSINFOPROFILE :
+        return (CreateTransformsInfoProfileExplicit) profile;
+
+      case CreateTransformsInfoProfile.ID_CREATETRANSFORMSINFOPROFILE :
+        CreateTransformsInfoProfileID profileIdObj =
+          (CreateTransformsInfoProfileID) profile;
+        String profileID = profileIdObj.getCreateTransformsInfoProfileID();
+        Element profileElem = config.getCreateTransformsInfoProfile(profileID);
+
+        if (profileElem == null) {
+          throw new MOAApplicationException("2234", new Object[] { profileID });
+        }
+
+        return (
+          CreateTransformsInfoProfileExplicit) profileParser
+            .parseCreateTransformsInfoProfile(
+          profileElem);
+    }
+    return null; // this will not happen
+  }
+
+  /**
+   * Map a <code>CreateSignatureEnvironmentProfile</code> to a 
+   * <code>CreateSignatureEnvironmentProfileExplicit</code>.
+   * 
+   * @param profile The profile object to map.
+   * @param config The MOA configuration to use for looking up the profile.
+   * @return <code>profile</code>, if the given profile is of type
+   * <code>EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE</code>, otherwise the 
+   * profile that is looked up and parsed from the configuration. 
+   * @throws MOAApplicationException An error occurred parsing the profile.
+   */
+  public static CreateSignatureEnvironmentProfileExplicit mapCreateSignatureEnvironmentProfile(
+    CreateSignatureEnvironmentProfile profile,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    switch (profile.getCreateSignatureEnvironmentProfileType()) {
+      case CreateSignatureEnvironmentProfile
+        .EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE :
+
+        return (CreateSignatureEnvironmentProfileExplicit) profile;
+
+      case CreateSignatureEnvironmentProfile
+        .ID_CREATESIGNATUREENVIRONMENTPROFILE :
+
+        CreateSignatureEnvironmentProfileID profileIdObj =
+          (CreateSignatureEnvironmentProfileID) profile;
+        String profileID =
+          profileIdObj.getCreateSignatureEnvironmentProfileID();
+        Element profileElem =
+          config.getCreateSignatureEnvironmentProfile(profileID);
+
+        if (profileElem == null) {
+          throw new MOAApplicationException("2236", new Object[] { profileID });
+        }
+
+        return (
+          CreateSignatureEnvironmentProfileExplicit) profileParser
+            .parseCreateSignatureEnvironmentProfile(
+          profileElem);
+
+    }
+    return null;
+
+  }
+
+  /**
+   * Map a <code>List</code> of <code>SupplementProfile</code>s to their
+   * explicit representation.
+   * 
+   * @param profiles The profiles to map.
+   * @param config The MOA configuration to use for looking up profiles.
+   * @return The mapped profiles.
+   * @throws MOAApplicationException An error occurred mapping one of the
+   * profiles.
+   */
+  public static List mapSupplementProfiles(
+    List profiles,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    List mappedProfiles = new ArrayList();
+    Iterator iter;
+
+    for (iter = profiles.iterator(); iter.hasNext();) {
+      SupplementProfile profile = (SupplementProfile) iter.next();
+      mappedProfiles.add(mapSupplementProfile(profile, config));
+    }
+
+    return mappedProfiles;
+  }
+
+  /**
+   * Map a <code>SupplementProfile</code> to a 
+   * <code>SupplementProfileExplicit</code>.
+   * 
+   * @param profile The profile object to map.
+   * @param config The MOA configuration to use for looking up the profile.
+   * @return <code>profile</code>, if the given profile is of type
+   * <code>EXPLICIT_SUPPLEMENTPROFILE</code>, otherwise the 
+   * profile that is looked up and parsed from the configuration. 
+   * @throws MOAApplicationException An error occurred parsing the profile.
+   */
+  public static SupplementProfileExplicit mapSupplementProfile(
+    SupplementProfile profile,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    switch (profile.getSupplementProfileType()) {
+      case SupplementProfile.EXPLICIT_SUPPLEMENTPROFILE :
+        return (SupplementProfileExplicit) profile;
+
+      case SupplementProfile.ID_SUPPLEMENTPROFILE :
+        SupplementProfileID profileIdObj = (SupplementProfileID) profile;
+        String profileID = profileIdObj.getSupplementProfileID();
+        Element profileElem = config.getSupplementProfile(profileID);
+
+        if (profileElem == null) {
+          throw new MOAApplicationException("2267", new Object[] { profileID });
+        }
+
+        return (
+          SupplementProfileExplicit) profileParser.parseSupplementProfile(
+          profileElem);
+    }
+
+    return null;
+  }
+
+  /**
+   * Map a <code>List</code> of <code>VerifyTransformsInfoProfile</code>s to 
+   * their explicit representation.
+   * 
+   * @param profiles The profiles to map.
+   * @param config The MOA configuration to use for looking up profiles.
+   * @return The mapped profiles.
+   * @throws MOAApplicationException An error occurred mapping one of the
+   * profiles.
+   */
+  public static List mapVerifyTransformsInfoProfiles(
+    List profiles,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    List mappedProfiles = new ArrayList();
+    Iterator iter;
+
+    for (iter = profiles.iterator(); iter.hasNext();) {
+      VerifyTransformsInfoProfile profile =
+        (VerifyTransformsInfoProfile) iter.next();
+      mappedProfiles.add(mapVerifyTransformsInfoProfile(profile, config));
+    }
+
+    return mappedProfiles;
+  }
+
+  /**
+   * Map a <code>VerifyTransformsInfoProfile</code> to a 
+   * <code>VerifyTransformsInfoProfileExplicit</code>.
+   * 
+   * @param profile The profile object to map.
+   * @param config The MOA configuration to use for looking up the profile.
+   * @return <code>profile</code>, if the given profile is of type
+   * <code>EXPLICIT_VERIFYTRANSFORMSINFOPROFILE</code>, otherwise the 
+   * profile that is looked up and parsed from the configuration. 
+   * @throws MOAApplicationException An error occurred parsing the profile.
+   */
+  public static VerifyTransformsInfoProfileExplicit mapVerifyTransformsInfoProfile(
+    VerifyTransformsInfoProfile profile,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    switch (profile.getVerifyTransformsInfoProfileType()) {
+      case VerifyTransformsInfoProfile.EXPLICIT_VERIFYTRANSFORMSINFOPROFILE :
+        return (VerifyTransformsInfoProfileExplicit) profile;
+
+      case VerifyTransformsInfoProfile.ID_VERIFYTRANSFORMSINFOPROFILE :
+        VerifyTransformsInfoProfileID profileIdObj =
+          (VerifyTransformsInfoProfileID) profile;
+        String profileID = profileIdObj.getVerifyTransformsInfoProfileID();
+        Element profileElem =
+          config.getVerifyTransformsInfoProfile(profileID);
+        
+        if (profileElem == null) {
+          throw new MOAApplicationException("2268", new Object[] { profileID });          
+        }
+
+        return (
+          VerifyTransformsInfoProfileExplicit) profileParser
+            .parseVerifyTransformsInfoProfile(
+          profileElem);
+    }
+
+    return null;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java
new file mode 100644
index 0000000..8f3c075
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * A utility class for setting up and tearing down thread-local context 
+ * information needed for calling the <code>Invoker</code> classes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ServiceContextUtils {
+  
+  /**
+   * Set up the thread-local context information needed for calling the various 
+   * <code>Invoker</code> classes.
+   *  
+   * @throws ConfigurationException An error occurred setting up the
+   * configuration in the <code>TransactionContext</code>.
+   */
+  public static void setUpContexts() throws ConfigurationException {
+    TransactionContextManager txMgr = TransactionContextManager.getInstance();
+    LoggingContextManager logMgr = LoggingContextManager.getInstance();
+    String transactionID = Thread.currentThread().getName();
+    
+    if (txMgr.getTransactionContext() == null) {
+      TransactionContext ctx = new TransactionContext(transactionID, null, ConfigurationProvider.getInstance());
+      txMgr.setTransactionContext(ctx);
+    }
+    
+    if (logMgr.getLoggingContext() == null) {
+      LoggingContext ctx = new LoggingContext(transactionID);
+      logMgr.setLoggingContext(ctx);
+    }
+  }
+  
+  /**
+   * Tear down thread-local context information.
+   */
+  public static void tearDownContexts() {
+    TransactionContextManager.getInstance().setTransactionContext(null);
+    LoggingContextManager.getInstance().setLoggingContext(null);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java
new file mode 100644
index 0000000..b746333
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.Collections;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.spss.api.SignatureCreationService;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+
+/**
+ * An implementation of the <code>SignatureCreationService</code>, using
+ * the <code>XMLSignatureCreationInvoker</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SignatureCreationServiceImpl extends SignatureCreationService {
+
+  /**
+   * Create an XML signature.
+   * 
+   * @param request The <code>CreateXMLSignatureRequest</code> containing
+   * information about the signature(s) to create.
+   * @return The created signature(s).
+   * @throws MOAException An error occurred creating the signature(s).
+   */
+  public CreateXMLSignatureResponse createXMLSignature(CreateXMLSignatureRequest request)
+    throws MOAException {
+
+    XMLSignatureCreationInvoker invoker =
+      XMLSignatureCreationInvoker.getInstance();
+    CreateXMLSignatureResponse response;
+
+    try {
+    	
+      Configurator.getInstance().init();
+      ServiceContextUtils.setUpContexts();
+      response = invoker.createXMLSignature(request, Collections.EMPTY_SET);
+      
+      return response;
+    } finally {
+      ServiceContextUtils.tearDownContexts();
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java
new file mode 100644
index 0000000..5b6033c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * An implementation of the <code>SignatureVerificationService</code> using
+ * the <code>XMLSignatureVerificationInvoker</code> and the
+ * <code>CMSSignatureVerificationInvoker</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SignatureVerificationServiceImpl
+  extends SignatureVerificationService {
+
+  /**
+   * Verify a CMS signature.
+   * 
+   * @param request The <code>VerifyCMSSignatureRequest</code> containing 
+   * information about the signature verification.
+   * @return The result of the signature verification.
+   * @throws MOAException An error occurred during signature verification.
+   */
+  public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request)
+    throws MOAException {
+
+    CMSSignatureVerificationInvoker invoker =
+      CMSSignatureVerificationInvoker.getInstance();
+    VerifyCMSSignatureResponse response;
+
+    try {
+      Configurator.getInstance().init();
+      ServiceContextUtils.setUpContexts();
+      response = invoker.verifyCMSSignature(request);
+      
+      return response;
+    } finally {
+      ServiceContextUtils.tearDownContexts();
+    }
+  }
+
+  /**
+   * Verify an XML signature.
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> containinig
+   * information about the signature verification.
+   * @return The result of the signature verification.
+   * @throws MOAException An error occurred during signature verification.
+   */
+  public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
+    throws MOAException {
+
+    XMLSignatureVerificationInvoker invoker =
+      XMLSignatureVerificationInvoker.getInstance();
+    VerifyXMLSignatureResponse response;
+
+    try {
+    	
+
+      Configurator.getInstance().init();
+      ServiceContextUtils.setUpContexts();
+      response = invoker.verifyXMLSignature(request);
+            
+      return response;
+    } finally {
+      ServiceContextUtils.tearDownContexts();
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java
new file mode 100644
index 0000000..7842f14
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java
@@ -0,0 +1,282 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import iaik.server.modules.xml.Base64Transformation;
+import iaik.server.modules.xml.Canonicalization;
+import iaik.server.modules.xml.EnvelopedSignatureTransformation;
+import iaik.server.modules.xml.Transformation;
+import iaik.server.modules.xml.XPath2Transformation;
+import iaik.server.modules.xml.XPathTransformation;
+import iaik.server.modules.xml.XSLTTransformation;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.ExclusiveCanonicalizationTransform;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform;
+import at.gv.egovernment.moa.spss.api.common.XPathTransform;
+import at.gv.egovernment.moa.spss.api.common.XSLTTransform;
+import at.gv.egovernment.moa.spss.server.iaik.xml.Base64TransformationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.EnvelopedSignatureTransformationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ExclusiveCanonicalizationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XPath2FilterImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XPath2TransformationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XPathTransformationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XSLTTransformationImpl;
+
+/**
+ * A factory to create <code>Transformation</code> objects from  
+ * <code>Transform</code> objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TransformationFactory {
+
+
+  /** The single instance of this class. */
+  private static TransformationFactory instance = null;
+
+  /** Maps <code>XPathFilter</code> filter types to 
+   * <code>XPath2Transformation</code> filter types. */
+  private static Map FILTER_TYPE_MAPPING;
+
+  static {
+    FILTER_TYPE_MAPPING = new HashMap();
+
+    FILTER_TYPE_MAPPING.put(
+      XPathFilter.INTERSECT_TYPE,
+      XPath2Transformation.XPath2Filter.INTERSECTION);
+    FILTER_TYPE_MAPPING.put(
+      XPathFilter.SUBTRACT_TYPE,
+      XPath2Transformation.XPath2Filter.SUBTRACTION);
+    FILTER_TYPE_MAPPING.put(
+      XPathFilter.UNION_TYPE,
+      XPath2Transformation.XPath2Filter.UNION);
+  }
+
+  /**
+   * Get the single instance of the factory.
+   * 
+   * @return TransformationFactory The single instance.
+   */
+  public static synchronized TransformationFactory getInstance() {
+    if (instance == null) {
+      instance = new TransformationFactory();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>TransformationFactory</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected TransformationFactory() {
+  }
+
+  /**
+   * Create a <code>Transformation</code> based on a 
+   * <code>Transform</code> object.
+   * 
+   * @param transform The <code>Transform</code> object to extract
+   * transformation data from.
+   * @return The transformation contained in the <code>transform</code>
+   * object.
+   * @throws MOAApplicationException An error occured creating the
+   * <code>Transformation</code>. See exception message for details.
+   */
+  public Transformation createTransformation(Transform transform)
+    throws MOAApplicationException {
+    String algorithmUri = transform.getAlgorithmURI();
+
+    if (Canonicalization.CANONICAL_XML.equals(algorithmUri)
+      || Canonicalization.CANONICAL_XML_WITH_COMMENTS.equals(algorithmUri)) {
+      return createC14nTransformation(algorithmUri);
+    } else if (
+      Canonicalization.EXCLUSIVE_CANONICAL_XML.equals(algorithmUri)
+        || Canonicalization.EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS.equals(
+          algorithmUri)) {
+
+      return createExclusiveC14nTransformation(
+        (ExclusiveCanonicalizationTransform) transform);
+
+    } else if (Base64Transformation.ALL.contains(algorithmUri)) {
+      return createBase64Transformation();
+    } else if (EnvelopedSignatureTransformation.ALL.contains(algorithmUri)) {
+      return createEnvelopedSignatureTransformation();
+    } else if (XPathTransformation.ALL.contains(algorithmUri)) {
+      return createXPathTransformation((XPathTransform) transform);
+    } else if (XPath2Transformation.ALL.contains(algorithmUri)) {
+      return createXPath2Transformation((XPathFilter2Transform) transform);
+    } else if (XSLTTransformation.ALL.contains(algorithmUri)) {
+      return createXSLTTransformation((XSLTTransform) transform);
+    } else {
+      throw new MOAApplicationException("1108", new Object[] { algorithmUri });
+    }
+  }
+
+  /**
+   * Create a <code>List</code> of <code>Transformation</code>s from a 
+   * <code>List</code> of <code>Transform</code>s.
+   * 
+   * @param transforms The <code>List</code> containing the 
+   * <code>Transform</code>s. 
+   * @return The <code>List</code> of <code>Transformation</code>s corresponding
+   * to the <code>transforms</code>.
+   * @throws MOAApplicationException An error occurred building one of the
+   * transformations. See exception message for details. 
+   */
+  public List createTransformationList(List transforms)
+    throws MOAApplicationException {
+    List transformationList = new ArrayList();
+    Iterator trIter;
+
+    for (trIter = transforms.iterator(); trIter.hasNext();) {
+      Transform transform = (Transform) trIter.next();
+      transformationList.add(createTransformation(transform));
+    }
+
+    return transformationList;
+  }
+
+  /**
+   * Create a <code>Canonicalization</code>.
+   * 
+   * @param algorithmUri The algorithm URI of the canonicalization.
+   * @return The <code>Canonicalization</code>.
+   */
+  private Transformation createC14nTransformation(String algorithmUri) {
+    return new CanonicalizationImpl(algorithmUri);
+  }
+
+  /**
+   * Create a <code>ExclusiveCanonicalization</code>.
+   * 
+   * @param transform The <code>ExclusiveCanonicalizationTransform</code> 
+   * containing the transformation data.
+   * @return The <code>ExclusiveCanonicalization</code>.
+   */
+  private Transformation createExclusiveC14nTransformation(ExclusiveCanonicalizationTransform transform) {
+    return new ExclusiveCanonicalizationImpl(
+      transform.getAlgorithmURI(),
+      transform.getInclusiveNamespacePrefixes());
+  }
+
+  /**
+   * Create a <code>Base64Transformation</code>.
+   * 
+   * @return The <code></code>
+   */
+  private Transformation createBase64Transformation() {
+    return new Base64TransformationImpl();
+  }
+
+  /**
+   * Create an <code>EnvelopedSignatureTransformation</code>.
+   * 
+   * @return An <code>EnvelopedSignatureTransformation</code>.
+   */
+  private Transformation createEnvelopedSignatureTransformation() {
+    return new EnvelopedSignatureTransformationImpl();
+  }
+
+  /**
+   * Create an <code>XPathTransformation</code>.
+   * 
+   * @param transform The <code>Transform</code> object containing the
+   * XPath transformation.
+   * @return An <code>XPathTransformation</code> corresponding the
+   * transformation given in <code>transform</code>.
+   * @throws MOAApplicationException An error occurred creating the 
+   * <code>Transformation</code>.
+   */
+  private Transformation createXPathTransformation(XPathTransform transform)
+    throws MOAApplicationException {
+
+    return new XPathTransformationImpl(
+      transform.getXPathExpression(),
+      transform.getNamespaceDeclarations());
+  }
+
+  /**
+   * Create an <code>XPath2Transformation</code>.
+   * 
+   * @param transform The <code>Transform</code> object containing the
+   * XPath filter transformation.
+   * @return An <code>XPath2Transformation</code> corresponding the
+   * transformation given in <code>transform</code>.
+   * @throws MOAApplicationException An error occurred creating the
+   * <code>Transformation</code>.
+   */
+  private Transformation createXPath2Transformation(XPathFilter2Transform transform)
+    throws MOAApplicationException {
+
+    XPath2TransformationImpl xpath2 = new XPath2TransformationImpl();
+    Iterator iter;
+
+    for (iter = transform.getFilters().iterator(); iter.hasNext();) {
+      XPathFilter filter = (XPathFilter) iter.next();
+      String mappedFilterType =
+        (String) FILTER_TYPE_MAPPING.get(filter.getFilterType());
+      XPath2FilterImpl mappedFilter =
+        new XPath2FilterImpl(
+          mappedFilterType,
+          filter.getXPathExpression(),
+          filter.getNamespaceDeclarations());
+      xpath2.addXPathFilter(mappedFilter);
+    }
+
+    if (xpath2.getXPathFilters().size() == 0) {
+      throw new MOAApplicationException("2216", null);
+    }
+
+    return xpath2;
+  }
+
+  /**
+   * Create an <code>XSLTTransformation</code>.
+   * 
+   * @param transform The <code>Transform</code> containing the XSLT stylesheet.
+   * @return An <code>XSLTTransformation</code> corresponding the transformation
+   * given in <code>transform</code>.
+   * @throws MOAApplicationException An error occurred creating the
+   * <code>Transformation</code>.
+   */
+  private Transformation createXSLTTransformation(XSLTTransform transform)
+    throws MOAApplicationException {
+
+    return new XSLTTransformationImpl(transform.getStylesheet());
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
new file mode 100644
index 0000000..1ea10cb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.server.modules.cmsverify.CertificateValidationResult;
+
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+
+/**
+ * A class to build a <code>VerifyCMSSignatureResponse</code> object.
+ * 
+ * <p>Via subsequent calls to <code>addResult()</code> a number of results from
+ * a CMS signature verification can be added to the response.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>VerifyCMSSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyCMSSignatureResponseBuilder {
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+  /** The elements making up the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Get the <code>VerifyCMSSignatureResponse</code> built so far.
+   * 
+   * @return The <code>VerifyCMSSignatureResponse</code> built so far.
+   */
+  public VerifyCMSSignatureResponse getResponse() {
+    return factory.createVerifyCMSSignatureResponse(responseElements);
+  }
+
+  /**
+   * Add a verification result to the response.
+   * 
+   * @param result The result to add.
+   * @param trustprofile The actual trustprofile
+   * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the 
+   * 		certificate as qualified, otherwise <code>false</code>.
+   * @param checkSSCD <code>true</code>, if the TSL check verifies the 
+   * 		signature based on a SSDC, otherwise <code>false</code>.
+   * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+ * @throws MOAException 
+   */
+  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode)
+    throws MOAException {
+	  
+    CertificateValidationResult certResult =
+      result.getCertificateValidationResult();
+    int signatureCheckCode =
+      result.getSignatureValueVerificationCode().intValue();
+    int certificateCheckCode = certResult.getValidationResultCode().intValue();
+         
+    VerifyCMSSignatureResponseElement responseElement;
+    SignerInfo signerInfo;
+    CheckResult signatureCheck;
+    CheckResult certificateCheck;
+
+    boolean qualifiedCertificate = checkQC;
+    
+    // add SignerInfo element
+    signerInfo =
+      factory.createSignerInfo(
+        (X509Certificate) certResult.getCertificateChain().get(0),
+        qualifiedCertificate,
+        qcSourceTSL,
+        certResult.isPublicAuthorityCertificate(),
+        certResult.getPublicAuthorityID(),
+        checkSSCD,
+        sscdSourceTSL,
+        issuerCountryCode);
+
+    // add SignatureCheck element
+    signatureCheck = factory.createCheckResult(signatureCheckCode, null);
+
+    // add CertificateCheck element
+    certificateCheck = factory.createCheckResult(certificateCheckCode, null);
+    
+    // build the response element
+    responseElement =
+      factory.createVerifyCMSSignatureResponseElement(
+        signerInfo,
+        signatureCheck,
+        certificateCheck);
+    responseElements.add(responseElement);
+  }
+  
+ 
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
new file mode 100644
index 0000000..9021785
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -0,0 +1,501 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
+
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.impl.InputDataBinaryImpl;
+import at.gv.egovernment.moa.spss.api.impl.InputDataXMLImpl;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.CollectionUtils;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.NodeListAdapter;
+import iaik.server.modules.xml.BinaryDataObject;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLNodeListDataObject;
+import iaik.server.modules.xmlverify.CertificateValidationResult;
+import iaik.server.modules.xmlverify.DsigManifest;
+import iaik.server.modules.xmlverify.HashUnavailableException;
+import iaik.server.modules.xmlverify.ReferenceData;
+import iaik.server.modules.xmlverify.ReferenceInfo;
+import iaik.server.modules.xmlverify.SecurityLayerManifest;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.alg.transform.C14NTransformService;
+import iaik.xml.crypto.dsig.CanonicalizationMethodImpl;
+
+/**
+ * A class to build a <code>VerifyXMLSignatureResponse</code> object.
+ * 
+ * <p>Via a call to <code>addResult()</code> the only result of the
+ * signature verification must be added.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>VerifyXMLSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyXMLSignatureResponseBuilder {
+
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+  /** Information about the signer certificate. */
+  private SignerInfo signerInfo;
+  /** The hash input data. */
+  private List hashInputDatas;
+  /** The reference input data. */
+  private List referenceInputDatas;
+  /** The result of the signature check. */
+  private ReferencesCheckResult signatureCheck;
+  /** The result of the signature manifest check. */
+  private ReferencesCheckResult signatureManifestCheck;
+  /** The result of the XMLDsig manifest check. */
+  private List xmlDsigManifestChecks;
+  /** The result of the certificate check. */
+  private CheckResult certificateCheck;
+  
+  /**
+   * Get the <code>VerifyMLSignatureResponse</code> built so far.
+   * 
+   * @return The <code>VerifyXMLSignatureResponse</code> built so far.
+   */
+  public VerifyXMLSignatureResponse getResponse() {
+    return factory.createVerifyXMLSignatureResponse(
+      signerInfo,
+      hashInputDatas,
+      referenceInputDatas,
+      signatureCheck,
+      signatureManifestCheck,
+      xmlDsigManifestChecks,
+      certificateCheck);
+  }
+
+  /**
+   * Sets the verification result to the response.
+   * 
+   * This method must be called exactly once to ensure a valid
+   * <code>VerifyXMLSignatureResponse</code>.
+   * 
+   * @param result The result to set for the response.
+   * @param profile The profile used for verifying the signature.
+   * @param transformsSignatureManifestCheck The overall result for the signature 
+   *        manifest check.
+   * @param certificateCheck The overall result for the certificate check.
+   * @param checkQC <code>true</code>, if the certificate is QC, otherwise <code>false</code>.
+   * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+   * @param checkSSCD <code>true</code>, if the signature is created by an SSCD, otherwise <code>false</code>.
+   * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+   * @throws MOAApplicationException An error occurred adding the result.
+   */
+  public void setResult(
+    XMLSignatureVerificationResult result,
+    XMLSignatureVerificationProfile profile,
+    ReferencesCheckResult transformsSignatureManifestCheck,
+    CheckResult certificateCheck, 
+    boolean checkQC,
+    boolean qcSourceTSL,
+    boolean checkSSCD,
+    boolean sscdSourceTSL,
+    boolean isTSLEnabledTrustprofile,
+    String issuerCountryCode)
+    throws MOAApplicationException {
+
+    CertificateValidationResult certResult =
+      result.getCertificateValidationResult();
+    List referenceDataList;
+    ReferenceData referenceData;
+    List dsigManifestList;
+    ReferencesCheckResultInfo checkResultInfo;
+    int[] failedReferences;
+    Iterator iter;
+
+    boolean qualifiedCertificate = false;
+    
+    qualifiedCertificate = checkQC;
+    
+    // create the SignerInfo;
+    signerInfo =
+      factory.createSignerInfo(
+        (X509Certificate) certResult.getCertificateChain().get(0),
+        qualifiedCertificate,
+        qcSourceTSL,
+        certResult.isPublicAuthorityCertificate(),
+        certResult.getPublicAuthorityID(),
+        checkSSCD,
+        sscdSourceTSL,
+        issuerCountryCode);
+
+    // Create HashInputData Content objects
+    referenceDataList = result.getReferenceDataList();
+    if (profile.includeHashInputData()) {
+      hashInputDatas = new ArrayList();
+      
+      // Include SignedInfo references
+      addHashInputDatas(
+        hashInputDatas, 
+        referenceDataList, 
+        InputData.CONTAINER_SIGNEDINFO_, 
+        InputData.REFERER_NONE_);
+      
+      // Include XMLDSIGManifest references
+      List xMLDSIGManifests = result.getDsigManifestList();
+      for (iter = xMLDSIGManifests.iterator(); iter.hasNext();)
+      {
+        DsigManifest currentMF = (DsigManifest) iter.next();
+        List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList();
+        addHashInputDatas(
+          hashInputDatas, 
+          xMLDSIGMFReferenceDataList, 
+          InputData.CONTAINER_XMLDSIGMANIFEST_, 
+          currentMF.getReferringReferenceInfo().getReferenceIndex());
+      }
+    }
+
+    // Create the ReferenceInputData Content objects
+    if (profile.includeReferenceInputData()) {
+      referenceInputDatas = new ArrayList();
+      
+      // Include SignedInfo references
+      addReferenceInputDatas(
+        referenceInputDatas, 
+        referenceDataList, 
+        InputData.CONTAINER_SIGNEDINFO_, 
+        InputData.REFERER_NONE_);
+
+      // Include XMLDSIGManifest references
+      List xMLDSIGManifests = result.getDsigManifestList();
+      for (iter = xMLDSIGManifests.iterator(); iter.hasNext();)
+      {
+        DsigManifest currentMF = (DsigManifest) iter.next();
+        List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList();
+        addReferenceInputDatas(
+          referenceInputDatas, 
+          xMLDSIGMFReferenceDataList, 
+          InputData.CONTAINER_XMLDSIGMANIFEST_, 
+          currentMF.getReferringReferenceInfo().getReferenceIndex());
+      }
+    }
+
+    // create the signature check
+    failedReferences = buildFailedReferences(result.getReferenceDataList());
+    checkResultInfo =
+      failedReferences != null
+        ? factory.createReferencesCheckResultInfo(null, failedReferences)
+        : null;
+    signatureCheck =
+      factory.createReferencesCheckResult(
+        result.getSignatureValueVerificationCode().intValue(),
+        checkResultInfo);
+
+    // create the signature manifest check
+    if (profile.checkSecurityLayerManifest())
+    {
+      if (transformsSignatureManifestCheck.getCode() == 1)
+      {
+        // checking the transforms failed
+        signatureManifestCheck = transformsSignatureManifestCheck;
+      }
+      else if (result.isSecurityLayerManifestRequired())
+      {
+        if (!result.containsSecurityLayerManifest())
+        {
+          // required security layer manifest is missing in signature
+          signatureManifestCheck = factory.createReferencesCheckResult(2, null);
+        } 
+        else
+        {
+          // security layer manifest exists, so we have to check its validity
+          SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
+          int verificationResult = slManifest.getManifestVerificationResult().intValue();
+
+          if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult)
+          {
+            // security layer manifest exists and is free of errors
+            signatureManifestCheck = factory.createReferencesCheckResult(0, null);
+          }
+          else
+          {
+            // security layer manifest exists, but has errors
+            failedReferences = buildFailedReferences(slManifest.getReferenceDataList());
+            checkResultInfo = (failedReferences != null)
+              ? factory.createReferencesCheckResultInfo(null, failedReferences)
+              : null;
+            if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult)
+            {
+              signatureManifestCheck =  factory.createReferencesCheckResult(3, checkResultInfo);
+            }
+            else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult)
+            {
+              signatureManifestCheck =  factory.createReferencesCheckResult(4, checkResultInfo);
+            }
+            else
+            {
+              // Should not happen
+              throw new RuntimeException("Unexpected result from security layer manifest verification.");
+            }
+          }
+        }
+      }
+      else
+      {
+        // no security layer manifest is required, so the signature manifest check is ok
+        signatureManifestCheck = factory.createReferencesCheckResult(0, null);
+      }
+    }
+
+    // create the xmlDsigManifestCheck
+    if (profile.checkXMLDsigManifests()) {
+      xmlDsigManifestChecks = new ArrayList();
+      dsigManifestList = result.getDsigManifestList();
+      for (iter = dsigManifestList.iterator(); iter.hasNext();) {
+        DsigManifest dsigManifest = (DsigManifest) iter.next();
+        int refIndex =
+          dsigManifest.getReferringReferenceInfo().getReferenceIndex();
+        ManifestRefsCheckResultInfo manifestCheckResultInfo;
+
+        failedReferences =
+          buildFailedReferences(dsigManifest.getReferenceDataList());
+        manifestCheckResultInfo =
+          factory.createManifestRefsCheckResultInfo(
+            null,
+            failedReferences,
+            refIndex);
+        xmlDsigManifestChecks.add(
+          factory.createManifestRefsCheckResult(
+            dsigManifest.getManifestVerificationResult().intValue(),
+            manifestCheckResultInfo));
+      }
+    }
+
+    // create the certificate check 
+    this.certificateCheck = certificateCheck;
+    
+    
+    
+  }
+
+  /**
+   * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. The content of the entry will
+   * be created from {@link ReferenceData#getHashInputData()}.
+   * 
+   * @param inputDatas The list to be amended.
+   * 
+   * @param referenceDataList The list of {@link ReferenceData} objects to be investigated.
+   * 
+   * @param containerType The type of container of the {@link InputData} objects to be created.
+   * 
+   * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created.
+   * 
+   * @throws MOAApplicationException if creating an {@link InputData} fails. 
+   */
+  private void addHashInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber)
+  throws MOAApplicationException
+  {
+    for (Iterator iter = referenceDataList.iterator(); iter.hasNext();)
+    {
+      ReferenceData referenceData = (ReferenceData) iter.next();
+      inputDatas.add(buildInputData(
+        referenceData.getHashInputData(),
+        containerType,
+        refererNumber));
+    }
+  }
+  
+  /**
+   * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. The content of the entry will
+   * be created from {@link ReferenceData#getReferenceInputData()}.
+   * 
+   * @param inputDatas The list to be amended.
+   * 
+   * @param referenceDataList The list of {@link ReferenceData} objects to be investigated.
+   * 
+   * @param containerType The type of container of the {@link InputData} objects to be created.
+   * 
+   * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created.
+   * 
+   * @throws MOAApplicationException if creating an {@link InputData} fails. 
+   */
+  private void addReferenceInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber)
+    throws MOAApplicationException
+  {
+    for (Iterator iter = referenceDataList.iterator(); iter.hasNext();)
+    {
+      ReferenceData referenceData = (ReferenceData) iter.next();
+      inputDatas.add(buildInputData(
+        referenceData.getReferenceInputData(),
+        containerType,
+        refererNumber));
+    }
+  }
+
+  /**
+   * Build a <code>InputDataBinaryImpl</code> or an <code>InputDataXMLImpl</code>
+   * object from the given <code>DataObject</code> and the given attributes.
+   * 
+   * @param dataObject The <code>DataObject</code> from which to build the result.
+   * Based on the type of this parameter, the type of the result will either be
+   * <code>InputDataBinaryImpl</code> or <code>InputDataXMLImpl</code>. 
+   * 
+   * @param partof see {@link InputData}
+   * 
+   * @param referringReferenceNumber see {@link InputData}
+   * 
+   * @return The corresponinding input data implementation.
+   *  
+   * @throws MOAApplicationException An error occurred creating the result.
+   */
+  private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber)
+    throws MOAApplicationException {
+
+    if (dataObject instanceof BinaryDataObject) {
+      BinaryDataObject binaryData = (BinaryDataObject) dataObject;
+      return new InputDataBinaryImpl(
+        factory.createContent(binaryData.getInputStream(), null),
+        partOf,
+        referringReferenceNumber);
+    } else if (dataObject instanceof XMLDataObject) {
+      XMLDataObject xmlData = (XMLDataObject) dataObject;
+      List nodes = new ArrayList();
+
+      nodes.add(xmlData.getElement());
+      return new InputDataXMLImpl(
+        factory.createContent(new NodeListAdapter(nodes), null),
+        partOf,
+        referringReferenceNumber);
+    } else { // dataObject instanceof XMLNodeListDataObject
+      // if the data in the NodeList can be converted back to valid XML,
+      // write it as XMLContent; otherwise, write it as Base64Content 
+      XMLNodeListDataObject nodeData = (XMLNodeListDataObject) dataObject;
+      NodeList nodes = nodeData.getNodeList();
+      
+      if (DOMUtils.checkAttributeParentsInNodeList(nodes)) {
+        // insert as XMLContent
+        try {
+          DocumentFragment fragment = DOMUtils.nodeList2DocumentFragment(nodes);
+
+          return new InputDataXMLImpl(
+            factory.createContent(fragment.getChildNodes(), null),
+            partOf, 
+            referringReferenceNumber);
+        } catch (Exception e) {
+          // not successful -> fall through to the Base64Content
+        }
+      }
+      
+      // insert canonicalized NodeList as binary content
+      try {
+    	  ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    	  for(int i = 0; i < nodes.getLength(); i++) {
+    		  baos.write(DOMUtils.nodeToByteArray(nodes.item(i)));
+    	  }
+    	  baos.close();
+    	  ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
+    	  OctetStreamData inputData = new OctetStreamData(bais);
+    	  
+    	  CanonicalizationMethodImpl canonicalizationMethodImpl = new CanonicalizationMethodImpl(
+    			  CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, new ExcC14NParameterSpec());
+    	  OctetStreamData data = (OctetStreamData)canonicalizationMethodImpl.transform(inputData, null);
+    	  bais.close();
+    	  //CanonicalizationAlgorithm c14n =
+          	//new CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments();
+    	  InputStream is = data.getOctetStream();
+
+        //c14n.setInput(nodes);
+        //is = c14n.canonicalize();
+        return new InputDataBinaryImpl(
+          factory.createContent(is, null),
+          partOf,
+          referringReferenceNumber);
+      } catch (Exception e) {
+        throw new MOAApplicationException("2200", null);
+      }
+    }
+  }
+
+  /**
+   * Build the failed references.
+   * 
+   * Failed references are references for which the <code>isHashValid()</code>
+   * method returns <code>false</code>.
+   * 
+   * @param refInfos A <code>List</code> containing the
+   * <code>ReferenceInfo</code> objects to be checked.
+   * @return The indexes of the failed references. 
+   */
+  private int[] buildFailedReferences(List refInfos) {
+    List failedReferencesList = new ArrayList();
+    int i;
+
+    // find out the failed references
+    for (i = 0; i < refInfos.size(); i++) {
+      ReferenceInfo refInfo = (ReferenceInfo) refInfos.get(i);
+
+      try {
+        if (refInfo.isHashCalculated() && !refInfo.isHashValid()) {
+          failedReferencesList.add(new Integer(i + 1));
+        }
+      } catch (HashUnavailableException e) {
+        // nothing to do here because we called refInfo.isHashCalculated first
+      }
+    }
+
+    // convert to an int array
+    if (failedReferencesList.isEmpty()) {
+      return null;
+    } else {
+      int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList);
+
+      return failedReferences;
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
new file mode 100644
index 0000000..7debb7b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
@@ -0,0 +1,586 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLSignature;
+import iaik.server.modules.xmlsign.XMLSignatureCreationModule;
+import iaik.server.modules.xmlsign.XMLSignatureCreationModuleFactory;
+import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A class providing an API based interface to the
+ * <code>XMLSignatureCreationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.xmlsign.XMLSignatureCreationModule</code> from a
+ * <code>CreateXMLSignatureRequest</code> given as an API object. The result of
+ * the invocation is integrated into a <code>CreateXMLSignatureResponse</code>
+ * and returned.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureCreationInvoker {
+
+  /** The single instance of this class. */
+  private static XMLSignatureCreationInvoker instance = null;
+
+  /**
+   * Get the only instance of this class.
+   * 
+   * @return The only instance of this class.
+   */
+  public static synchronized XMLSignatureCreationInvoker getInstance() {
+    if (instance == null) {
+      instance = new XMLSignatureCreationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>XMLSignatureCreationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected XMLSignatureCreationInvoker() {
+  }
+
+  /**
+   * Process the <code>CreateXMLSignatureRequest<code> message and invoke the
+   * <code>XMLSignatureCreationModule</code> for every
+   * <code>SingleSignatureInfo</code> contained in the request.
+   * 
+   * @param request A <code>CreateXMLSignatureRequest<code> API object
+   * containing the information for creating the signature(s).
+   * @param reserved A <code>Set</code> of reserved object IDs.
+   * 
+   * @return A <code>CreateXMLSignatureResponse</code> API object containing
+   * the created signature(s). The response contains either a
+   * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code>
+   * for each <code>SingleSignatureInfo</code> in the request.
+   * @throws MOAException An error occurred during signature creation. 
+   */
+  public CreateXMLSignatureResponse createXMLSignature(
+    CreateXMLSignatureRequest request,
+    Set reserved)
+    throws MOAException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    LoggingContext loggingCtx =
+      LoggingContextManager.getInstance().getLoggingContext();
+    reserved = new HashSet(reserved);
+    XMLSignatureCreationProfileFactory profileFactory =
+      new XMLSignatureCreationProfileFactory(request, reserved);
+    CreateXMLSignatureResponseBuilder responseBuilder =
+      new CreateXMLSignatureResponseBuilder();
+    int createCount = 1;
+    IdGenerator refIdGen;
+    XMLSignatureCreationModule module;
+    Iterator singleSignatureInfoIter;
+
+    // create the XMLSignatureCreationModule and configure it
+    module = XMLSignatureCreationModuleFactory.getInstance();
+    module.setLog(new IaikLog(loggingCtx.getNodeID()));
+
+    // select the SingleSignatureInfo elements
+    singleSignatureInfoIter = request.getSingleSignatureInfos().iterator();
+
+    // iterate over all the SingleSignatureInfo elements in the request
+    while (singleSignatureInfoIter.hasNext()) {
+      SingleSignatureInfo singleSignatureInfo =
+        (SingleSignatureInfo) singleSignatureInfoIter.next();
+      CreateSignatureInfo createSignatureInfo;
+      List dataObjectList;
+      XMLSignatureCreationProfile profile;
+      XMLDataObject signatureEnvironment;
+      XMLDataObject signatureParent;
+      XMLSignature signature;
+      List additionalSignedProperties;
+      Node signatureEnvironmentParent = null;
+      Element requestElement = null;
+
+      try {
+
+        // build the signature environment
+        createSignatureInfo = singleSignatureInfo.getCreateSignatureInfo();
+        if (createSignatureInfo != null) {
+          DataObjectFactory dataObjFactory = DataObjectFactory.getInstance();
+
+          signatureEnvironment =
+            dataObjFactory.createSignatureEnvironment(
+              createSignatureInfo.getCreateSignatureEnvironment(),
+              getCreateSignatureEnvironmentProfileSupplements(singleSignatureInfo));
+        } else {
+          signatureEnvironment = null;
+        }
+        
+        HashSet sigInfoReservedIDs = new HashSet();
+        if (signatureEnvironment != null)
+        {
+          // Find Id attributes of existing XML signatures in signature environment
+    	    HashMap nSMap = new HashMap();
+    	    String dsp = Constants.DSIG_PREFIX;
+    	    nSMap.put(dsp, Constants.DSIG_NS_URI);
+    	    String xPathExpr = "//" + dsp + ":Signature/@Id | //" + dsp + ":Reference/@Id | //" 
+    	      + dsp + ":Object/@Id | //" + dsp + ":Manifest/@Id";
+    	    NodeList idAttrs = XPathUtils.selectNodeList(signatureEnvironment.getElement(), nSMap, xPathExpr);
+        
+    	    // Add found Id attributes to set of reserved IDs
+    	    for (int i = 0; i < idAttrs.getLength(); i++) sigInfoReservedIDs.add(idAttrs.item(i).getNodeValue());
+        }
+
+        // create the reference id generator
+        HashSet allReservedIDs = new HashSet(reserved);
+        allReservedIDs.addAll(sigInfoReservedIDs);
+        refIdGen = new IdGenerator("reference-" + createCount++, allReservedIDs);
+
+        // build the list of DataObjects
+        List createTransformsProfiles = profileFactory.getCreateTransformsInfoProfiles(singleSignatureInfo);
+        dataObjectList =
+          buildDataObjectList(
+            singleSignatureInfo,
+            createTransformsProfiles, 
+            signatureEnvironment,
+            refIdGen);
+
+        // build the XMLSignatureCreationProfile
+        profile = profileFactory.createProfile(singleSignatureInfo, sigInfoReservedIDs);
+
+        // build the additionalSignedProperties
+        additionalSignedProperties = buildAdditionalSignedProperties();
+
+        // build the signatureParentElement
+        if (signatureEnvironment != null) {
+          signatureParent =
+            buildSignatureParentElement(
+              signatureEnvironment.getElement(),
+              singleSignatureInfo);
+        } else {
+          signatureParent = null;
+        }
+
+        // make the signature environment the root of the document, if it is 
+        // not a separate document anyway; this is done to assure that 
+        // canonicalization of the signature environment contains the correct 
+        // namespace declarations
+        if (signatureEnvironment != null) {
+          Document requestDoc =
+            signatureEnvironment.getElement().getOwnerDocument();
+          requestElement = requestDoc.getDocumentElement();
+          if (requestElement != signatureEnvironment.getElement()) {
+            signatureEnvironmentParent =
+              signatureEnvironment.getElement().getParentNode();
+            requestElement.getOwnerDocument().replaceChild(
+              signatureEnvironment.getElement(),
+              requestElement);
+          }
+        }
+
+        try {
+        	ConfigurationProvider config = context.getConfiguration();
+        	String xadesVersion = config.getXAdESVersion();
+
+        	if (xadesVersion!= null && xadesVersion.compareTo(XMLSignatureCreationModule.XADES_VERSION_1_4_2) == 0) {
+                // create the signature (XAdES 1.4.2)
+                signature =
+                  module.createSignature(
+                    dataObjectList,
+                    profile,
+                    additionalSignedProperties,
+                    signatureParent,
+                    XMLSignatureCreationModule.XADES_VERSION_1_4_2,
+                    new TransactionId(context.getTransactionID()));
+        	}
+        	else {
+                // create the signature (XAdES 1.1.1 = default)
+                signature =
+                  module.createSignature(
+                    dataObjectList,
+                    profile,
+                    additionalSignedProperties,
+                    signatureParent,
+                    XMLSignatureCreationModule.XADES_VERSION_1_1_1,
+                    new TransactionId(context.getTransactionID()));
+        	}
+
+          // insert the result into the response
+          if (signatureParent != null) {
+            responseBuilder.addSignatureEnvironment(
+              signatureEnvironment.getElement());
+          } else {
+            responseBuilder.addSignatureEnvironment(signature.getElement());
+          }
+
+        } catch (IAIKException e) {
+          MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+
+          responseBuilder.addError(
+            moaException.getMessageId(),
+            moaException.getMessage());
+          Logger.warn(moaException.getMessage(), e);
+        } catch (IAIKRuntimeException e) {
+          MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+
+          responseBuilder.addError(
+            moaException.getMessageId(),
+            moaException.getMessage());
+          Logger.warn(moaException.getMessage(), e);
+        }
+
+        // swap back in the request as root document
+        if (signatureEnvironment != null) {
+          if (requestElement != signatureEnvironment.getElement()) {
+            requestElement.getOwnerDocument().replaceChild(
+              requestElement,
+              signatureEnvironment.getElement());
+            signatureEnvironmentParent.appendChild(
+              signatureEnvironment.getElement());
+          }
+        }
+
+      } catch (MOAException e) {
+        responseBuilder.addError(e.getMessageId(), e.getMessage());
+        Logger.warn(e.getMessage(), e);
+      }
+
+    }
+
+    return responseBuilder.getResponse();
+  }
+
+  /**
+   * Build the list of <code>DataObject</code>s from the given
+   * <code>SingleSignatureInfo</code> object.
+   * 
+   * <p>
+   * Only the following cases of <code>DataObject</code>s are
+   * valid in case of an enveloping signature:
+   * 
+   * <ul>
+   * <li><code>Reference == null && Content != null</code>: The 
+   * <code>Content</code> will be used in the <code>DataObject</code>.</li>
+   * <li><code>Reference != null && Content == null</code>: Resolve the
+   * <code>Reference</code> and use it as <code>DataObject</code>.
+   * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li>
+   * </ul>
+   * </p>
+   * 
+   * <p>
+   * Only the following cases of <code>DataObject</code>s are valid in case
+   * of a detached signature:
+   * 
+   * <ul>
+   * <li><code>Reference != null && Content == null</code>: Resolve the
+   * <code>Reference</code> and use it as <code>DataObject</code>.
+   * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li>
+   * <li><code>Reference != null && Content != null</code>: The
+   * <code>Content</code> will be used in the <code>DataObject</code>. 
+   * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li>
+   * </ul>
+   * </p>
+   * 
+   * <p>
+   * All other cases will lead to an error.
+   * </p>
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object
+   * containing the <code>DataObjectInfo</code> objects.
+   * @param createTransformsProfiles A list of objects of type {@link CreateTransformsInfoProfileExplicit}, 
+   * each representing the transforms info profile information for the corresponding <code>DataObject</code>. 
+   * @param signatureEnvironment The 
+   * @param idGen The ID generator for <code>DataObject</code> references.
+   * @return The <code>List</code> of <code>DataObject</code>s contained in the
+   * given <code>singleSignatureInfo</code>.
+   * @throws MOASystemException A system error occurred building the data 
+   * objects.
+   * @throws MOAApplicationException An error occurred building the data 
+   * objects.
+   */
+  private List buildDataObjectList(
+    SingleSignatureInfo singleSignatureInfo,
+    List createTransformsProfiles,
+    XMLDataObject signatureEnvironment,
+    IdGenerator idGen)
+    throws MOASystemException, MOAApplicationException {
+
+    List dataObjInfos = singleSignatureInfo.getDataObjectInfos();
+    List dataObjects = new ArrayList();
+    Iterator dtIter;
+    Iterator ctpIter = createTransformsProfiles.iterator();
+
+    for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) 
+    {
+      DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next();
+      String structure = dataObjInfo.getStructure();
+      
+      CreateTransformsInfoProfileExplicit transformsProfile = 
+        (CreateTransformsInfoProfileExplicit) ctpIter.next();
+      MetaInfo finalDataMetaInfo = transformsProfile.getCreateTransformsInfo().getFinalDataMetaInfo();
+
+      if (DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)) {
+        dataObjects.add(
+          buildEnvelopingDataObject(
+            dataObjInfo.getDataObject(),
+            finalDataMetaInfo,
+            idGen.uniqueId()));
+      } else if (DataObjectInfo.STRUCTURE_DETACHED.equals(structure)) {
+        dataObjects.add(
+          buildDetachedDataObject(
+            dataObjInfo.getDataObject(),
+            finalDataMetaInfo,
+            signatureEnvironment,
+            idGen.uniqueId()));
+      } else {
+        throw new MOAApplicationException("1103", new Object[] { structure });
+      }
+    }
+
+    return dataObjects;
+
+  }
+
+  /**
+   * Build a <code>DataObject</code> to be used in an enveloping
+   * signature.
+   * 
+   * @param content The <code>Content</code> object containing the data object.
+   * <code>ContentOptionalRefType</code>.
+   * @param finalDataMetaInfo The meta information corresponding with <code>content</code>.
+   * @param referenceID The reference ID to use in the signature for the
+   * <code>DataObject</code> created.
+   * @return The <code>DataObject</code> representing the data contained in
+   * <code>dataObjectElem</code>.
+   * @throws MOAApplicationException An error occurred during the creation of
+   * the <code>DataObject</code>.
+   * @throws MOASystemException A system error occurred during the creation of
+   * the <code>DataObject</code>.
+   */
+  private DataObject buildEnvelopingDataObject(
+    Content content,
+    MetaInfo finalDataMetaInfo,
+    String referenceID)
+    throws MOASystemException, MOAApplicationException {
+
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    DataObject dataObject;
+
+    dataObject =
+      factory.createFromContentOptionalRefType(
+        content,
+        finalDataMetaInfo,
+        referenceID,
+        false,
+        false,
+        true,
+        false);
+
+    return dataObject;
+  }
+
+  /**
+   * Build a <code>DataObject</code> to be used in a detached signature.
+   * 
+   * @param content The <code>Content</code> object containing an the data.
+   * @param finalDataMetaInfo The meta information corresponding with <code>content</code>.
+   * @param signatureEnvironment The signature environment where the signature
+   * will be inserted.
+   * @param referenceID The reference ID to use in the signature for the
+   * <code>DataObject</code> created.
+   * @return The <code>DataObject</code> representing the data contained in
+   * <code>dataObjectElem</code>.
+   * @throws MOAApplicationException An error occurred during the creation of
+   * the <code>DataObject</code>.
+   * @throws MOASystemException A system error occurred during the creation of
+   * the <code>DataObject</code>.
+   */
+  private DataObject buildDetachedDataObject(
+    Content content,
+  MetaInfo finalDataMetaInfo,
+    XMLDataObject signatureEnvironment,
+    String referenceID)
+    throws MOASystemException, MOAApplicationException {
+
+    String reference = content.getReference();
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    DataObject dataObject;
+
+    if (reference == null) {
+      throw new MOAApplicationException("1102", null);
+    } else if ("".equals(reference) || reference.startsWith("#")) {
+      dataObject =
+        factory.createFromSignatureEnvironment(
+          signatureEnvironment.getElement(),
+          reference,
+          referenceID);
+    } else {
+      dataObject =
+        factory.createFromContentOptionalRefType(
+          content,
+          finalDataMetaInfo,
+          referenceID,
+          true,
+          false,
+          true,
+          false);
+    }
+    return dataObject;
+  }
+
+  /**
+   * Build the signature parent element.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * document in which to insert the signature.
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> 
+   * containing the signature parent element.
+   * @return An <code>XMLDataObject</code> containing the signature parent
+   * element or <code>null</code>, if the <code>CreateSignatureInfo</code> is
+   * <code>null</code>.
+   * @throws MOAApplicationException An error occurred during the creation of
+   * the signature parent.
+   */
+  private XMLDataObject buildSignatureParentElement(
+    Element signatureEnvironment,
+    SingleSignatureInfo singleSignatureInfo)
+    throws MOAApplicationException {
+
+    CreateSignatureInfo createInfo =
+      singleSignatureInfo.getCreateSignatureInfo();
+
+    // evaluate the CreateSignatureLocation
+    if (createInfo != null) {
+      TransactionContext context =
+        TransactionContextManager.getInstance().getTransactionContext();
+      ConfigurationProvider config = context.getConfiguration();
+      CreateSignatureEnvironmentProfileExplicit createProfile =
+        ProfileMapper.mapCreateSignatureEnvironmentProfile(
+          createInfo.getCreateSignatureEnvironmentProfile(),
+          config);
+      CreateSignatureLocation location =
+        createProfile.getCreateSignatureLocation();
+      Element signatureParent =
+        InvokerUtils.evaluateSignatureLocation(signatureEnvironment, location);
+
+      return new XMLDataObjectImpl(signatureParent);
+    } else {
+      return null;
+    }
+  }
+
+  /**
+   * Get the supplements contained in the 
+   * <code>CreateSignatureEnvironmentProfile</code> of the given 
+   * <code>SingleSignatureInfo</code>.
+   * 
+   * @param singleSigInfo The <code>SingleSignatureInfo</code> from which
+   * to extract the supplements. 
+   * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>s
+   * or <code>null</code>, if the <code>singleSigInfo</code> does not contain
+   * supplements.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>CreateSignatureEnvironmentProfile</code>. 
+   */
+  private List getCreateSignatureEnvironmentProfileSupplements(SingleSignatureInfo singleSigInfo)
+    throws MOAApplicationException {
+    CreateSignatureInfo sigInfo = singleSigInfo.getCreateSignatureInfo();
+
+    if (sigInfo != null) {
+      TransactionContext context =
+        TransactionContextManager.getInstance().getTransactionContext();
+      ConfigurationProvider config = context.getConfiguration();
+      CreateSignatureEnvironmentProfileExplicit profile =
+        ProfileMapper.mapCreateSignatureEnvironmentProfile(
+          sigInfo.getCreateSignatureEnvironmentProfile(),
+          config);
+      List supplements = profile.getSupplements();
+
+      return supplements;
+    }
+    return null;
+  }
+
+  /**
+   * Build the list of additional signed properties.
+   * 
+   * Based on the generic configuration setting
+   * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a
+   * constant <code>SigningTime</code> will be added to the properties.
+   * 
+   * @return The <code>List</code> of additional signed properties.
+   */
+  private List buildAdditionalSignedProperties() {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List additionalSignedProperties = Collections.EMPTY_LIST;
+
+    return additionalSignedProperties;
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
new file mode 100644
index 0000000..6a85415
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -0,0 +1,543 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.algorithms.HashAlgorithms;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.xmlsign.SignatureStructureTypes;
+import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
+import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
+
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroup;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xmlsign.DataObjectTreatmentImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureCreationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureInsertionLocationImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A factory to create <code>XMLSignatureCreationProfile</code>s from a
+ * <code>CreateXMLSignatureRequest</code>, based on the current MOA
+ * configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureCreationProfileFactory {
+
+  private static Map HASH_ALGORITHM_MAPPING;
+
+  static {
+    HASH_ALGORITHM_MAPPING = new HashMap();
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1);
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256);
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384);
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512);
+  }
+
+  /** The <code>CreateXMLSignatureRequest</code> for which to create the
+   * profile.*/
+  private CreateXMLSignatureRequest request;
+  /** How many profiles have been created based on the same request. */
+  private int createProfileCount;
+  /** The <code>Set</code> of reserved object IDs.*/
+  private Set reserved;
+
+  /**
+   * Create a new <code>XMLSignatureCreationProfileFactory</code>.
+   * 
+   * @param request The request for which to create profiles.
+   * @param reserved The <code>Set</code> of reserved object IDs. IDs will
+   * be added during signature creation.
+   */
+  public XMLSignatureCreationProfileFactory(
+    CreateXMLSignatureRequest request,
+    Set reserved) {
+    this.request = request;
+    this.reserved = reserved;
+    createProfileCount = 1;
+  }
+
+  /**
+   * Create a <code>XMLSignatureCreationProfile</code> for the given
+   * <code>SingleSignatureInfo</code> object..
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object
+   * containing information about the creation of a signature.
+   * @param sigInfoReservedIDs The <code>Set</code> of reserved ID attribue values 
+   * for the particular <code>singleSignatureInfo</code>.
+   * @return The <code>XMLSignatureCreationProfile</code> containing additional
+   * information for creating an XML signature.
+   * @throws MOASystemException A system error occurred during creation of the
+   * profile. See message for details
+   * @throws MOAApplicationException An application error occurred during
+   * creation of the profile. See message for details.
+   */
+  public XMLSignatureCreationProfile createProfile(SingleSignatureInfo singleSignatureInfo,
+    Set sigInfoReservedIDs) throws MOASystemException, MOAApplicationException {
+
+    HashSet allReservedIDs = new HashSet(reserved);
+    allReservedIDs.addAll(sigInfoReservedIDs);
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    CanonicalizationImpl canonicalization;
+    List dataObjectTreatmentList;
+    Set keySet;
+    List transformationSupplements;
+    List createTransformsProfiles;
+
+    // get the key group id
+    String keyGroupID = request.getKeyIdentifier();
+    // get digest method on key group level (if configured)
+    KeyGroup keygroup = config.getKeyGroup(keyGroupID);
+    if(null == keygroup) {
+        Logger.error("Could not find key group '" + keyGroupID + "'");
+        throw new MOAApplicationException("2231", null);
+    }
+    String configDigestMethodKG = keygroup.getDigestMethodAlgorithm();
+    // get default digest method (if configured)
+    String configDigestMethod = config.getDigestMethodAlgorithmName();
+    
+    String xadesVersion = config.getXAdESVersion();
+    
+    String digestMethodXAdES142 = null;
+    boolean isXAdES142 = false;
+    // if XAdES Version 1.4.2 is configured
+    if (xadesVersion != null && xadesVersion.compareTo("1.4.2") == 0) {
+    	isXAdES142 = true;
+    	Logger.debug("XAdES version '" + xadesVersion + "' used");
+    }
+    	
+    if (isXAdES142) {
+    	if (configDigestMethodKG != null) {
+    		// if KG specific digest method is configured
+    		digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG);
+    		if (digestMethodXAdES142 == null) {
+    			error(
+    					"config.17",
+    					new Object[] { configDigestMethodKG});
+    			throw new MOASystemException("2900", null);    			
+    		}
+    		Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(configured in KeyGroup)");
+    	}	    	
+    	else {
+    		// else get default configured digest method
+    		digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod);
+    		if (digestMethodXAdES142 == null) {
+    			error(
+    					"config.17",
+    					new Object[] { configDigestMethod});
+    			throw new MOASystemException("2900", null);	
+    		}
+    		Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(default)");
+    		
+    	}
+    }
+    
+    XMLSignatureCreationProfileImpl profile =
+    	      new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142);
+
+    
+    // build the transformation supplements
+    createTransformsProfiles =
+      getCreateTransformsInfoProfiles(singleSignatureInfo);
+    transformationSupplements =
+      buildTransformationSupplements(createTransformsProfiles);
+
+    // build and set the data object treatment list
+    dataObjectTreatmentList =
+      buildDataObjectTreatmentList(
+        singleSignatureInfo,
+        createTransformsProfiles,
+        transformationSupplements,
+        allReservedIDs, 
+        digestMethodXAdES142);
+    profile.setDataObjectTreatmentList(dataObjectTreatmentList);
+
+    // set the key set
+    keySet = buildKeySet(keyGroupID);
+    if (keySet == null) {
+      throw new MOAApplicationException("2231", null);
+    } else if (keySet.size() == 0) {
+      throw new MOAApplicationException("2232", null);
+    }
+    profile.setKeySet(keySet);
+
+    // set the Security Layer manifest algorithm name
+    profile.setSecurityLayerManifestTypeURI(Constants.SL_MANIFEST_TYPE_URI);
+
+    // set the structure type
+    if (singleSignatureInfo.getCreateSignatureInfo() != null) {
+      profile.setSignatureStructureType(SignatureStructureTypes.ENVELOPED);
+    } else {
+      profile.setSignatureStructureType(SignatureStructureTypes.DETACHED);
+    }
+
+    // set insertion location
+    profile.setSignatureInsertionLocation(
+      getSignatureInsertionLocationIndex(singleSignatureInfo));
+
+    // set the canonicalization algorithm
+    canonicalization =
+      new CanonicalizationImpl(config.getCanonicalizationAlgorithmName());
+    profile.setSignedInfoCanonicalization(canonicalization);
+    
+    // set the signed properties
+    profile.setSignedProperties(Collections.EMPTY_LIST);
+
+    // set security layer conformity
+    profile.setSecurityLayerConform(
+      singleSignatureInfo.isSecurityLayerConform());
+
+    // update the createProfileCount
+    createProfileCount++;
+
+    return profile;
+  }
+
+  /**
+   * Get the <code>List</code> of all <code>CreateTransformsInfoProfile</code>s
+   * contained in all the <code>DataObjectInfo</code>s of the given 
+   * <code>SingleSignatureInfo</code>.
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object from
+   * which to extract the <code>CreateTransformsInfoProfile</code>s.
+   * @return All <code>CreateTransformsInfoProfile</code>s of all 
+   * <code>DataObjectInfo</code>s of <code>singleSignatureInfo</code>.
+   * @throws MOAApplicationException An error occurred creating one of the
+   * profiles.
+   */
+  List getCreateTransformsInfoProfiles(SingleSignatureInfo singleSignatureInfo)
+    throws MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List dataObjInfos = singleSignatureInfo.getDataObjectInfos();
+    List profiles = new ArrayList();
+    Iterator dtIter;
+
+    for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) {
+      DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next();
+      CreateTransformsInfoProfileExplicit profile =
+        ProfileMapper.mapCreateTransformsInfoProfile(
+          dataObjInfo.getCreateTransformsInfoProfile(),
+          config);
+      profiles.add(profile);
+    }
+
+    return profiles;
+  }
+
+  /**
+   * Build the <code>List</code> of transformation supplements contained in a
+   * <code>SingleSignatureInfo</code> object.
+   * 
+   * @param createTransformsInfoProfiles The 
+   * <code>CreateTransformsInfoProfile</code> object from which to extract the 
+   * transformation supplements.
+   * @return A <code>List</code> of <code>DataObject</code>s containing the
+   * transformation supplements.
+   * @throws MOASystemException A system error occurred creating one of the
+   * transformation supplements.
+   * @throws MOAApplicationException An error occurred creating one of the
+   * transformation supplements.
+   */
+  private List buildTransformationSupplements(List createTransformsInfoProfiles)
+    throws MOASystemException, MOAApplicationException {
+
+    List transformationSupplements = new ArrayList();
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    Iterator iter;
+
+    for (iter = createTransformsInfoProfiles.iterator(); iter.hasNext();) {
+      CreateTransformsInfoProfileExplicit profile =
+        (CreateTransformsInfoProfileExplicit) iter.next();
+      List supplements = profile.getSupplements();
+
+      if (supplements != null) {
+        Iterator supplIter;
+
+        for (supplIter = supplements.iterator(); supplIter.hasNext();) {
+          XMLDataObjectAssociation supplement =
+            (XMLDataObjectAssociation) supplIter.next();
+
+          transformationSupplements.add(
+            factory.createFromXmlDataObjectAssociation(
+              supplement,
+              false,
+              true));
+        }
+      }
+    }
+
+    return transformationSupplements;
+  }
+
+  /**
+   * Build the <code>List</code> of <code>DataObjectTreatment</code>s for the
+   * given <code>SingleSignatureInfo</code> object..
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object
+   * from which to exctract the <code>CreateTransformsInfoProfile</code>s
+   * containing the data for the <code>DataObjectTreatment</code>s.
+   * @param createTransformsInfoProfiles The 
+   * <code>CreateTransformsInfoProfile</code>s contained in the
+   * <code>singleSignatureInfo</code>.
+   * @param transformationSupplements Additional parameters for
+   * transformations contained in <code>DataObjectTreatment</code>s.
+   * @param reservedIDs The <code>Set</code> of reserved object IDs.
+   * @return A <code>List</code> of <code>DataObjectTreatment</code> objects.
+   * @throws MOAApplicationException An error occurred building one of the
+   * <code>DataObjectTreatment</code>s.
+   * @throws MOASystemException A system error occurred building one of the
+   * <code>DataObjectTreatment</code>s.
+   */
+  private List buildDataObjectTreatmentList(
+    SingleSignatureInfo singleSignatureInfo,
+    List createTransformsInfoProfiles,
+    List transformationSupplements,
+    Set reservedIDs,
+    String digestMethodXAdES142)
+    throws MOASystemException, MOAApplicationException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List treatments = new ArrayList();
+    List dataObjInfos = singleSignatureInfo.getDataObjectInfos();
+    int dataObjectTreatmentCount = 1;
+    String hashAlgorithmName;
+    Iterator dtIter;
+    Iterator prIter;
+
+    prIter = createTransformsInfoProfiles.iterator();
+    for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) {
+      CreateTransformsInfoProfileExplicit profile =
+        (CreateTransformsInfoProfileExplicit) prIter.next();
+      DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next();
+      IdGenerator objIdGen =
+        new IdGenerator(
+          ("signed-data-" + createProfileCount)
+            + ("-" + dataObjectTreatmentCount++),
+          reservedIDs);
+      DataObjectTreatmentImpl treatment = new DataObjectTreatmentImpl(objIdGen);
+
+      treatment.setFinalContentType(
+        profile.getCreateTransformsInfo().getFinalDataMetaInfo().getMimeType());
+      treatment.setTransformationList(buildTransformationList(profile));
+      treatment.setReferenceInManifest(dataObjInfo.isChildOfManifest());
+
+      // if XAdES version is 1.4.2
+      if (digestMethodXAdES142 != null) {
+    	  // use configured digest algorithm
+    	  hashAlgorithmName = digestMethodXAdES142;
+      }
+      else {
+    	  // stay as it is
+    	  hashAlgorithmName = (String) HASH_ALGORITHM_MAPPING.get(
+    		          config.getDigestMethodAlgorithmName());
+    	  if (hashAlgorithmName == null) {
+    	        error(
+    	          "config.17",
+    	          new Object[] { config.getDigestMethodAlgorithmName()});
+    	        throw new MOASystemException("2900", null);
+    	      }
+      }
+      
+      
+      
+
+      treatment.setHashAlgorithmName(hashAlgorithmName);
+      treatment.setIncludedInSignature(
+        DataObjectInfo.STRUCTURE_ENVELOPING.equals(dataObjInfo.getStructure()));
+      treatment.setTransformationSupplements(transformationSupplements);
+
+      treatments.add(treatment);
+
+    }
+
+    return treatments;
+  }
+
+  /**
+   * Build the <code>List</code> of transformations contained in a
+   * <code>CreateTransformsInfoProfile</code> object.
+   * 
+   * @param profile The <code>CreateTransformsInfoProfile</code> object
+   * from which to extract the <code>Transform</code>s.
+   * @return A <code>List</code> of <code>Transformation</code>s contained in
+   * the given <code>CreateTransformsInfoProfile</code>.
+   * @throws MOAApplicationException An error occurred building one of the
+   * <code>Transformation</code>s.
+   */
+  private List buildTransformationList(CreateTransformsInfoProfileExplicit profile)
+    throws MOAApplicationException {
+
+    TransformationFactory factory = TransformationFactory.getInstance();
+    List transforms = profile.getCreateTransformsInfo().getTransforms();
+
+    return transforms != null
+      ? factory.createTransformationList(transforms)
+      : Collections.EMPTY_LIST;
+  }
+
+  /**
+   * Build the set of <code>KeyEntryID</code>s available to the given
+   * <code>keyGroupID</code>.
+   * 
+   * @param keyGroupID The keygroup ID for which the available keys should be
+   * returned.
+   * @return The <code>Set</code> of <code>KeyEntryID</code>s
+   * identifying the available keys.
+   */
+  private Set buildKeySet(String keyGroupID) {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    Set keyGroupEntries;
+
+    // get the KeyGroup entries from the configuration
+    if (context.getClientCertificate() != null) {
+      X509Certificate cert = context.getClientCertificate()[0];
+      Principal issuer = cert.getIssuerDN();
+      BigInteger serialNumber = cert.getSerialNumber();
+
+      keyGroupEntries =
+        config.getKeyGroupEntries(issuer, serialNumber, keyGroupID);
+    } else {
+      keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
+    }
+
+    // map the KeyGroup entries to a set of KeyEntryIDs
+    if (keyGroupEntries == null) {
+      return null;
+    } else if (keyGroupEntries.size() == 0) {
+      return Collections.EMPTY_SET;
+    } else {
+      KeyModule module =
+        KeyModuleFactory.getInstance(
+          new TransactionId(context.getTransactionID()));
+      Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+      Set keySet = new HashSet();
+      Iterator iter;
+
+      // filter out the keys that do not exist in the IAIK configuration
+      // by walking through the key entries and checking if the exist in the
+      // keyGroupEntries
+      for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+        KeyEntryID entryID = (KeyEntryID) iter.next();
+        KeyGroupEntry entry =
+          new KeyGroupEntry(
+            entryID.getModuleID(),
+            entryID.getCertificateIssuer(),
+            entryID.getCertificateSerialNumber());
+        if (keyGroupEntries.contains(entry)) {
+          keySet.add(entryID);
+        }
+      }
+      return keySet;
+    }
+  }
+
+  /**
+   * Get the signature location index where the signature will be inserted into
+   * the signature parent element.
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object
+   * containing the <code>CreateSignatureLocation</code>.
+   * @return The index at which to insert the signature into the signature
+   * environment.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>CreateSignatureEnvironmentProfile</code>.
+   */
+  private XMLSignatureInsertionLocation getSignatureInsertionLocationIndex(SingleSignatureInfo singleSignatureInfo)
+    throws MOAApplicationException {
+
+    CreateSignatureInfo createInfo =
+      singleSignatureInfo.getCreateSignatureInfo();
+
+    if (createInfo != null) {
+      TransactionContext context =
+        TransactionContextManager.getInstance().getTransactionContext();
+      ConfigurationProvider config = context.getConfiguration();
+      CreateSignatureEnvironmentProfileExplicit profile =
+        ProfileMapper.mapCreateSignatureEnvironmentProfile(
+          createInfo.getCreateSignatureEnvironmentProfile(),
+          config);
+      int index = profile.getCreateSignatureLocation().getIndex();
+
+      return new XMLSignatureInsertionLocationImpl(index);
+    } else {
+      return new XMLSignatureInsertionLocationImpl(0);
+    }
+  }
+
+  /**
+   * Utility function to issue an error message to the log.
+   * 
+   * @param messageId The ID of the message to log.
+   * @param parameters Additional message parameters.
+   */
+  private static void error(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    Logger.error(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
new file mode 100644
index 0000000..2b158dd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -0,0 +1,727 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLSignature;
+import iaik.server.modules.xmlsign.XMLConstants;
+import iaik.server.modules.xmlverify.DsigManifest;
+import iaik.server.modules.xmlverify.ReferenceData;
+import iaik.server.modules.xmlverify.SecurityLayerManifest;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterHash;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLSignatureImpl;
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.QCSSCDResult;
+import at.gv.egovernment.moa.util.CollectionUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A class providing a DOM based interface to the
+ * <code>XMLSignatureVerificationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.xmlverify.XMLSignatureVerificationModule</code>
+ * from a <code>VerifyXMLSignatureRequest</code> given as a DOM element. The
+ * result of the invocation is integrated into a
+ * <code>VerifyXMLSignatureResponse</code> and returned.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureVerificationInvoker {
+
+  /** The single instance of this class. */
+  private static XMLSignatureVerificationInvoker instance = null;
+
+  private static Set FILTERED_REF_TYPES;
+
+  static {
+    FILTERED_REF_TYPES = new HashSet();
+    FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
+    FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
+    FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
+    FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
+    FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
+  }
+
+  /**
+   * Get the single instance of this class.
+   * 
+   * @return The single instance of this class.
+   */
+  public static synchronized XMLSignatureVerificationInvoker getInstance() {
+    if (instance == null) {
+      instance = new XMLSignatureVerificationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>XMLSignatureCreationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected XMLSignatureVerificationInvoker() {
+  }
+
+  /**
+   * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
+   * <code>XMLSignatureVerificationModule</code>.
+   * 
+   * @param request A <code>VerifyXMLSignatureRequest<code> API object 
+   * containing the data for verifying an XML signature.
+   * @return A <code>VerifyXMLSignatureResponse</code> containing the
+   * answert to the <code>VerifyXMLSignatureRequest</code>.
+   * MOA schema definition.
+   * @throws MOAException An error occurred during signature verification. 
+   */
+  public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
+    throws MOAException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    LoggingContext loggingCtx =
+      LoggingContextManager.getInstance().getLoggingContext();
+    XMLSignatureVerificationProfileFactory profileFactory =
+      new XMLSignatureVerificationProfileFactory(request);
+    VerifyXMLSignatureResponseBuilder responseBuilder =
+      new VerifyXMLSignatureResponseBuilder();
+    XMLSignatureVerificationResult result;
+    XMLSignatureVerificationProfile profile;
+    ReferencesCheckResult signatureManifestCheck;
+    DataObjectFactory dataObjFactory;
+    XMLDataObject signatureEnvironment;
+    Node signatureEnvironmentParent = null;
+    Element requestElement = null;
+    XMLSignature xmlSignature;
+    Date signingTime;
+    List supplements;
+    List dataObjectList;
+
+    // get the supplements
+    supplements = getSupplements(request);
+
+    // build XMLSignature
+    dataObjFactory = DataObjectFactory.getInstance();
+    signatureEnvironment =
+      dataObjFactory.createSignatureEnvironment(
+        request.getSignatureInfo().getVerifySignatureEnvironment(),
+        supplements);
+    xmlSignature = buildXMLSignature(signatureEnvironment, request);
+
+    // build the list of DataObjects
+    dataObjectList = buildDataObjectList(supplements);
+
+    // build profile
+    profile = profileFactory.createProfile();
+    
+    // get the signingTime
+    signingTime = request.getDateTime();
+
+    // make the signature environment the root of the document, if it is not a
+    // separate document anyway; this is done to assure that canonicalization
+    // of the signature environment contains the correct namespace declarations
+    requestElement =
+      signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
+    if (requestElement != signatureEnvironment.getElement()) {
+      signatureEnvironmentParent =
+        signatureEnvironment.getElement().getParentNode();
+      requestElement.getOwnerDocument().replaceChild(
+        signatureEnvironment.getElement(),
+        requestElement);
+    }
+
+    QCSSCDResult qcsscdresult = new QCSSCDResult();
+    String tpID =  profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
+    ConfigurationProvider config = ConfigurationProvider.getInstance();
+    TrustProfile tp = config.getTrustProfile(tpID);
+    
+    // verify the signature
+    try {
+      XMLSignatureVerificationModule module =
+        XMLSignatureVerificationModuleFactory.getInstance();
+
+      module.setLog(new IaikLog(loggingCtx.getNodeID()));
+
+      result =
+        module.verifySignature(
+          xmlSignature,
+          dataObjectList,
+          profile,
+          signingTime,
+          new TransactionId(context.getTransactionID()));
+    } catch (IAIKException e) {
+    	MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+        throw moaException;
+    } catch (IAIKRuntimeException e) {
+        MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+        throw moaException;
+    } 
+    
+
+    // QC/SSCD check
+    List list = result.getCertificateValidationResult().getCertificateChain();
+    if (list != null) {
+        X509Certificate[] chain = new X509Certificate[list.size()];
+        
+        Iterator it = list.iterator();
+        int i = 0;
+        while(it.hasNext()) {
+        	chain[i] = (X509Certificate)it.next();
+        	i++;
+        }
+        
+        qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
+    }
+    	
+
+    // get signer certificate issuer country code
+    String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
+    
+    // swap back in the request as root document
+    if (requestElement != signatureEnvironment.getElement()) {
+      requestElement.getOwnerDocument().replaceChild(
+        requestElement,
+        signatureEnvironment.getElement());
+      signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
+    }
+
+    // check the result
+    signatureManifestCheck =
+      validateSignatureManifest(request, result, profile);
+
+    // Check if signer certificate is in trust profile's allowed signer certificates pool
+    TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+    CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
+
+
+    // build the response
+    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
+    return responseBuilder.getResponse();
+  }
+
+  /**
+   * Checks if the signer certificate matches one of the allowed signer certificates specified 
+   * in the provided <code>trustProfile</code>.
+   * 
+   * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
+   * 
+   * @param trustProfile The trust profile the signer certificate is validated against.
+   * 
+   * @return The overal result of the certificate validation for the signer certificate.
+   * 
+   * @throws MOAException if one of the signer certificates specified in the <code>trustProfile</code>
+   *                      cannot be read from the file system.
+   */
+  private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
+    throws MOAException
+  {
+    MessageProvider msg = MessageProvider.getInstance();
+    
+    int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
+    if (resultCode == 0 && trustProfile.getSignerCertsUri() != null)
+    {
+      X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult().getCertificateChain().get(0); 
+      
+      File signerCertsDir = null;
+      try
+      {
+        signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
+      }
+      catch (URIException e)
+      {
+        throw new MOASystemException("2900", null, e); // Should not happen, already checked at loading the MOA configuration
+      }
+      
+      File[] files = signerCertsDir.listFiles();
+      if (files == null) resultCode = 1;
+      int i;
+      for (i = 0; i < files.length; i++)
+      {
+        if (!files[i].isDirectory())
+        {
+          FileInputStream currentFIS = null;
+          try
+          {
+            currentFIS = new FileInputStream(files[i]);
+          }
+          catch (FileNotFoundException e) {
+            throw new MOASystemException("2900", null, e); 
+          }
+          
+          try
+          {
+            X509Certificate currentCert = new X509Certificate(currentFIS);
+            currentFIS.close();
+            if (currentCert.equals(signerCertificate)) break;
+          }
+          catch (Exception e)
+          {
+            // Simply ignore file if it cannot be interpreted as certificate
+            String logMsg = msg.getMessage("invoker.03", new Object[]{trustProfile.getId(), files[i].getName()});
+            Logger.warn(logMsg);
+            try
+            {
+              currentFIS.close();
+            }
+            catch (IOException e1) {
+              // If clean-up fails, do nothing
+            }
+          }
+        }
+      }
+      if (i >= files.length)
+      {
+        resultCode = 1; // No signer certificate from the trustprofile pool matches the actual signer certificate
+      }
+    }
+    
+    SPSSFactory factory = SPSSFactory.getInstance();
+    return factory.createCheckResult(resultCode, null);
+  }
+  
+  
+
+  /**
+   * Select the <code>dsig:Signature</code> DOM element within the signature
+   * environment.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * <code>dsig:Signature</code>.
+   * @param request The <code>VerifyXMLSignatureRequest</code> containing the
+   * signature environment.
+   * @return The <code>dsig:Signature</code> element wrapped in a
+   * <code>XMLSignature</code> object.
+   * @throws MOAApplicationException An error occurred locating the
+   * <code>dsig:Signature</code>.
+   */
+  private XMLSignature buildXMLSignature(
+    XMLDataObject signatureEnvironment,
+    VerifyXMLSignatureRequest request)
+    throws MOAApplicationException {
+
+    VerifySignatureLocation signatureLocation =
+      request.getSignatureInfo().getVerifySignatureLocation();
+    Element signatureParent;
+
+    // evaluate the VerifySignatureLocation to get the signature parent
+    signatureParent =
+      InvokerUtils.evaluateSignatureLocation(
+        signatureEnvironment.getElement(),
+        signatureLocation);
+
+    // check for signatureParent to be a dsig:Signature element
+    if (!"Signature".equals(signatureParent.getLocalName())
+      || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
+      throw new MOAApplicationException("2266", null);
+    }
+
+    return new XMLSignatureImpl(signatureParent);
+  }
+
+  /**
+   * Build the supplemental data objects contained in the
+   * <code>VerifyXMLSignatureRequest</code>.
+   *  
+   * @param supplements A <code>List</code> of 
+   * <code>XMLDataObjectAssociation</code>s containing the supplement data.
+   * @return A <code>List</code> of <code>DataObject</code>s representing the
+   * supplemental data objects.
+   * @throws MOASystemException A system error occurred building one of the data
+   * objects.
+   * @throws MOAApplicationException An error occurred building one of the data
+   * objects.
+   */
+  private List buildDataObjectList(List supplements)
+    throws MOASystemException, MOAApplicationException {
+    List dataObjectList = new ArrayList();
+
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    DataObject dataObject;
+    Iterator iter;
+    
+    if (supplements != null) {
+      for (iter = supplements.iterator(); iter.hasNext();) {
+        XMLDataObjectAssociation supplement =
+          (XMLDataObjectAssociation) iter.next();
+        dataObject =
+          factory.createFromXmlDataObjectAssociation(supplement, true, false);
+        dataObjectList.add(dataObject);
+      }
+    }
+    
+    return dataObjectList;
+    
+  }
+
+  /**
+   * Get the supplemental data contained in the 
+   * <code>VerifyXMLSignatureRequest</code>.
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> containing the
+   * supplemental data.
+   * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> 
+   * objects containing the supplemental data.
+   * @throws MOAApplicationException An error occurred resolving one of the
+   * supplement profiles.
+   */
+  private List getSupplements(VerifyXMLSignatureRequest request)
+    throws MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List supplementProfiles = request.getSupplementProfiles();
+    
+    List supplements = new ArrayList();
+    
+    if (supplementProfiles != null) {     
+      
+      List mappedProfiles =
+        ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
+      Iterator iter;
+
+      for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+        SupplementProfileExplicit profile =
+          (SupplementProfileExplicit) iter.next();
+        supplements.add(profile.getSupplementProfile());
+      }
+     
+    }
+    return supplements;
+  }
+
+  /**
+   * Perform additional validations of the
+   * <code>XMLSignatureVerificationResult</code>.
+   * 
+   * <p> In particular, it is verified that:
+   * <ul>
+   * <li>Each <code>ReferenceData</code> object contains transformation
+   * chain that matches one of the <code>Transforms</code> given in the
+   * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code></li>
+   * <li>The hash values of the <code>TransformParameter</code>s are valid.
+   * </li>
+   * </ul>
+   * </p>
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> containing the
+   * signature to verify.
+   * @param result The result produced by
+   * <code>XMLSignatureVerificationModule</code>.
+   * @param profile The profile used for validating the <code>request</code>.
+   * @return The result of additional validations of the signature manifest.
+   * @throws MOAApplicationException Post-validation of the
+   * <code>XMLSignatureVerificaitonResult</code> failed.
+   */
+  private ReferencesCheckResult validateSignatureManifest(
+    VerifyXMLSignatureRequest request,
+    XMLSignatureVerificationResult result,
+    XMLSignatureVerificationProfile profile)
+    throws MOAApplicationException {
+
+    SPSSFactory factory = SPSSFactory.getInstance();
+    MessageProvider msg = MessageProvider.getInstance();
+
+    // validate that each ReferenceData object contains transforms specified
+    // in the corresponding SignatureManifestCheckParams/ReferenceInfo
+    if (request.getSignatureManifestCheckParams() != null) {
+      List refInfos =
+        request.getSignatureManifestCheckParams().getReferenceInfos();
+      List refDatas = filterReferenceInfos(result.getReferenceDataList());
+      List failedReferencesList = new ArrayList();
+      Iterator refInfoIter;
+      Iterator refDataIter;
+
+      if (refInfos.size() != refDatas.size()) {
+        return factory.createReferencesCheckResult(1, null);
+      }
+
+      refInfoIter = refInfos.iterator();
+      refDataIter =
+        filterReferenceInfos(result.getReferenceDataList()).iterator();
+
+      while (refInfoIter.hasNext()) {
+        ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
+        ReferenceData refData = (ReferenceData) refDataIter.next();
+        List transforms = buildTransformsList(refInfo);
+        boolean found = false;
+        Iterator trIter;
+
+        for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
+          found = trIter.next().equals(refData.getTransformationList());
+        }
+
+        if (!found) {
+          Integer refIndex = new Integer(refData.getReferenceIndex());
+          String logMsg =
+            msg.getMessage("invoker.01", new Object[] { refIndex });
+
+          failedReferencesList.add(refIndex);
+          Logger.debug(new LogMsg(logMsg));
+        }
+      }
+
+      if (!failedReferencesList.isEmpty()) {
+        // at least one reference failed - return their indexes and check code 1
+        int[] failedReferences =
+          CollectionUtils.toIntArray(failedReferencesList);
+        ReferencesCheckResultInfo checkInfo =
+          factory.createReferencesCheckResultInfo(null, failedReferences);
+
+        return factory.createReferencesCheckResult(1, checkInfo);
+      }
+    }
+
+    // validate the hashes contained in all the ReferenceInfo objects of the
+    // security layer manifest 
+    if (request.getSignatureManifestCheckParams() != null 
+      && result.containsSecurityLayerManifest()) {
+      Map hashValues = buildTransformParameterHashValues(request);
+      Set transformParameterURIs =
+        buildTransformParameterURIs(profile.getTransformationSupplements());
+      List referenceInfoList =
+        result.getSecurityLayerManifest().getReferenceDataList();
+      Iterator refIter;
+
+      for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
+        iaik.server.modules.xmlverify.ReferenceInfo ref =
+          (iaik.server.modules.xmlverify.ReferenceInfo) refIter.next();
+        byte[] hash = (byte[]) hashValues.get(ref.getURI());
+
+        if (!transformParameterURIs.contains(ref.getURI())
+          || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) {
+
+          // the transform parameter doesn't exist or the hashs do not match
+          // return the index of the failed reference and check code 1
+          int[] failedReferences = new int[] { ref.getReferenceIndex()};
+          ReferencesCheckResultInfo checkInfo =
+            factory.createReferencesCheckResultInfo(null, failedReferences);
+          String logMsg =
+            msg.getMessage(
+              "invoker.02",
+              new Object[] { new Integer(ref.getReferenceIndex())});
+
+          Logger.debug(new LogMsg(logMsg));
+
+          return factory.createReferencesCheckResult(1, checkInfo);
+        }
+      }
+    }
+
+    return factory.createReferencesCheckResult(0, null);
+  }
+
+  /**
+   * Get all <code>Transform</code>s contained in all the
+   * <code>VerifyTransformsInfoProfile</code>s of the given
+   * <code>ReferenceInfo</code>.
+   * 
+   * @param refInfo The <code>ReferenceInfo</code> object containing
+   * the transformations.
+   * @return A <code>List</code> of <code>List</code>s. Each of the
+   * <code>List</code>s contains <code>Transformation</code> objects.
+   * @throws MOAApplicationException An error occurred building one of the
+   * <code>Transformation</code>s.
+   */
+  private List buildTransformsList(ReferenceInfo refInfo)
+    throws MOAApplicationException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List profiles = refInfo.getVerifyTransformsInfoProfiles();
+    List mappedProfiles =
+      ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+    List transformsList = new ArrayList();
+    TransformationFactory factory = TransformationFactory.getInstance();
+    Iterator iter;
+
+    for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+      VerifyTransformsInfoProfileExplicit profile =
+        (VerifyTransformsInfoProfileExplicit) iter.next();
+      List transforms = profile.getTransforms();
+
+      if (transforms != null) {
+        transformsList.add(factory.createTransformationList(transforms));
+      }
+    }
+
+    return transformsList;
+  }
+
+  /**
+   * Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
+   * 
+   * @param transformParameters The <code>List</code> of 
+   * <code>TransformParameter</code>s, as provided to the verification. 
+   * @return The <code>Set</code> of all <code>TransformParameter</code> URIs. 
+   */
+  private Set buildTransformParameterURIs(List transformParameters) {
+    Set uris = new HashSet();
+    Iterator iter;
+
+    for (iter = transformParameters.iterator(); iter.hasNext();) {
+      DataObject transformParameter = (DataObject) iter.next();
+      uris.add(transformParameter.getURI());
+    }
+
+    return uris;
+  }
+
+  /**
+   * Build a mapping between <code>TransformParameter</code> URIs (a
+   * <code>String</code> and <code>dsig:HashValue</code> (a
+   * <code>byte[]</code>).
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code>.
+   * @return Map The resulting mapping.
+   * @throws MOAApplicationException An error occurred accessing one of
+   * the profiles.
+   */
+  private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request)
+    throws MOAApplicationException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    Map hashValues = new HashMap();
+    List refInfos =
+      request.getSignatureManifestCheckParams().getReferenceInfos();
+    Iterator refIter;
+
+    for (refIter = refInfos.iterator(); refIter.hasNext();) {
+      ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
+      List profiles = refInfo.getVerifyTransformsInfoProfiles();
+      List mappedProfiles =
+        ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+      Iterator prIter;
+
+      for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
+        VerifyTransformsInfoProfileExplicit profile =
+          (VerifyTransformsInfoProfileExplicit) prIter.next();
+        List trParameters = profile.getTransformParameters();
+        Iterator trIter;
+
+        for (trIter = trParameters.iterator(); trIter.hasNext();) {
+          TransformParameter transformParameter =
+            (TransformParameter) trIter.next();
+          String uri = transformParameter.getURI();
+
+          if (transformParameter.getTransformParameterType()
+            == TransformParameter.HASH_TRANSFORMPARAMETER) {
+            hashValues.put(
+              uri,
+              ((TransformParameterHash) transformParameter).getDigestValue());
+          }
+
+        }
+      }
+    }
+    return hashValues;
+  }
+
+  /**
+   * Filter the <code>ReferenceInfo</code>s returned by the
+   * <code>VerifyXMLSignatureResult</code> for comparison with the
+   * <code>ReferenceInfo</code> elements in the request.
+   * 
+   * @param referenceInfos The <code>ReferenceInfo</code>s from the
+   * <code>VerifyXMLSignatureResult</code>.
+   * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type
+   * is not a XMLDsig manifest, Security Layer manifest, or ETSI signed
+   * property.
+   */
+  private List filterReferenceInfos(List referenceInfos) {
+    List filtered = new ArrayList();
+    Iterator iter;
+
+    for (iter = referenceInfos.iterator(); iter.hasNext();) {
+      iaik.server.modules.xmlverify.ReferenceInfo refInfo =
+        (iaik.server.modules.xmlverify.ReferenceInfo) iter.next();
+      String refType = refInfo.getReferenceType();
+
+      if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
+        filtered.add(refInfo);
+      }
+    }
+
+    return filtered;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
new file mode 100644
index 0000000..3e4c712
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xmlverify.XMLSignatureVerificationProfileImpl;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * A factory to create a <code>XMLSignatureVerificationProfile</code> from a
+ * <code>VerifyXMLSignatureRequest</code>, based on the current MOA
+ * configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureVerificationProfileFactory {
+
+  /** The <code>VerifyXMLSignatureRequest</code> for which to create profile
+   * information. */
+  private VerifyXMLSignatureRequest request;
+
+  /**
+   * Create a new <code>XMLSignatureVerificationProfileFactory</code>.
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> to extract 
+   * profile data from.
+   */
+  public XMLSignatureVerificationProfileFactory(VerifyXMLSignatureRequest request) {
+    this.request = request;
+  }
+
+  /**
+   * Create a <code>XMLSignatureCreationProfile</code> from the
+   * <code>VerifyXMLSignaturesRequest</code> and the current MOA configuration.
+   * 
+   * @return The <code>XMLSignatureVerificationProfile</code> containing
+   * additional information for verifying an XML signature.
+   * @throws MOASystemException A system error occurred building the profile.
+   * @throws MOAApplicationException An error occurred building the profile.
+   */
+  public XMLSignatureVerificationProfile createProfile()
+    throws MOASystemException, MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    XMLSignatureVerificationProfileImpl profile =
+      new XMLSignatureVerificationProfileImpl();
+    SignatureManifestCheckParams checkParams;
+    String trustProfileID;
+
+    // set whether to check XMLDsig manifests
+    profile.setCheckXMLDsigManifests(true);
+
+    // set the certificate validation profile
+    trustProfileID = request.getTrustProfileId();
+    profile.setCertificateValidationProfile(
+      new PKIProfileImpl(config, trustProfileID));
+
+    // set whether hash input data is to be included
+    profile.setIncludeHashInputData(request.getReturnHashInputData());
+
+    // set the security layer manifest check parameters
+    // and transformation supplements (if present) 
+    checkParams = request.getSignatureManifestCheckParams();
+    profile.setCheckSecurityLayerManifest(true);
+    profile.setIncludeReferenceInputData(checkParams != null ? checkParams.getReturnReferenceInputData() : false);
+    if (checkParams != null) {
+        List transformationSupplements;
+        transformationSupplements = buildTransformationSupplements();
+        profile.setTransformationSupplements(transformationSupplements);
+    } else {
+        profile.setTransformationSupplements(Collections.EMPTY_LIST);
+    }
+    
+    profile.setPermitFileURIs(config.getPermitFileURIs());
+    
+    return profile;
+  }
+
+  /**
+   * Build supplemental data objects used in the transformations.
+   * 
+   * @return A <code>List</code> of <code>DataObject</code>s providing
+   * supplemental data to the transformations.
+   * @throws MOASystemException A system error occurred building one of the
+   * transformations.
+   * @throws MOAApplicationException An error occurred building one of the
+   * transformations.
+   */
+  public List buildTransformationSupplements()
+    throws MOASystemException, MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    SignatureManifestCheckParams checkParams =
+      request.getSignatureManifestCheckParams();
+    List transformsProfiles = new ArrayList();
+    List transformationSupplements = new ArrayList();
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    List refInfos = checkParams.getReferenceInfos();
+    Iterator refIter;
+    Iterator prIter;
+    Iterator trIter;
+
+    // build the list of all VerifyTransformsInfoProfiles in all ReferenceInfos
+    refInfos = checkParams.getReferenceInfos();
+    for (refIter = refInfos.iterator(); refIter.hasNext();) {
+      ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
+      List profiles = refInfo.getVerifyTransformsInfoProfiles();
+
+      transformsProfiles.addAll(
+        ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config));
+    }
+
+    // build the DataObjects
+    for (prIter = transformsProfiles.iterator(); prIter.hasNext();) {
+      VerifyTransformsInfoProfileExplicit profile =
+        (VerifyTransformsInfoProfileExplicit) prIter.next();
+      List transformParameters = profile.getTransformParameters();
+
+      for (trIter = transformParameters.iterator(); trIter.hasNext();) {
+        TransformParameter trParam = (TransformParameter) trIter.next();
+        transformationSupplements.add(
+          factory.createFromTransformParameter(trParam));
+      }
+    }
+    
+    return transformationSupplements;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
new file mode 100644
index 0000000..10dc79d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.logging;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import iaik.logging.TransactionId;
+
+/**
+ * An implementation of the <code>iaik.logging.Log</code>
+ * interface that is based on Jakarta Commons-Logging.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class IaikLog implements iaik.logging.Log {
+  /** The hierarchy to log all IAIK output to. */
+  public static final String IAIK_LOG_HIERARCHY = "iaik.server";
+  /** The commons-loggin <code>Log</code> to use for logging the messages. */
+  private static Log log = LogFactory.getLog(IAIK_LOG_HIERARCHY);
+  /** The node ID to use. */
+  private String nodeId;
+  
+  /**
+   * Create a new <code>IaikLog</code>.
+   * 
+   * @param nodeId The node ID for this <code>Log</code> object. 
+   */
+  public IaikLog(String nodeId) {
+    this.nodeId = nodeId;
+  }
+
+  /**
+   * @see iaik.logging.Log#isDebugEnabled()
+   */
+  public boolean isDebugEnabled() {
+    return log.isDebugEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#debug(TransactionId, Object, Throwable)
+   */
+  public void debug(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.debug(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#isInfoEnabled()
+   */
+  public boolean isInfoEnabled() {
+    return log.isInfoEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#info(TransactionId, Object, Throwable)
+   */
+  public void info(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.info(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#isWarnEnabled()
+   */
+  public boolean isWarnEnabled() {
+    return log.isWarnEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#warn(TransactionId, Object, Throwable)
+   */
+  public void warn(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.warn(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#isErrorEnabled()
+   */
+  public boolean isErrorEnabled() {
+    return log.isErrorEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#error(TransactionId, Object, Throwable)
+   */
+  public void error(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.error(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#isFatalEnabled()
+   */
+  public boolean isFatalEnabled() {
+    return log.isFatalEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#fatal(TransactionId, Object, Throwable)
+   */
+  public void fatal(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.fatal(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#setNodeId(String)
+   */
+  public void setNodeId(String nodeId) {
+    this.nodeId = nodeId;
+  }
+
+  /**
+   * @see iaik.logging.Log#getNodeId()
+   */
+  public String getNodeId() {
+    return nodeId;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java
new file mode 100644
index 0000000..64810a8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.logging;
+
+import iaik.logging.Log;
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LogFactory;
+
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+/**
+ * An implementation of the <code>iaik.logging.LogFactory</code> abstract
+ * class to log messages to the MOA logging subsystem.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikLogFactory extends LogFactory {
+
+  public Log getInstance(Class clazz) throws LogConfigurationException {
+    return getInstanceImpl();
+  }
+
+  public Log getInstance(String name) throws LogConfigurationException {
+    return getInstanceImpl();
+  }
+
+  /**
+   * Return an instance of <code>iaik.logging.Log</code>.
+   * 
+   * @return The <code>iaik.logging.Log</code> object to log messages to.
+   */  
+  private Log getInstanceImpl() {
+    String nodeID = 
+      LoggingContextManager.getInstance().getLoggingContext().getNodeID();
+      
+    return new IaikLog(nodeID);
+  }
+
+  public void release() {
+    // we do not hold any resources
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogMsg.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogMsg.java
new file mode 100644
index 0000000..7e4ff84
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogMsg.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.logging;
+
+import iaik.logging.TransactionId;
+
+/**
+ * A unified message type to log messages from the IAIK subsystem.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikLogMsg {
+  
+  /** The transaction ID of this message. */
+  private TransactionId transactionId;
+  /** The node ID of this message. */
+  private String nodeId;
+  /** The message to log. */
+  private Object message;
+  
+  /**
+   * Create a <code>IaikLogMsg</code> object.
+   * 
+   * @param transactionId The transaction id of the transaction which
+   * generated this log message. May be <code>null</code>.
+   * @param nodeId The node id where this message was generated. May be
+   * <code>null</code>.
+   * @param message The actual message to log. May be <code>null</code>.
+   */
+  public IaikLogMsg(TransactionId transactionId, String nodeId, Object message) {
+    this.transactionId = transactionId;
+    this.nodeId = nodeId;
+    this.message = message;
+  }
+
+  
+  /**
+   * Convert this log message to a <code>String</code>.
+   * 
+   * @return The <code>String</code> representation of this log message. 
+   */
+  public String toString() {
+    StringBuffer msg = new StringBuffer();
+    
+    msg.append("TID=");
+    msg.append(transactionId != null ? transactionId.getLogID() : "<null>");
+    msg.append(" NID=");
+    msg.append(nodeId != null ? nodeId : "<null>");
+    msg.append(" MSG=");
+    msg.append(message != null ? message.toString() : "<null>");
+    
+    return msg.toString();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/TransactionId.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/TransactionId.java
new file mode 100644
index 0000000..ba76c0b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/TransactionId.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.logging;
+
+/**
+ * An implementation of the <code>iaik.logging.TransactionId</code> interface.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TransactionId implements iaik.logging.TransactionId {
+  
+  /** The String representation for logging the transaction ID. */
+  private String logID;
+  
+  /**
+   * Create a <code>TransactionId</code> object.
+   * 
+   * @param logID The transaction id as it should be presented to the logging
+   * subsystem.
+   */
+  public TransactionId(String logID) {
+    this.logID = logID;
+  }
+
+  /**
+   * @see iaik.logging.TransactionId#getLogID()
+   */
+  public String getLogID() {
+    return logID;
+  }
+  
+  /**
+   * @see java.lang.Object#toString()
+   */
+  public String toString() {
+    return getLogID();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java
new file mode 100644
index 0000000..f6d84c7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.service;
+
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.revocation.archive.Archive;
+import iaik.pki.store.revocation.archive.ArchiveFactory;
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * A <code>Runnable</code> for periodically cleaning up the revocation archive. 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RevocationArchiveCleaner implements Runnable {
+
+  /** The inverval between two clean-ups of the revocation archive. */
+  private long archiveCleanupInterval;
+
+  /**
+   * Create a new <code>RevocationArchiveCleaner</code>.
+   * 
+   * @param archiveCleanupInterval The interval between two clean-ups of the
+   * revocation archive.
+   */
+  public RevocationArchiveCleaner(long archiveCleanupInterval) {
+    this.archiveCleanupInterval = archiveCleanupInterval;
+  }
+
+  /**
+   * Run the <code>RevocationArchiveCleaner</code> in its own 
+   * <code>Thread</code>.
+   */
+  public void run() {
+    while (true) {
+      try {
+        ConfigurationProvider config = ConfigurationProvider.getInstance();
+        boolean enableArchiving = config.getEnableRevocationArchiving();
+
+        if (enableArchiving) 
+        {
+          Archive archive = ArchiveFactory.getInstance().getArchive();
+          long archiveDurationMillis =
+            (long) config.getCRLArchiveDuration() * 86400000;
+
+          // delete old archive data
+          if (archiveDurationMillis > 0) {
+            Date olderThan =
+              new Date(System.currentTimeMillis() - archiveDurationMillis);
+
+            archive.deleteOldArchiveEntries(
+              RevocationSourceTypes.CRL,
+              olderThan,
+              new TransactionId("RevocationArchiveCleaner"));
+          }
+        }
+
+      } catch (Exception e) {
+        MessageProvider msg = MessageProvider.getInstance();
+        Logger.error(new LogMsg(msg.getMessage("init.02", null)), e);
+      }
+
+      // sleep 
+      try {
+        Thread.sleep(archiveCleanupInterval * 1000);
+      } catch (InterruptedException e) {
+        // ok to do nothing here
+      }
+
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
new file mode 100644
index 0000000..a5ea592
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.spss.server.transaction;
+
+import javax.activation.DataSource;
+
+public interface DeleteableDataSource extends DataSource {
+	public void delete();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
new file mode 100644
index 0000000..3425dac
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
@@ -0,0 +1,385 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.transaction;
+
+import iaik.xml.crypto.utils.URI;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+import javax.activation.DataSource;
+
+import java.util.Map.Entry;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * Contains information about the current request.
+ * 
+ * @author Stefan Knirsch
+ * @author Patrick Peck 
+ */
+public class TransactionContext {
+
+  /** The client certificate. */
+  private X509Certificate[] clientCertificate = null;
+  /** The transaction ID. */
+  private String transactionID = null;
+  /** The name of the request. */
+  private String requestName = null;
+  /** The SOAP embedded request */
+  private Element request;
+  /** The response which is to embed by SOAP */
+  private Element response;
+  /** The map pointing to SOAP attachments needed by the request. */
+  private HashMap attachments = null;
+  /** The map containing cashed entities used in DataObjectFactory. */
+  private HashMap resolvedEntities = null;
+  /** The configuration to use throughout the request. */
+  private ConfigurationProvider configuration = null;
+  
+  /**
+   * Create a <code>TransactionContext</code> object.
+   * 
+   * @param transactionID A unique ID for this <code>TransactionContext</code>.
+   * @param clientCertificate The client certificate chain.
+   * @param configuration The MOA configuration to use for this transaction.
+   */
+  public TransactionContext(
+    String transactionID,
+    X509Certificate[] clientCertificate,
+    ConfigurationProvider configuration) {
+
+    this.transactionID = transactionID;
+    this.clientCertificate = clientCertificate;
+    this.configuration = configuration;
+  }
+
+  /**
+   * Create a <code>TransactionContext</code> object.
+   * 
+   * @param transactionID A unique ID for this <code>TransactionContext</code>.
+   * @param clientCertificate The client certificate chain.
+   * @param configuration The MOA configuration to use for this transaction.
+   * @param attachments to use for this transaction.
+   */
+  public TransactionContext(
+    String transactionID,
+    X509Certificate[] clientCertificate,
+    ConfigurationProvider configuration,
+    Element request,
+    HashMap attachments) {
+
+    this.transactionID = transactionID;
+    this.clientCertificate = clientCertificate;
+    this.configuration = configuration;
+    this.request = request;
+    this.attachments = attachments;
+  }
+  
+  /**
+   * Returns the client certificate.
+   * 
+   * @return The client certificate chain, if SSL client authentication has been
+   * configured in the web server and has been used by the client. The 0th
+   * element of the array contains the client certificate. <code>null</code>
+   * otherwise.
+   */
+  public X509Certificate[] getClientCertificate() {
+    return clientCertificate;
+  }
+
+  /**
+   * Returns the unique transaction ID.
+   * 
+   * @return The transaction ID.
+   */
+  public String getTransactionID() {
+    return transactionID;
+  }
+
+  /**
+   * Returns the name of the request.
+   * 
+   * @return The name of the request.
+   */
+  public String getRequestName() {
+    return requestName;
+  }
+
+  /**
+   * Sets the name of the request.
+   * 
+   * @param requestName The request name to set.
+   */
+  public void setRequestName(String requestName) {
+    this.requestName = requestName;
+  }
+
+  /**
+   * Sets the the request.
+   * 
+   * @param request The request to set.
+   */
+  public void setRequest(Element request) {
+    this.request = request;
+  }
+
+  /**
+   * Returns the request.
+   * 
+   * @return The request.
+   */
+  public Element getRequest() {
+    return request;
+  }
+
+  /**
+   * Sets the the response.
+   * 
+   * @param response The response to set.
+   */
+  public void setResponse(Element response) {
+    this.response = response;
+  }
+
+  /**
+   * Returns the response.
+   * 
+   * @return The response.
+   */
+  public Element getResponse() {
+    return response;
+  }
+  
+  /**
+   * Adds an attachment to the transactions list of SOAP attachments.
+   * 
+   * @param referenceId Identification value for the SOAP attachment.
+   * @param contentType MIME type of the SOAP attachment.
+   * @param is Handle to the ManagedMemoryDataSource of the SOAP attachment.
+   */
+  public void addAttachment(String referenceId, String contentType, DataSource is) {
+    if (this.attachments == null) this.attachments = new HashMap(); 
+    Vector entry = new Vector(2);
+    entry.add(contentType);
+    entry.add(is);
+    this.attachments.put(referenceId, entry);
+  }
+
+  /**
+   * Adds an attachment to the transactions list of SOAP attachments.
+   * 
+   * @param referenceId Identification value for the SOAP attachment.
+   * @param contentType MIME type of the SOAP attachment.
+   * @param is Handle to the InputStream of the SOAP attachment.
+   * @param filename Filename of the temporary file the InputStream belongs to
+   */
+  public void addAttachment(String referenceId, String contentType, InputStream is, String filename) {
+    if (this.attachments == null) this.attachments = new HashMap(); 
+    Vector entry = new Vector(3);
+    entry.add(contentType);
+    entry.add(is);
+    entry.add(filename);
+    this.attachments.put(referenceId, entry);
+  }
+  
+  /**
+   * Returns the ManagedMemoryDataSource to a specific SOAP attachment identified by referenceId.
+   * 
+   * @param referenceId Identification value for the SOAP attachment.
+   */
+  public DataSource getAttachment(String referenceId) {
+    if (attachments==null) {
+      return null;
+    }
+    Vector entry = (Vector) attachments.get(referenceId);
+    if (entry==null) {
+      return null;
+    }
+    Object object = entry.get(1);
+    if (object instanceof DataSource) {
+    	return (DataSource) object;
+    } else {
+    	return null;
+    }
+  }
+  
+  /**
+   * Returns the InputStream to a specific SOAP attachment identified by uri.
+   * 
+   * @param uri Identification value for the SOAP attachment.
+   */
+  public InputStream getAttachmentInputStream(URI uri) throws MOAApplicationException {
+    if (attachments==null) {
+      return null;
+    }
+    String referenceId = uri.getPath();
+    Vector entry = (Vector) attachments.get(referenceId);
+    if (entry==null) {
+      return null;
+    }
+
+    InputStream attachmentIs = null;
+    Object object = entry.get(1);
+       
+    if (object instanceof DataSource) {
+		try {
+		  attachmentIs =  (InputStream) ( ((DataSource)object).getInputStream());
+		} catch (IOException e) {
+		  throw new MOAApplicationException("2208", new Object[] { uri }, e);
+		}
+    } else {
+        attachmentIs = (InputStream) object;
+    }
+    return attachmentIs;
+    //If we would return the whole mmds: return (ManagedMemoryDataSource) entry.get(1);
+  }
+  
+  /**
+   * Returns the content type to a specific SOAP attachment identified by referenceId.
+   * 
+   * @param referenceId Identification value for the SOAP attachment.
+   */
+  public String getAttachmentContentType(String referenceId) {
+    Vector entry = (Vector) attachments.get(referenceId);
+    if (entry==null) {
+      return null;
+    }
+    return (String) entry.get(0);
+  }
+  
+  /**
+   * Delete the temporary attachment files.
+   */
+public void cleanAttachmentCache() {
+    if (null==attachments) {
+      return;
+    }
+    Iterator iterator = attachments.entrySet().iterator();
+    while (iterator.hasNext()) {
+      Entry hmEntry = (Entry) iterator.next();
+      Vector entry = (Vector)hmEntry.getValue();
+      Object object = entry.get(1);
+      if (object instanceof DataSource) {
+    	  DataSource mmds = (DataSource)object;
+	      try {
+	        if (mmds!=null) {
+	          InputStream is = mmds.getInputStream();
+	          if (is!=null) is.close();
+// not available in Axis 1.0 to 1.1	          
+//	          File f = mmds.getDiskCacheFile();
+//	          if (f!=null) f.delete();	   
+	          if(mmds instanceof DeleteableDataSource) {
+	        	  ((DeleteableDataSource)mmds).delete();
+	          }
+	          //mmds..delete();
+	        }
+	      } catch (IOException e) {
+	        // ok to do nothing here
+	      }
+      } else if (object instanceof InputStream) {
+         InputStream is = (InputStream)object;
+         try {
+	         if (is!=null) is.close();
+	         String tempFile = (String) entry.get(2);
+	         if (tempFile!=null){
+		         File f = new File(tempFile);
+		         f.delete();
+	         }
+	      } catch (IOException e) {
+		        // ok to do nothing here
+	      }
+      }
+    }
+  }
+  
+  /**
+   * Returns the <code>ConfigurationProvider</code> associated with this
+   * transaction.
+   * 
+   * @return The ConfigurationProvider associated with this transaction. 
+   */
+  public ConfigurationProvider getConfiguration() {
+    return configuration;
+  }
+  
+  /**
+   * Search an uri content in cashed map.
+   * 
+   * @param uri The value to look for.
+   * @return If found the cached entity, <code>null<code> otherwise.
+   */
+  public Vector FindResolvedEntity(String uri) {
+	  if (resolvedEntities==null) return null;
+	  return (Vector) resolvedEntities.get(uri);
+  }
+  
+  /**
+   * Get a new InputStream of a cached entity.
+   * 
+   * @param uri The value to look for.
+   * @return A new InputStream of the cached entity.
+   */
+  public InputStream ResolveURI(String uri) {
+	  InputStream is = null;
+	  Vector entity = FindResolvedEntity(uri);
+	  if (entity!=null) {
+		  byte[] contentBytes = (byte[]) entity.get(0);
+		  if (contentBytes!=null) {
+			  is = new ByteArrayInputStream(contentBytes);
+		  }
+	  }
+      return is;
+  }
+
+  /**
+   * Put a read entity (supplement, detached content, data object) on 
+   * transactions entity cash, to prevent repeated reading on slower channels.
+   * 
+   * @param uri A transaction-wide unique URI used as key of the entity cash 
+   * table.
+   * @param contentBytes The cached content belonging to the uri.
+   * @param contentType If known, the MIME-type of the cashed content.
+   */
+  public void PutResolvedEntity(String uri, byte[] contentBytes, String contentType) {
+	  Logger.trace("    storing uri content of uri \"" + uri + "\" for future references");
+	  if (resolvedEntities==null) resolvedEntities = new HashMap();
+      Vector entity = new Vector();
+      entity.add(contentBytes);
+      entity.add(contentType);
+      resolvedEntities.put(uri, entity);
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContextManager.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContextManager.java
new file mode 100644
index 0000000..8a45ddf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContextManager.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.transaction;
+
+/**
+ * Provides each thread with an instance of <code>TransactionContext</code>.
+ * 
+ * The single instance of the <code>TransactionContextManager</code> should be
+ * used to access contextual information for each web service transaction, e.g.
+ * the transaction ID, MOA configuration, client certificate, etc.
+ * 
+ * @author Stefan Knirsch
+ * @author Patrick Peck
+ */
+public class TransactionContextManager {
+
+  /** The single instance of <code>TransactionContextManager</code> */ 
+  private static TransactionContextManager instance = null;
+  
+  /** Contains a single <code>TransactionContext</code> for each thread. */
+  private ThreadLocal context = null;
+
+  /**
+   * Get the single instance of <code>TransactionContextManager</code>.
+   *   
+   * @return The single instanc of <code>TransactionContextManager</code>.
+   */
+  public static synchronized TransactionContextManager getInstance() {
+    if (instance == null) {
+      instance = new TransactionContextManager();
+    }
+    return instance;
+  }
+
+  /**
+   * Creates a new <code>TransactionContextManager</code>.
+   * 
+   * Protected to disallow direct instantiation.
+   */
+  protected TransactionContextManager() {
+    context = new ThreadLocal();
+  }
+
+  /**
+   * Set the <code>TransactionContext</code> for the current thread.
+   * 
+   * @param txContext The <code>TransactionContext</code> for this thread.
+   */
+  public void setTransactionContext(TransactionContext txContext) {
+    context.set(txContext);
+  }
+
+  /**
+   * Get the <code>TransactionContext</code> for the current thread.
+   * 
+   * @return The <code>TransactionContext</code> for the current thread or
+   * <code>null</code>, if none has been set (or if this method is being invoked
+   * outside the bounds of a transaction).
+   */
+  public TransactionContext getTransactionContext() {
+    return (TransactionContext) context.get();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionIDGenerator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionIDGenerator.java
new file mode 100644
index 0000000..b173308
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionIDGenerator.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.transaction;
+
+
+/**
+ * A generator for unique transaction IDs.
+ * 
+ * <p>The transaction IDs are of the form "<base>-<counter>", where:
+ * <ul> 
+ * <li><code>base</code> is initialized with the system time when this class is
+ * being loaded</li>
+ * <li><code>counter</code> is incremented sequentially on each call to
+ * <code>nextID()</code></li>
+ * </ul>
+ * </p>
+ * 
+ * <p> Assuming that it is highly unlikely that MOA servers are started at
+ * exactly the same time instant, the mechanism provided by this class should
+ * guarantee unique transaction IDs across multiple restarts and/or instances of
+ * the server.</p>
+ * 
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ */
+public class TransactionIDGenerator {
+
+  /** Request sequence number. */
+  private static long counter = 0;
+  /** The base value to which to append the sequence number. */
+  private static String base = null;
+
+  /**
+   * Set up the initial base value.
+   */
+  static {
+    synchronized (TransactionIDGenerator.class) {
+      base = Long.toString(System.currentTimeMillis());
+    }
+  }
+
+  /**
+   * Returns the next transaction ID.
+   * 
+   * @return The next transaction ID.
+   */
+  public static synchronized String nextID() {
+    counter++;
+
+    return (base + "-" + counter);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/util/IdGenerator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/util/IdGenerator.java
new file mode 100644
index 0000000..a8d9e1b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/util/IdGenerator.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.util;
+
+import java.util.Set;
+
+/**
+ * Generate unique ID values for various objects in the response.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IdGenerator {
+  /** The base value to append the counter to. */
+  private String base;
+  /** The <code>Set</code> of reserved ID values. */
+  private Set reserved;
+  /** The sequence number. */
+  private int count;
+  
+  /**
+   * Create a new <code>IdGenerator</code>.
+   * 
+   * @param base A base value to append the IDs to. The creator of this object
+   * should provide a base value, so that appending the counter leads to unique
+   * IDs.
+   * @param reserved The <code>Set</code> of reserved IDs. A call to 
+   * <code>uniqueId()</code> will respect the reserved IDs.
+   */
+  public IdGenerator(String base, Set reserved) {
+    this.base = base;
+    this.reserved = reserved;
+    count = 1;
+  }
+  
+  /**
+   * Create the next ID value in the sequence.
+   * 
+   * @return The next ID value in the sequence.
+   */
+  protected String nextId() {
+    return base + "-" + count++;
+  }
+  
+  /**
+   * Create the next unique ID value which is unique in the reserved ID set.
+   * 
+   * The created ID is added to the set of reserved IDs.
+   * 
+   * @return The next ID value.
+   */
+  public String uniqueId() {
+    String nextId;
+
+    while (reserved.contains(nextId = nextId()));
+    
+    reserved.add(nextId);
+    
+    return nextId;
+        
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
new file mode 100644
index 0000000..defaedd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
@@ -0,0 +1,130 @@
+package at.gv.egovernment.moa.spss.tsl.config;

+

+import iaik.util.logging._l;

+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;

+

+import java.net.MalformedURLException;

+import java.net.URL;

+

+public class Configurator {

+

+	private static final String _TMPDBFILENAME = "temp_tsl.sqlite";

+	

+	private static boolean _sqlMultithreaded;

+	private static boolean _throwExceptions;

+	private static boolean _logExceptions;

+	private static boolean _throwWarnings;

+	private static boolean _logWarnings;

+	private static boolean _nullRedundancies;

+	private static URL _euTSLURL;

+	private static String _TSLWorkingDirectoryPath;

+	private static String _dbFile;

+	private static String _euTrustAnchorsPath;

+	private static String _msTrustAnchorsPath;

+	

+	

+	private static boolean _isInitialised = false;

+	

+	

+	/**

+	 * 

+	 */

+	public static void initial(String euTSLURL, String TSLWorkingDirectoryPath, String jdbcURL, String jdbcDriverClass) 

+			throws TSLEngineDiedException {

+		

+		

+		if (!_isInitialised) {	

+			try {

+				_euTSLURL = new URL(euTSLURL);

+			} catch (MalformedURLException e) {

+				_l.err("Bad TSL URL: " + euTSLURL, e);

+				throw new TSLEngineDiedException(e);

+			}

+			

+			if (!TSLWorkingDirectoryPath.endsWith("/"))

+				TSLWorkingDirectoryPath += "/";

+			

+			Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath;

+			

+			initialDefaultConfig();

+			

+			_isInitialised = true;

+		}

+	}

+	

+	public static String get_TSLWorkingDirectoryPath() {

+		return _TSLWorkingDirectoryPath;

+	}

+	

+	public static String get_dbFile() {

+		return _dbFile;

+	}

+

+	public static void set_dbFileName(String _dbFile) {

+		Configurator._dbFile = _TSLWorkingDirectoryPath + _dbFile;

+	}

+	

+	public static String get_euTrustAnchorsPath() {

+		return _euTrustAnchorsPath;

+	}

+

+	public static String get_msTrustAnchorsPath() {

+		return _msTrustAnchorsPath;

+	}

+

+	public static boolean is_sqlMultithreaded() {

+		return _sqlMultithreaded;

+	}

+

+	public static boolean is_throwExceptions() {

+		return _throwExceptions;

+	}

+

+	public static boolean is_logExceptions() {

+		return _logExceptions;

+	}

+

+	public static boolean is_throwWarnings() {

+		return _throwWarnings;

+	}

+

+	public static boolean is_logWarnings() {

+		return _logWarnings;

+	}

+

+	public static boolean is_nullRedundancies() {

+		return _nullRedundancies;

+	}

+

+	public static URL get_euTSLURL() {

+		return _euTSLURL;

+	}

+

+	public static boolean is_isInitialised() {

+		return _isInitialised;

+	}

+

+	public static String get_TempdbFile() {

+		return _TSLWorkingDirectoryPath + _TMPDBFILENAME;

+	}

+	

+	public static void set_euTrustAnchorsPath(String _euTrustAnchorsPath) {

+		Configurator._euTrustAnchorsPath = _euTrustAnchorsPath;

+	}

+

+	public static void set_msTrustAnchorsPath(String _msTrustAnchorsPath) {

+		Configurator._msTrustAnchorsPath = _msTrustAnchorsPath;

+	}

+	

+	private static void initialDefaultConfig() {		

+		_sqlMultithreaded = false;

+		_throwExceptions = true;

+		_logExceptions = true;

+		_throwWarnings = false;

+		_logWarnings = true;

+		_nullRedundancies = false;

+		_dbFile = _TSLWorkingDirectoryPath + "tsl.sqlite";

+		_euTrustAnchorsPath = _TSLWorkingDirectoryPath +  "trust/eu/";

+		_msTrustAnchorsPath = "/trust/ms/";

+	}	

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
new file mode 100644
index 0000000..82df37b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -0,0 +1,972 @@
+package at.gv.egovernment.moa.spss.tsl.connector;

+

+import java.io.File;

+import java.io.FileInputStream;

+import java.io.FileOutputStream;

+import java.io.IOException;

+import java.net.MalformedURLException;

+import java.net.URL;

+import java.nio.channels.ByteChannel;

+import java.nio.channels.FileChannel;

+import java.security.Security;

+import java.security.cert.X509Certificate;

+import java.util.ArrayList;

+import java.util.Collections;

+import java.util.Date;

+import java.util.HashMap;

+import java.util.Iterator;

+import java.util.LinkedHashMap;

+import java.util.List;

+import java.util.ListIterator;

+import java.util.Map;

+import java.util.Map.Entry;

+import java.util.Set;

+

+import org.apache.log4j.Logger;

+

+import at.gv.egovernment.moa.spss.tsl.config.Configurator;

+import at.gv.egovernment.moa.spss.tsl.utils.TSLEUImportFromFileContext;

+import at.gv.egovernment.moa.spss.tsl.utils.TSLEvaluationContext;

+import at.gv.egovernment.moa.spss.tsl.utils.TSLImportFromFileContext;

+import iaik.asn1.ObjectID;

+import iaik.util._15;

+import iaik.util.logging._l;

+import iaik.utils.RFC2253NameParser;

+import iaik.xml.crypto.EccProviderAdapter;

+import iaik.xml.crypto.XSecProvider;

+import iaik.xml.crypto.tsl.DbTables;

+import iaik.xml.crypto.tsl.DbTables.MODE;

+import iaik.xml.crypto.tsl.DbTables.Service;

+import iaik.xml.crypto.tsl.TSLCertEvaluator;

+import iaik.xml.crypto.tsl.TSLCertsExporter;

+import iaik.xml.crypto.tsl.TSLEngine;

+import iaik.xml.crypto.tsl.TSLEngine.LocationAndCertHash;

+import iaik.xml.crypto.tsl.TSLEngine.TSLEngineEU;

+import iaik.xml.crypto.tsl.TSLImportContext;

+import iaik.xml.crypto.tsl.TSLResult;

+import iaik.xml.crypto.tsl.TSLResultEndEntity;

+import iaik.xml.crypto.tsl.TSLResultImpl;

+import iaik.xml.crypto.tsl.TslSqlConnectionWrapper;

+import iaik.xml.crypto.tsl.constants.Countries;

+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;

+import iaik.xml.crypto.tsl.ex.TSLEngineFatalException;

+import iaik.xml.crypto.tsl.ex.TSLEngineFatalRuntimeException;

+import iaik.xml.crypto.tsl.ex.TSLExceptionB;

+import iaik.xml.crypto.tsl.ex.TSLRuntimeException;

+import iaik.xml.crypto.tsl.ex.TSLSearchException;

+import iaik.xml.crypto.tsl.ex.TSLTransactionFailedRuntimeException;

+import iaik.xml.crypto.tsl.fetch.TLS;

+import iaik.xml.crypto.tsl.sie.gen.QualifierType;

+

+public class TSLConnector implements TSLConnectorInterface {

+	

+	static final String _QCSSCDURI = "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/SvcInfoExt/QCWithSSCD";

+	static final String _STYPETEMPLATE_CAQC = "CA/QC";

+	static final String _STYPETEMPLATE_TSAQTST = "TSA/QTST";

+	

+	private static final String DEFAULT_HASHCACHE_DIR = "./hashcache/";

+	

+	static final List<String> STYPETEMPLATES = Collections.unmodifiableList(new ArrayList<String>(){

+		private static final long serialVersionUID = 1L;

+			{

+				add(_STYPETEMPLATE_CAQC);

+				add(_STYPETEMPLATE_TSAQTST);				

+			}

+		});

+	

+	

+	static Logger log = Logger.getLogger(TSLConnector.class);

+		

+	public void initialize(String euTSLURL, String TSLWorkingDirectoryPath, String jdbcURL, String jdbcDriverClass) 

+			throws TSLEngineDiedException {

+

+		Configurator.initial(euTSLURL, TSLWorkingDirectoryPath, jdbcURL, jdbcDriverClass);

+

+	}

+	

+	public ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime,

+			String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		return updateAndGetQualifiedCACertificates(dateTime, null, serviceLevelStatus);

+	}

+	

+	public void updateTSLs(Date dateTime,

+			String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		updateTSLs(dateTime, null, serviceLevelStatus);

+	}

+	

+	public ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime,

+			String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+

+		String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";

+		

+//		String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");

+//		System.out.println("hashcachedir: " + hashcachedir);

+//		if (hashcachedir==null)

+//			hashcachedir = DEFAULT_HASHCACHE_DIR;

+

+//		File hashcachefile = new File(hashcachedir);

+//		File[] filelist = hashcachefile.listFiles();

+//		if (filelist != null) {

+//			for (File f : filelist)

+//				f.delete();

+//		}

+	

+		File tsldownloadfile = new File(tsldownloaddir);

+		if (!tsldownloadfile.exists()) {

+			tsldownloadfile.mkdir();

+		}

+		File[] tslfilelist = tsldownloadfile.listFiles();

+		if (tslfilelist != null) {

+			for (File f : tslfilelist)

+				f.delete();

+		}

+		

+		//create sqlLite database

+		File dbFile = new File(Configurator.get_TempdbFile());

+		try {

+			dbFile.delete();

+			dbFile.createNewFile();

+		} catch (IOException e) {

+			throw new TSLEngineDiedException("Could not create temporary data base file", e);

+		}

+		

+		//the TSL library uses the iaik.util.logging environment.

+		//iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.WARN);

+		iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.OFF);

+		

+		log.info("Starting EU TSL import.");

+

+		// Certificates in Germany, Estonia, Greece, Cyprus,

+		// Lithuainia, Hungary, Poland, Finland, Norway use SURNAME

+		log.debug("### SURNAME registered as " + ObjectID.surName + " ###");

+		RFC2253NameParser.register("SURNAME", ObjectID.surName);

+

+		XSecProvider.addAsProvider(false);

+

+		TSLEngine tslEngine;

+		TslSqlConnectionWrapper connection = null;

+

+		try {

+			// register the Https JSSE Wrapper

+			TLS.register();

+			log.trace("### Https JSSE Wrapper registered ###");

+			

+

+			log.debug("### Connect to Database.###");

+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);

+

+			log.trace("### Connected ###");

+

+			// empty the database and recreate the tables

+			tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(), 

+					connection, true, true);

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+			

+		}

+

+		// H.2.2.1 Same-scheme searching

+		// H.2.2.2 Known scheme searching

+		// H.2.2.3 "Blind" (unknown) scheme searching

+		Number tId = null;

+		Countries euTerritory = Countries.EU;

+		TSLImportContext topLevelTslContext = new TSLEUImportFromFileContext(

+			euTerritory, Configurator.get_euTSLURL(), Configurator.get_TSLWorkingDirectoryPath(), 

+			Configurator.is_sqlMultithreaded(), 

+			Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 

+			Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 

+			Configurator.is_nullRedundancies());

+

+		TSLEngineEU tslengineEU;

+		try {

+			tslengineEU = tslEngine.new TSLEngineEU();

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+		}

+

+		// establish EU TSL trust anchor

+		ListIterator<java.security.cert.X509Certificate> expectedEuTslSignerCerts =

+			tslEngine.loadCertificatesFromResource(

+			Configurator.get_euTrustAnchorsPath(), topLevelTslContext);

+

+		log.debug("Process EU TSL");

+		// process the EU TSL to receive the pointers to the other TSLs

+		// and the trust anchors for the TSL signers

+		Set<Entry<Number, LocationAndCertHash>> pointersToMsTSLs = null;

+		

+		try {

+			

+			tId = tslengineEU.processEUTSL(topLevelTslContext, expectedEuTslSignerCerts);

+			log.info("Process EU TSL finished");

+			

+			log.debug(Thread.currentThread() + " waiting for other threads ...");

+			

+			topLevelTslContext.waitForAllOtherThreads();

+			log.debug(Thread.currentThread()

+				+ " reactivated after other threads finished ...");

+

+

+			// get the TSLs pointed from the EU TSL

+			LinkedHashMap<Number, LocationAndCertHash> tslMap = tslengineEU

+				.getOtherTslMap(tId, topLevelTslContext);

+

+			pointersToMsTSLs = tslMap.entrySet();

+			

+			//set Errors and Warrnings

+			

+		} catch (TSLEngineFatalRuntimeException e) {

+			throw new TSLEngineDiedException(topLevelTslContext.dumpFatals());

+			

+		} catch (TSLTransactionFailedRuntimeException e) {

+			throw new TSLEngineDiedException(topLevelTslContext.dumpTransactionFaliures());

+		}

+

+		//Backup implementation if the EU TSL includes a false signer certificate 

+		// establish additional trust anchors for member states

+//			Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {

+//				Countries.CZ,

+//				Countries.LU,

+//				Countries.ES,

+//				Countries.AT,

+//			};

+		Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {};

+

+		Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>

+			trustAnchorsWrongOnEuTsl = loadCertificatesFromResource(

+					Configurator.get_msTrustAnchorsPath(), tslEngine, topLevelTslContext,

+					countriesWithPotentiallyWrongCertsOnEuTsl);

+

+		log.info("Starting EU member TSL import.");

+		

+		for (Entry<Number, LocationAndCertHash> entry : pointersToMsTSLs) {

+

+			TSLImportContext msTslContext;

+			

+			Countries expectedTerritory = entry.getValue().getSchemeTerritory();

+			try {

+				

+//				if (expectedTerritory.equals("RO"))

+//					System.out.println("Stop");

+				

+				Number otpId = entry.getKey();

+				LocationAndCertHash lac = entry.getValue();

+

+				URL uriReference = null;

+				try {

+					uriReference = new URL(lac.getUrl());

+					

+				} catch (MalformedURLException e) {

+					log.warn("Could not process: " + uriReference, e);

+					continue;

+				}

+

+				String baseURI = uriReference == null ? "" : "" + uriReference;

+

+				msTslContext = new TSLImportFromFileContext(

+					expectedTerritory, uriReference, otpId, Configurator.get_TSLWorkingDirectoryPath(),

+					Configurator.is_sqlMultithreaded(),

+					Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 

+					Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 

+					Configurator.is_nullRedundancies(), baseURI, trustAnchorsWrongOnEuTsl, 

+					topLevelTslContext);

+

+				ListIterator<X509Certificate> expectedTslSignerCerts = null;

+				expectedTslSignerCerts = tslEngine.getCertificates(lac, msTslContext);

+

+				if (expectedTslSignerCerts == null) {

+					

+					// no signer certificate on the EU TSL

+					// ignore this msTSL and log a warning

+					log.warn("NO signer certificate found on EU TSL! " 

+							+ lac.getSchemeTerritory() + "TSL ignored.");

+					

+				}

+				else {

+					tslEngine.processMSTSL(topLevelTslContext, msTslContext, expectedTslSignerCerts);

+				}

+				

+			} catch (TSLExceptionB e) {

+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory() 

+						+ " TSL ignored.");

+				log.debug("Failed to process TSL. " + entry, e);

+				continue;

+			} catch (TSLRuntimeException e) {

+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()

+						+ " TSL ignored.");

+				log.debug("Failed to process TSL. " + entry, e);

+				continue;

+			}				

+		}

+				

+		log.debug(Thread.currentThread() + " waiting for other threads ...");

+		topLevelTslContext.waitForAllOtherThreads();

+

+		log.debug(_15.dumpAllThreads());

+		log.debug(Thread.currentThread() + " reactivated after other threads finished ...");

+		

+		connection = null;

+		try {

+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);				

+			tslEngine.recreateTablesInvalidatedByImport(connection);

+			

+			

+			//TODO: implement database copy operation!

+			File working_database = new File(Configurator.get_dbFile());

+			working_database.delete();

+			copy(dbFile, working_database);

+

+			

+		} catch (TSLEngineFatalException e) {

+			throw new TSLEngineDiedException(e);

+			

+		} finally {

+			try {

+				connection.closeConnection();

+				

+			} catch (TSLEngineFatalException e) {

+				throw new TSLEngineDiedException(e);

+				

+			}

+		}

+		

+		return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);

+	}

+

+	public void updateTSLs(Date dateTime,

+			String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+

+		String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";

+		

+//		String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");

+//		System.out.println("hashcachedir: " + hashcachedir);

+//		if (hashcachedir==null)

+//			hashcachedir = DEFAULT_HASHCACHE_DIR;

+

+//		File hashcachefile = new File(hashcachedir);

+//		File[] filelist = hashcachefile.listFiles();

+//		if (filelist != null) {

+//			for (File f : filelist)

+//				f.delete();

+//		}

+	

+		File tsldownloadfile = new File(tsldownloaddir);

+		if (!tsldownloadfile.exists()) {

+			tsldownloadfile.mkdir();

+		}

+		File[] tslfilelist = tsldownloadfile.listFiles();

+		if (tslfilelist != null) {

+			for (File f : tslfilelist)

+				f.delete();

+		}

+		

+		//create sqlLite database

+		File dbFile = new File(Configurator.get_TempdbFile());

+		try {

+			dbFile.delete();

+			dbFile.createNewFile();

+		} catch (IOException e) {

+			throw new TSLEngineDiedException("Could not create temporary data base file", e);

+		}

+		

+		//the TSL library uses the iaik.util.logging environment.

+		//iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.WARN);

+		iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.OFF);

+		

+		log.info("Starting EU TSL import.");

+

+		// Certificates in Germany, Estonia, Greece, Cyprus,

+		// Lithuainia, Hungary, Poland, Finland, Norway use SURNAME

+		log.debug("### SURNAME registered as " + ObjectID.surName + " ###");

+		RFC2253NameParser.register("SURNAME", ObjectID.surName);

+

+		XSecProvider.addAsProvider(false);

+

+		TSLEngine tslEngine;

+		TslSqlConnectionWrapper connection = null;

+

+		try {

+			// register the Https JSSE Wrapper

+			TLS.register();

+			log.trace("### Https JSSE Wrapper registered ###");

+			

+

+			log.debug("### Connect to Database.###");

+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);

+

+			log.trace("### Connected ###");

+

+			// empty the database and recreate the tables

+			tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(), 

+					connection, true, true);

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+			

+		}

+

+		// H.2.2.1 Same-scheme searching

+		// H.2.2.2 Known scheme searching

+		// H.2.2.3 "Blind" (unknown) scheme searching

+		Number tId = null;

+		Countries euTerritory = Countries.EU;

+		TSLImportContext topLevelTslContext = new TSLEUImportFromFileContext(

+			euTerritory, Configurator.get_euTSLURL(), Configurator.get_TSLWorkingDirectoryPath(), 

+			Configurator.is_sqlMultithreaded(), 

+			Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 

+			Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 

+			Configurator.is_nullRedundancies());

+

+		TSLEngineEU tslengineEU;

+		try {

+			tslengineEU = tslEngine.new TSLEngineEU();

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+		}

+

+		// establish EU TSL trust anchor

+		ListIterator<java.security.cert.X509Certificate> expectedEuTslSignerCerts =

+			tslEngine.loadCertificatesFromResource(

+			Configurator.get_euTrustAnchorsPath(), topLevelTslContext);

+

+		log.debug("Process EU TSL");

+		// process the EU TSL to receive the pointers to the other TSLs

+		// and the trust anchors for the TSL signers

+		Set<Entry<Number, LocationAndCertHash>> pointersToMsTSLs = null;

+		

+		try {

+			

+			tId = tslengineEU.processEUTSL(topLevelTslContext, expectedEuTslSignerCerts);

+			log.info("Process EU TSL finished");

+			

+			log.debug(Thread.currentThread() + " waiting for other threads ...");

+			

+			topLevelTslContext.waitForAllOtherThreads();

+			log.debug(Thread.currentThread()

+				+ " reactivated after other threads finished ...");

+

+

+			// get the TSLs pointed from the EU TSL

+			LinkedHashMap<Number, LocationAndCertHash> tslMap = tslengineEU

+				.getOtherTslMap(tId, topLevelTslContext);

+

+			pointersToMsTSLs = tslMap.entrySet();

+			

+			//set Errors and Warrnings

+			

+		} catch (TSLEngineFatalRuntimeException e) {

+			throw new TSLEngineDiedException(topLevelTslContext.dumpFatals());

+			

+		} catch (TSLTransactionFailedRuntimeException e) {

+			throw new TSLEngineDiedException(topLevelTslContext.dumpTransactionFaliures());

+		}

+

+		//Backup implementation if the EU TSL includes a false signer certificate 

+		// establish additional trust anchors for member states

+//			Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {

+//				Countries.CZ,

+//				Countries.LU,

+//				Countries.ES,

+//				Countries.AT,

+//			};

+		Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {};

+

+		Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>

+			trustAnchorsWrongOnEuTsl = loadCertificatesFromResource(

+					Configurator.get_msTrustAnchorsPath(), tslEngine, topLevelTslContext,

+					countriesWithPotentiallyWrongCertsOnEuTsl);

+

+		log.info("Starting EU member TSL import.");

+		

+		for (Entry<Number, LocationAndCertHash> entry : pointersToMsTSLs) {

+

+			TSLImportContext msTslContext;

+			

+			Countries expectedTerritory = entry.getValue().getSchemeTerritory();

+			try {

+				

+//				if (expectedTerritory.equals("RO"))

+//					System.out.println("Stop");

+				

+				Number otpId = entry.getKey();

+				LocationAndCertHash lac = entry.getValue();

+

+				URL uriReference = null;

+				try {

+					uriReference = new URL(lac.getUrl());

+					

+				} catch (MalformedURLException e) {

+					log.warn("Could not process: " + uriReference, e);

+					continue;

+				}

+

+				String baseURI = uriReference == null ? "" : "" + uriReference;

+

+				msTslContext = new TSLImportFromFileContext(

+					expectedTerritory, uriReference, otpId, Configurator.get_TSLWorkingDirectoryPath(),

+					Configurator.is_sqlMultithreaded(),

+					Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 

+					Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 

+					Configurator.is_nullRedundancies(), baseURI, trustAnchorsWrongOnEuTsl, 

+					topLevelTslContext);

+

+				ListIterator<X509Certificate> expectedTslSignerCerts = null;

+				expectedTslSignerCerts = tslEngine.getCertificates(lac, msTslContext);

+

+				if (expectedTslSignerCerts == null) {

+					

+					// no signer certificate on the EU TSL

+					// ignore this msTSL and log a warning

+					log.warn("NO signer certificate found on EU TSL! " 

+							+ lac.getSchemeTerritory() + "TSL ignored.");

+					

+				}

+				else {

+					tslEngine.processMSTSL(topLevelTslContext, msTslContext, expectedTslSignerCerts);

+				}

+				

+			} catch (TSLExceptionB e) {

+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory() 

+						+ " TSL ignored.");

+				log.debug("Failed to process TSL. " + entry, e);

+				continue;

+			} catch (TSLRuntimeException e) {

+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()

+						+ " TSL ignored.");

+				log.debug("Failed to process TSL. " + entry, e);

+				continue;

+			}				

+		}

+				

+		log.debug(Thread.currentThread() + " waiting for other threads ...");

+		topLevelTslContext.waitForAllOtherThreads();

+

+		log.debug(_15.dumpAllThreads());

+		log.debug(Thread.currentThread() + " reactivated after other threads finished ...");

+		

+		connection = null;

+		try {

+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);				

+			tslEngine.recreateTablesInvalidatedByImport(connection);

+			

+			

+			//TODO: implement database copy operation!

+			File working_database = new File(Configurator.get_dbFile());

+			working_database.delete();

+			copy(dbFile, working_database);

+

+			

+		} catch (TSLEngineFatalException e) {

+			throw new TSLEngineDiedException(e);

+			

+		} finally {

+			try {

+				connection.closeConnection();

+				

+			} catch (TSLEngineFatalException e) {

+				throw new TSLEngineDiedException(e);

+				

+			}

+		}

+		

+		//return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);

+	}

+

+	public ArrayList<File> getQualifiedCACertificates(Date dateTime,

+			String[] serviceLevelStatus) throws TSLEngineDiedException,

+			TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		return getQualifiedCACertificates(dateTime, null, serviceLevelStatus);

+	}

+

+	public ArrayList<File> getQualifiedCACertificates(Date dateTime,

+			String[] countries, String[] serviceLevelStatus)

+			throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		//TODO: database

+		File dbFile = new File(Configurator.get_TempdbFile());

+		//File dbFile = new File(Configurator.get_dbFile());

+		if(!dbFile.exists())

+			throw new TSLEngineDiedException("Could not open data base file");

+

+		log.debug("### Connect to Database ###");		

+		TslSqlConnectionWrapper readConnection = null;

+		

+		try {

+			readConnection = DbTables.connectToDatabaBase(dbFile, MODE.READ_ONLY);

+			

+			TSLEngine tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(), 

+					readConnection, false, false);

+			

+			log.debug("### Connected ###");

+			//TODO: maybe add "TSA/QTST for qualified timestamps

+			 try {

+				 TSLCertsExporter certsExporter;

+				 certsExporter = tslEngine.createCertsExporter(

+						 readConnection,

+						 countries, 

+						 new String[]{_STYPETEMPLATE_CAQC},

+						 serviceLevelStatus

+						 );

+			 				

+				return certsExporter.exportAsArray(dateTime, null);

+				 

+			 } catch (TSLEngineFatalException e) {

+				 e.printStackTrace();

+				 _l.err("could not export Certs", e);

+				 throw new TSLEngineDiedException(e);

+			 }

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+			

+		} finally {

+			try {

+				readConnection.closeConnection();

+				

+			} catch (TSLEngineFatalException e) {

+				throw new TSLEngineDiedException(e);

+			}

+		}	

+	}

+	

+	public boolean checkQC(java.security.cert.X509Certificate[] chain) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		return checkQC(chain, 1);

+	}

+	

+	public boolean checkSSCD(java.security.cert.X509Certificate[] chain) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		return checkSSCD(chain, 1);

+	}

+	

+	public boolean checkQC(java.security.cert.X509Certificate[] chain, int cnt) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+			if (Configurator.is_isInitialised() == false)

+				new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+			LinkedHashMap<X509Certificate, TSLResult> tslResultC = checkchain(chain, cnt);

+

+			//get first result

+			java.util.Map.Entry<java.security.cert.X509Certificate, TSLResult> resultmap = tslResultC.entrySet().iterator().next();

+			TSLResult tslresult = tslResultC.entrySet().iterator().next().getValue();

+			

+			

+			

+			if (tslresult == null) {

+				log.info("Certificate: " + resultmap.getKey().getSubjectDN()

+						+ " not on the TSL");

+				throw new TSLSearchException("Certificate: " + resultmap.getKey().getSubjectDN() 

+						+ " not on the TSL");

+			}

+			

+			if (tslresult instanceof TSLResultEndEntity) {

+				TSLResultEndEntity ree = (TSLResultEndEntity) tslresult;

+				

+				

+				String sType = (String) ree.get(Service.C.sType);

+				

+				log.info("Cert: " +  resultmap.getKey().getSubjectDN() + " sType=" + sType);

+				

+				//TODO: maybe add "TSA/QTST for qualified timestamps

+				if (sType.equals(_STYPETEMPLATE_CAQC))

+					return true;

+				else

+					return false;

+			}

+			

+			else if (tslresult instanceof TSLResultImpl) {

+				

+				//TODO: Certificate is not of Type EndEntity (equal to QCSSCD check)

+				// Is FALSE the correct answer?

+				return false;

+			}

+			

+			throw new TSLEngineDiedException("TSL Result has an unknown Class type");

+	}

+

+	public boolean checkSSCD(java.security.cert.X509Certificate[] chain, int cnt) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		LinkedHashMap<X509Certificate, TSLResult> tslResultC = checkchain(chain, cnt);

+		

+		//get first result

+		java.util.Map.Entry<java.security.cert.X509Certificate, TSLResult> resultmap = tslResultC.entrySet().iterator().next();

+		TSLResult tslresult = tslResultC.entrySet().iterator().next().getValue();

+		

+		if (tslresult == null) {

+			log.info("Certificate: " + resultmap.getKey().getSubjectDN() + " not on the TSL");

+			throw new TSLSearchException("Certificate: " + resultmap.getKey().getSubjectDN() 

+					+ " not on the TSL");

+		}

+		

+		if (tslresult instanceof TSLResultEndEntity) {

+			TSLResultEndEntity ree = (TSLResultEndEntity) tslresult;

+			

+			List<QualifierType> qualifier = ree.getQualifierList();

+			

+			Iterator<QualifierType> qualifierlist = qualifier.iterator();

+			

+			String uri = "";

+		

+			while (qualifierlist.hasNext()) {

+				uri = qualifierlist.next().getUri();

+				

+				log.debug("Cert: " +  resultmap.getKey().getSubjectDN() + " SSCD=" + uri);

+				

+				if (uri.contains(_QCSSCDURI)) {

+					return true;

+				}

+				else {

+					return false;

+				}				

+			}	

+			return false;

+		}

+		

+		else if (tslresult instanceof TSLResultImpl) {

+			

+			//TODO: Certificate is not of Type EndEntity (equal to QC check)

+			// Is FALSE the correct answer?

+			return false;

+		}

+		

+		throw new TSLEngineDiedException("TSL Result has an unknown Class type");

+	}

+	

+

+	

+	private LinkedHashMap<java.security.cert.X509Certificate, TSLResult> checkchain(java.security.cert.X509Certificate[] chain, int cnt) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+		File dbFile = new File(Configurator.get_dbFile());

+		if(!dbFile.exists())

+			throw new TSLEngineDiedException("Could not open data base file");

+

+		try {

+

+			log.debug("### Connect to Database ###");

+			TslSqlConnectionWrapper readConnection;

+			readConnection = DbTables.connectToDatabaBase(dbFile, MODE.READ_ONLY);

+			log.debug("### Connected ###");

+			

+			TSLEngine tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(),

+					readConnection, false, false);

+						

+			XSecProvider.addAsProvider(false);

+			log.debug("### XSECT registered ###");

+			// register the additional IAIK ECC provider

+			Security.addProvider(EccProviderAdapter.getEccProvider());

+			log.debug("### ECC registered ###");

+			

+			

+			TSLEvaluationContext context = new TSLEvaluationContext(

+					  Configurator.get_TSLWorkingDirectoryPath(),

+					  Configurator.is_sqlMultithreaded(),

+					  Configurator.is_throwExceptions(),

+					  Configurator.is_logExceptions(),

+					  Configurator.is_throwWarnings(),

+					  Configurator.is_logWarnings());

+								

+			TSLCertEvaluator tslCertEvaluator = tslEngine.createEvaluator(context,

+					readConnection);

+			

+			Date signingTime = new Date();

+			

+			// has to be later or equal

+			Date now = new Date();

+

+			LinkedHashMap<java.security.cert.X509Certificate, TSLResult> tslResultC = tslCertEvaluator

+				.evaluate(TSLCertEvaluator.CHAIN_MODEL, chain, signingTime, now, context);

+		

+			return tslResultC;

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+		}

+		

+		

+	}

+	

+	private static Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>> loadCertificatesFromResource(

+			final String msTrustAnchorsPath, TSLEngine tslEngine,

+			TSLImportContext topLevelTslContext, Countries[] countriesWithNoCertsOnEuTsl)

+			throws TSLEngineDiedException {

+			Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>> trustAnchorsMissingOnEuTsl;

+			trustAnchorsMissingOnEuTsl =

+			  	new HashMap<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>(

+			  		countriesWithNoCertsOnEuTsl.length);

+

+			for (int i = 0; i < countriesWithNoCertsOnEuTsl.length; i++) {

+				Countries country = countriesWithNoCertsOnEuTsl[i];

+

+				final String mspath = msTrustAnchorsPath + country + "/";

+

+				ListIterator<java.security.cert.X509Certificate> msCerts =

+					tslEngine.loadCertificatesFromResource(mspath, topLevelTslContext);

+

+				trustAnchorsMissingOnEuTsl.put(country, msCerts);

+			}

+			return trustAnchorsMissingOnEuTsl;

+		}

+	

+	

+	private void copy(File source, File destination) throws TSLEngineDiedException {

+		try {

+			FileInputStream fileInputStream = new FileInputStream(source);

+			FileOutputStream fileOutputStream = new FileOutputStream(destination);

+			FileChannel inputChannel = fileInputStream.getChannel();

+			FileChannel outputChannel = fileOutputStream.getChannel();

+			

+			transfer(inputChannel, outputChannel, source.length(), false);

+			

+			fileInputStream.close();

+			fileOutputStream.close();

+		

+			destination.setLastModified(source.lastModified());

+		} catch (Exception e) {

+			

+			throw new TSLEngineDiedException("Error during TSL database copy operation!.");

+		}

+	}

+	

+	private void transfer(FileChannel fileChannel, ByteChannel byteChannel, long lengthInBytes, boolean verbose)

+		throws IOException {

+		

+		long overallBytesTransfered = 0L;

+		long time = -System.currentTimeMillis();

+		

+		while (overallBytesTransfered < lengthInBytes) {

+			long bytesTransfered = 0L;

+			bytesTransfered = fileChannel.transferTo(overallBytesTransfered, Math.min(1024 * 1024, lengthInBytes - overallBytesTransfered), byteChannel);

+			overallBytesTransfered += bytesTransfered;

+			if (verbose) {

+					System.out.println("overall bytes transfered: " + overallBytesTransfered + " progress " + (Math.round(overallBytesTransfered / ((double) lengthInBytes) * 100.0)) + "%");

+			}

+		}

+		time += System.currentTimeMillis();

+		

+		if (verbose) {

+			System.out.println("Transfered: " + overallBytesTransfered + " bytes in: " + (time / 1000) + " s -> " + (overallBytesTransfered / 1024.0) / (time / 1000.0) + " kbytes/s");

+		}

+	}

+	

+	

+//	/**

+//	 * @param tslResultC

+//	 * @param context

+//	 */

+//	private static void printResultDetails(

+//		LinkedHashMap<java.security.cert.X509Certificate, TSLResult> tslResultC, TSLContext context) {

+//

+//		for (java.util.Map.Entry<java.security.cert.X509Certificate, TSLResult> e : tslResultC

+//			.entrySet()) {

+//

+//			TSLResult r = e.getValue();

+//

+//			if (r == null) {

+//				log.info("Certificate: " + e.getKey().getSubjectDN()

+//					+ " not on the TSL");

+//				continue;

+//			}

+//

+//			if (r instanceof TSLResultEndEntity) {

+//				TSLResultEndEntity ree = (TSLResultEndEntity) r;

+//

+//				String status = (String) ree.get(Service.C.status);

+//

+//				Date startDate = context.getDate(ree.get(Service.C.startDate));

+//				Long endDateL = (Long) ree.get(ServiceView.C.endDate);

+//				Date endDate = endDateL == null ? null : new Date(endDateL);

+//

+//				String sType = (String) ree.get(Service.C.sType);

+//

+//				List<QualifierType> tslQual = ree.getQualifierList();

+//

+//				StringBuilder qualList = new StringBuilder("");

+//				if (!tslQual.isEmpty()) {

+//					qualList.append("\n~~~~~~~~~~~~ TSL-Qualifiers ~~~~~~~~~~~~\n");

+//					for (QualifierType qual : tslQual) {

+//						qualList.append(qual.getUri() + "\n");

+//					}

+//					qualList.append("~~~~~~~~~~~~~~~~~  End  ~~~~~~~~~~~~~~~~\n");

+//				}

+//

+//				log.info("############### EndEntity ###############\n"

+//					+ _.printCertificate(e.getKey()) + qualList + "\nServiceProvider: "

+//					+ ree.getSerivceProvider().getSubjectDN() + "\n" + Service.C.sType

+//					+ ": " + sType + "\n" + Service.C.status + ": " + status + "\n"

+//					+ Service.C.startDate + ": " + startDate + "\n"

+//					+ ServiceView.C.endDate + ": " + endDate);

+//				log.info("############ ServiceProvider ############\n"

+//					+ _.printCertificate(ree.getSerivceProvider()));

+//				log.info("#################  END  #################");

+//

+//				continue;

+//			}

+//

+//			if (r instanceof TSLResultImpl) {

+//				TSLResultImpl ri = (TSLResultImpl) r;

+//				log.info("----------------- BEGIN -----------------\n"

+//					+ "Certificate: " + e.getKey().getSubjectDN() + "\n" + ri.toString());

+//

+//				int i = 1;

+//				for (Iterator iter = ri.getRows().iterator(); iter.hasNext();) {

+//					Row row = (Row) iter.next();

+//					// TSPServiceInformationType sInfo =

+//					// ((JAXBElement<TSPServiceInformationType>)

+//					// row.s_.get(Service.C.sInfo)).getValue();

+//					String status = (String) row.s_.get(Service.C.status);

+//

+//					Date startDate = context.getDate(row.s_.get(Service.C.startDate));

+//

+//					Date endDate = context.getDate(row.s_.get(ServiceView.C.endDate));

+//

+//					String sType = (String) row.s_.get(Service.C.sType);

+//

+//					log.info("-----------------  (" + (i++) + ")  -----------------\n"

+//						+ Service.C.sType + ": " + sType + " " + Service.C.status + ": "

+//						+ status + "\n" + Service.C.startDate + ": " + startDate + "\n"

+//						+ ServiceView.C.endDate + ": " + endDate + "\n" + row.s_);

+//					

+//					row.s_.get(Service.C.sExt);

+//				}

+//				log.info("-----------------  END  -----------------");

+//			}

+//		}

+//	}

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnectorInterface.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnectorInterface.java
new file mode 100644
index 0000000..4992f75
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnectorInterface.java
@@ -0,0 +1,95 @@
+package at.gv.egovernment.moa.spss.tsl.connector;

+

+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;

+import iaik.xml.crypto.tsl.ex.TSLSearchException;

+

+import java.io.File;

+import java.util.ArrayList;

+import java.util.Date;

+

+import java.security.cert.X509Certificate;

+

+public interface TSLConnectorInterface {

+	

+	/**

+	 * Initial the MOA TSL Connector.<br>

+	 * <b>The hashcache directory must be set via "System-Property "iaik.xml.crypto.tsl.BinaryHashCache.DIR"!!!</b>

+	 * 

+	 * @author TLenz

+	 * @param euTSLURL - URL to TrustList

+	 * @param TSLWorkingDirectoryPath - Path to a folder which should be used by the TSL engine. (/A/B/.../)

+	 * @param jdbcURL - ...

+	 * @param jdbcDriverClass - ...

+	 */

+	void initialize(String euTSLURL, String TSLWorkingDirectoryPath, String jdbcURL, String jdbcDriverClass) throws TSLEngineDiedException;

+	

+	

+	/**

+	 * Perform an update of all certificates which are on EU TSL and all MS TSLs and create an locale TSL database. 

+	 * The old locale TSL database is removed and a new database is created.   

+	 * 

+	 * @author TLenz

+	 * @param dateTime - ...

+	 * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}

+	 * @return List of certificates with the selected properties

+	 */

+	ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime, String[] serviceLevelStatus) 

+			throws TSLEngineDiedException, TSLSearchException ;

+	

+	/**

+	 * Perform an update of all certificates which are on EU TSL and all MS TSLs and create an locale TSL database. 

+	 * The old locale TSL database is removed and a new database is created. 

+	 * 

+	 * @author TLenz

+	 * @param dateTime - ...

+	 * @param countries - String Array of country codes. For example new Sting[]{"AT","IT","BE"}

+	 * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}

+	 * @return List of certificates with the selected properties

+	 */

+	ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime, String[] countries, String[] serviceLevelStatus) 

+			throws TSLEngineDiedException, TSLSearchException ;

+	

+	/**

+	 * Check the http://uri.etis.org/TrstSvc/Svctype/CA/QC characteristic of a certificate by using the TSL information.

+	 * This method uses information from the local TSL database. 

+	 * 

+	 * @author TLenz

+	 * @param certificate - An X509 certificate.

+	 * @return Return true, if the certificate comprises the http://uri.etis.org/TrstSvc/Svctype/CA/QC characteristic.

+	 */

+	boolean checkQC(X509Certificate[] certificate) throws TSLSearchException, TSLEngineDiedException;

+	

+	/**

+	 * Check the http://uri.etis.org/TrstSvc/eSigDir-1999-93-ECTrustedList/SvcInfoExt/QCWithSSCD characteristic of a certificate by using the TSL information.

+	 * This method uses information from the local TSL database.

+	 * 

+	 * @author TLenz

+	 * @param certificate - An X509 certificate.

+	 * @return Return true, if the certificate comprises the http://uri.etis.org/TrstSvc/eSigDir-1999-93-ECTrustedList/SvcInfoExt/QCWithSSCD characteristic.

+	 */

+	boolean checkSSCD(X509Certificate[] certificate) throws TSLSearchException, TSLEngineDiedException;

+	

+	/**

+	 * Get a list of certificates form the local TSL database with the selected properties. 

+	 * 

+	 * @author TLenz

+	 * @param dateTime - ...

+	 * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}

+	 * @return List of certificates with the selected properties

+	 */

+	ArrayList<File> getQualifiedCACertificates(Date dateTime, String[] serviceLevelStatus) 

+			throws TSLEngineDiedException, TSLSearchException;

+	

+	/**

+	 * Get a list of certificates form the local TSL database with the selected properties.

+	 * 

+	 * @author TLenz

+	 * @param dateTime - ...

+	 * @param countries - String Array of countrie codes. For example new Sting[]{"AT","IT","BE"}

+	 * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}

+	 * @return List of certificates with the selected properties

+	 */

+	ArrayList<File> getQualifiedCACertificates(Date dateTime, String[] countries, String[] serviceLevelStatus) 

+			throws TSLEngineDiedException, TSLSearchException; 

+	

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/exception/MitigatedTSLSecurityException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/exception/MitigatedTSLSecurityException.java
new file mode 100644
index 0000000..d580405
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/exception/MitigatedTSLSecurityException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.spss.tsl.exception;

+

+import iaik.xml.crypto.tsl.ex.TSLSecurityException;

+

+import org.xml.sax.Locator;

+

+public final class MitigatedTSLSecurityException extends

+	TSLSecurityException {

+	/**

+	 * 

+	 */

+	private static final long serialVersionUID = 1L;

+

+	public MitigatedTSLSecurityException(Type t, Locator l) {

+		super(t, l);

+	}

+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
new file mode 100644
index 0000000..e06abe4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -0,0 +1,212 @@
+package at.gv.egovernment.moa.spss.tsl.timer;

+

+import iaik.pki.store.certstore.CertStoreException;

+import iaik.pki.store.certstore.CertStoreParameters;

+import iaik.pki.store.truststore.TrustStoreException;

+import iaik.pki.store.truststore.TrustStoreProfile;

+import iaik.pki.store.utils.StoreUpdater;

+import iaik.server.ConfigurationData;

+import iaik.x509.X509Certificate;

+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;

+import iaik.xml.crypto.tsl.ex.TSLSearchException;

+

+import java.io.File;

+import java.io.FileInputStream;

+import java.io.FileNotFoundException;

+import java.io.IOException;

+import java.security.cert.CertificateException;

+import java.util.ArrayList;

+import java.util.Date;

+import java.util.Iterator;

+import java.util.Map;

+import java.util.TimerTask;

+

+import at.gv.egovernment.moa.logging.LogMsg;

+import at.gv.egovernment.moa.logging.Logger;

+import at.gv.egovernment.moa.spss.MOAApplicationException;

+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;

+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;

+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;

+import at.gv.egovernment.moa.spss.server.config.TrustProfile;

+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;

+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;

+import at.gv.egovernment.moa.spss.server.logging.TransactionId;

+import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;

+import at.gv.egovernment.moa.spss.util.MessageProvider;

+import at.gv.egovernment.moa.util.StringUtils;

+

+

+public class TSLUpdaterTimerTask extends TimerTask {

+	

+	public static TSLConnector tslconnector_;

+	

+	public static ConfigurationData configData_ = null;

+

+	@Override

+	public void run() {

+		

+		try {

+			Logger.info("Start TSL Update");

+			update();

+			Logger.info("Finished TSL Update");

+		} catch (TSLEngineDiedException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (TSLSearchException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (ConfigurationException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (MOAApplicationException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (CertStoreException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (TrustStoreException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		}  catch (FileNotFoundException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (IOException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (CertificateException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		}

+

+	}

+	

+	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, IOException {

+		MessageProvider msg = MessageProvider.getInstance();

+		

+		//TrustProfile tp = null;

+		TrustStoreProfile tsp = null;

+		StoreUpdater storeUpdater = null;

+		TransactionId tid = null;

+		

+			//get TSl configuration

+			ConfigurationProvider config = ConfigurationProvider.getInstance();

+			if (configData_ == null)

+				configData_ = new IaikConfigurator().configure(config);

+			

+			TSLConfiguration tslconfig = config.getTSLConfiguration();

+			if (tslconfig != null) {

+				

+				tslconnector_.updateTSLs(new Date(), new String[]{"accredited","undersupervision"});

+				

+				Logger.info(new LogMsg(msg.getMessage("config.42", null)));

+				

+				// get certstore parameters

+				CertStoreParameters[] certStoreParameters = configData_.getPKIConfiguration().getCertStoreConfiguration().getParameters();

+					

+				// iterate over all truststores

+				Map mapTrustProfiles = config.getTrustProfiles();

+				Iterator it = mapTrustProfiles.entrySet().iterator();

+				while (it.hasNext()) {

+					Map.Entry pairs = (Map.Entry)it.next();

+					TrustProfile tp = (TrustProfile) pairs.getValue();

+					if (tp.isTSLEnabled()) {

+						tsp = new TrustStoreProfileImpl(config, tp.getId());

+						TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];

+						trustStoreProfiles[0] = tsp;

+						

+						Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));

+			         

+						tid = new TransactionId("TSLConfigurator-" + tp.getId());

+						ArrayList tsl_certs = null;

+						if (StringUtils.isEmpty(tp.getCountries())) {

+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));

+	

+							// get certificates from TSL from all countries

+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});

+						}

+						else {

+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));

+							// get selected countries as array

+							String countries = tp.getCountries();

+							String[] array = countries.split(",");

+							for (int i = 0; i < array.length; i++)

+								array[i] = array[i].trim();

+			                	  

+							// get certificates from TSL from given countries

+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});

+						}

+						

+						// create store updater for each TSL enabled truststore 

+						Logger.debug(new LogMsg(msg.getMessage("config.45", null)));

+						storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);

+						

+						// delete files in trustprofile

+						

+						File ftp = new File(tp.getUri());

+						File[] files = ftp.listFiles();

+						X509Certificate[] removeCertificates = new X509Certificate[files.length];

+						int i = 0;

+						for (File file : files) {

+							FileInputStream fis = new FileInputStream(file);

+							removeCertificates[i] = new X509Certificate(fis);

+							i++;

+							fis.close();

+								//file.delete();

+						}

+						

+						// remove all certificates

+						storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);

+						storeUpdater.removeCertificatesFromCertStores(removeCertificates, tid);

+						

+						

+						// copy files from original trustAnchorsLocURI into tslworking trust profile

+				    	File src = new File(tp.getUriOrig());

+				    	files = src.listFiles();

+				    	X509Certificate[] addCertificates = new X509Certificate[files.length];

+				    	i = 0;

+				        for (File file : files) {

+				        	FileInputStream fis = new FileInputStream(file);

+				        	addCertificates[i] = new X509Certificate(fis);

+				        	//FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));

+				        	i++;

+				        	fis.close();

+				        }

+						

+				        // convert ArrayList<File> to X509Certificate[]						

+				        if (tsl_certs == null) {

+				        	Logger.warn("No certificates from TSL imported.");

+				        	//throw new TSLSearchException("No certificates from TSL imported.");

+				        }

+				        else {

+				        

+				        	X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];

+				        	Iterator itcert = tsl_certs.iterator();

+				        	i = 0;

+				        	File f = null;

+				        	while(itcert.hasNext()) {

+				        		f = (File)itcert.next();

+				        		FileInputStream fis = new FileInputStream(f);

+				        		X509Certificate cert = new X509Certificate(fis);

+				        		addCertificatesTSL[i] = cert;

+								

+				        		i++;

+				        		fis.close();

+				        	}

+						  

+				        	Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));

+				        	storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);

+				        	storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);

+						

+				        	Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));

+				        	storeUpdater.addCertificatesToTrustStores(addCertificates, tid);

+				        	storeUpdater.addCertificatesToCertStores(addCertificates, tid);

+				        }			            

+					}

+				}

+			}

+		

+

+		

+	}

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/CertificateReader.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/CertificateReader.java
new file mode 100644
index 0000000..763382a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/CertificateReader.java
@@ -0,0 +1,155 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+import iaik.pkcs.PKCS7CertList;

+import iaik.pkcs.PKCSParsingException;

+import iaik.security.provider.IAIK;

+import iaik.utils.Util;

+import iaik.x509.X509Certificate;

+import iaik.xml.crypto.EccProviderAdapter;

+

+import java.io.BufferedInputStream;

+import java.io.File;

+import java.io.FileFilter;

+import java.io.FileInputStream;

+import java.io.FileNotFoundException;

+import java.io.IOException;

+import java.security.Security;

+import java.security.cert.CertificateException;

+import java.util.Arrays;

+import java.util.Iterator;

+import java.util.List;

+

+// Copyright (C) 2011 IAIK

+// http://jce.iaik.at

+//

+// Copyright (C) 2011 Stiftung Secure Information and

+// Communication Technologies SIC

+// http://www.sic.st

+//

+// All rights reserved.

+//

+// This source is provided for inspection purposes and recompilation only,

+// unless specified differently in a contract with IAIK. This source has to

+// be kept in strict confidence and must not be disclosed to any third party

+// under any circumstances. Redistribution in source and binary forms, with

+// or without modification, are <not> permitted in any case!

+//

+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

+// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

+// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

+// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

+// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

+// SUCH DAMAGE.

+//

+//

+

+public class CertificateReader {

+

+    /**

+     * Filter for reading certificate files from a directory.

+     * The filter accepts a file if its name ends with

+     * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot;

+     * or &quot;.pem&quot;.

+     *

+     * @author Harald Bratko

+     * @author Konrad Lanz

+     */

+    static class CertificateFileFilter implements FileFilter {

+

+      /**

+       * Accepts a file if it is not a directory and its name ends with

+       * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot; or &quot;.pem&quot;.

+       *

+       * @see java.io.FileFilter#accept(java.io.File)

+       */

+      public boolean accept(File file) {

+        String name = file.getName();

+        if (name.endsWith(".der") ||

+          name.endsWith(".cer") ||

+          name.endsWith(".crt") ||

+          name.endsWith(".pem"))

+        {

+          return true;

+        } else {

+          return false;

+        }

+      }

+    }

+

+

+

+    /**

+     * Reads the certificates from the given directory and

+     * returns the certificates as sorted list (end user certificate first).

+     * @param directory

+     * @return

+     * @throws IOException

+     * @throws FileNotFoundException

+     * @throws CertificateException

+     * @throws Exception

+     */

+    public static X509Certificate[] readCertificatesIntoArray(String directory) throws CertificateException, FileNotFoundException, IOException{

+      File file = new File(directory);

+      File[] certificateFiles = file.listFiles(new CertificateFileFilter());

+      int l = certificateFiles.length;

+      X509Certificate[] certs = new X509Certificate[l];

+      for (int i=0; i<certificateFiles.length; i++) {

+        X509Certificate certificate = new X509Certificate(new FileInputStream(certificateFiles[i]));

+        certs[i] = certificate;

+      }

+      return Util.arrangeCertificateChain(certs, false);

+    }

+

+    /**

+     * Reads the certificates from the given directory and

+     * returns the certificates as sorted list (end user certificate first).

+     * @param directory

+     * @return

+     * @throws IOException

+     * @throws FileNotFoundException

+     * @throws CertificateException

+     * @throws Exception

+     */

+    public static List<X509Certificate> readCertificates(String directory) throws CertificateException, FileNotFoundException, IOException{

+

+      return Arrays.asList(readCertificatesIntoArray(directory));

+    }

+

+    public static void main(String[] args) {

+      try {

+

+      	IAIK.addAsJDK14Provider();

+      	 //IAIK.addAsProvider();

+      	 //Security.addProvider(new IAIK());

+

+      	// install ECC provider

+      	Security.addProvider(EccProviderAdapter.getEccProvider());

+

+        String dir = "spec/examples/EU/AT/certs/on-tsl/chain/";

+        List l = readCertificates(dir);

+        Iterator<X509Certificate> it = l.iterator();

+        while (it.hasNext()) {

+          System.out.println(((X509Certificate)it.next()).getSubjectDN().getName());

+        }

+      } catch (Exception e) {

+        e.printStackTrace();

+        System.exit(1);

+      }

+

+    }

+

+		public static X509Certificate[] p7read(File path) throws PKCSParsingException, FileNotFoundException, IOException {

+    	PKCS7CertList p7certList = new PKCS7CertList(

+    		new BufferedInputStream(

+    			new FileInputStream(

+    				path

+    			)

+    		)

+    	);

+    	return p7certList.getCertificateList();

+		}

+  }
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/Mitigation.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/Mitigation.java
new file mode 100644
index 0000000..a1635b8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/Mitigation.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+

+public class Mitigation extends iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation {

+

+	String report_;

+

+	public Mitigation(String report) {

+		report_ = report;

+	}

+

+	@Override

+	public String getReport() {

+		return report_;

+	}

+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java
new file mode 100644
index 0000000..453ee2b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java
@@ -0,0 +1,140 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+

+import java.io.File;

+import java.io.IOException;

+import java.lang.reflect.Method;

+import java.net.URL;

+import java.sql.SQLException;

+import java.util.ArrayList;

+import java.util.List;

+

+import org.sqlite.SQLiteErrorCode;

+

+import iaik.util.logging.Log;

+import iaik.util.logging._l;

+import iaik.util.logging.Log.MultiThreadLoggingGroup;

+import iaik.xml.crypto.tsl.DbTables;

+import iaik.xml.crypto.tsl.TSLImportFromFileContext;

+import iaik.xml.crypto.tsl.TSLOpenURIException;

+import iaik.xml.crypto.tsl.constants.Countries;

+import iaik.xml.crypto.tsl.ex.TSLExceptionB;

+import iaik.xml.crypto.tsl.ex.ThrowableAndLocatorAndMitigation;

+import iaik.xml.crypto.tsl.ex.SeverityAspect.Severity;

+import iaik.xml.crypto.tsl.fetch.TopLevelTslFetchContext;

+

+public class TSLEUImportFromFileContext extends TopLevelTslFetchContext {

+

+	public TSLEUImportFromFileContext(

+			Countries euTerritory,

+			URL euTslURL,

+			String workingdirectory,

+			boolean sqlMultithreaded,

+			boolean throwExceptions,

+			boolean logExceptions,

+			boolean throwWarnings,

+			boolean logWarnings,

+			boolean nullRedundancies) {

+

+			super(

+				euTerritory,

+				euTslURL,

+				workingdirectory,

+				sqlMultithreaded,

+				throwExceptions,

+				logExceptions,

+				throwWarnings,

+				logWarnings,

+				nullRedundancies);

+

+		}

+	

+	public List<ThrowableAndLocatorAndMitigation> getErrorsAndWarnings() {

+		List<ThrowableAndLocatorAndMitigation> errorsAndWarnings = new ArrayList<ThrowableAndLocatorAndMitigation>();

+		errorsAndWarnings.addAll(this.fatals_);

+		errorsAndWarnings.addAll(this.faildTransactions_);

+		errorsAndWarnings.addAll(this.warnings_);

+		

+		return errorsAndWarnings;

+	}

+	

+	@Override

+	  public boolean normalizeXML() {

+		  return true;

+	  }

+		

+	@Override

+	public Object throwException(Throwable e, Method enclosingMethod,

+		Object thisObject, Object[] parameters) {

+

+		if (enclosingMethod != null){

+			if (

+				e instanceof TSLOpenURIException &&

+				enclosingMethod.getName().equals("processUrl") &&

+				TSLImportFromFileContext.class.isAssignableFrom(enclosingMethod.getDeclaringClass()) &&

+				parameters[1] instanceof File &&

+				e.getCause() instanceof IOException &&

+				parameters[0] instanceof URL

+			){

+

+				_l.err("Ignoring download error using old: " + parameters[0],null);

+				wrapException(e);

+				return parameters[1];

+			}

+		}

+

+		//we allow each and every funny stuff from the EU as long as it's not insecure

+		if (e instanceof TSLExceptionB){

+			TSLExceptionB ve = (TSLExceptionB) e;

+			Severity s = ve.getSeverity();

+			if ( s != null && s.ordinal() < Severity.insecure.ordinal()){

+				_l.err("Ignored Exception: ",ve);

+//			    if(logExceptions_){

+		    	warnings_.add(

+		    		new ThrowableAndLocatorAndMitigation(

+		    			ve, null, ve.getLocator(), ve.getMitigation()

+		    		)

+		    	);

+//			    }

+				return null;

+			}

+		}

+

+

+		return super.throwException(e, enclosingMethod, thisObject, parameters);

+	}

+

+		@Override

+		public Boolean doesViolateRawHash(SQLException e, byte[] rawHash) {

+

+			String msg = e.getMessage();

+			return (

+				msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&

+			  msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")

+				);

+		}

+

+		public MultiThreadLoggingGroup getLoggingGroup() {

+		  return this;

+	  }

+		

+		StringBuilder log = new StringBuilder();

+		

+		public void flushLog() {

+			if (log != null && log.length() > 0) {

+				Thread currentThread = Thread.currentThread();

+				String ncName = getNcName(currentThread);

+				

+				synchronized (log) {

+					print(

+							"<" + ncName + " state=\"" + currentThread.getState() + "\" " + " id=\"" + currentThread.getId() + "\">\n"

+					        + log.toString() + "</" + ncName + ">\n");

+					log.setLength(0);	      

+	      }

+			}

+	  }

+

+		public void print(Object msg) {

+		  Log.print(msg);

+	  }

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java
new file mode 100644
index 0000000..a656f11
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java
@@ -0,0 +1,134 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+

+import iaik.util.logging.Log.MultiThreadLoggingGroup;

+import iaik.util.logging.Log;

+import iaik.util.logging._l;

+import iaik.xml.crypto.tsl.BaseClass;

+import iaik.xml.crypto.tsl.SIEExtensionChecker;

+import iaik.xml.crypto.tsl.constants.Countries;

+import iaik.xml.crypto.tsl.ex.TSLSIEExtensionException;

+import iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation;

+import iaik.xml.crypto.tsl.sie.gen.CriteriaListType;

+import iaik.xml.crypto.tsl.sie.gen.KeyUsageBitType;

+import iaik.xml.crypto.tsl.sie.gen.KeyUsageType;

+import iaik.xml.crypto.tsl.sie.gen.ObjectFactory;

+

+import java.lang.reflect.InvocationTargetException;

+import java.lang.reflect.Method;

+

+public final class TSLEvaluationContext extends iaik.xml.crypto.tsl.TSLEvaluationContext {

+	

+	public TSLEvaluationContext(

+	    String workingdirectory,

+		boolean sqlMultithreaded,

+		boolean throwExceptions,

+		boolean logExceptions,

+		boolean throwWarnings,

+		boolean logWarnings) {

+		super(workingdirectory,

+			sqlMultithreaded,

+			throwExceptions,

+			logExceptions,

+			throwWarnings,

+			logWarnings);

+	}

+

+	@Override

+	public Object throwException(Throwable e, Method enclosingMethod,

+		Object thisObject, Object[] parameters) {

+

+		if (e instanceof TSLSIEExtensionException

+			&& e.getMessage() == TSLSIEExtensionException.NO_KEYUSEAGE_NOR_POLICYSET) {

+

+			CriteriaListType criteriaList = (CriteriaListType) parameters[1];

+

+			_l.warn(criteriaList.getDescription());

+

+			String description = criteriaList.getDescription();

+			if (description

+				.trim()

+				.equals(

+					"This service issues qualified certificates for e-signing and "

+						+ "e-authentication within the same process. The Relaying Party shall "

+						+ "make distinction by inspection of keyUsage field contents - "

+						+ "e-signature certificates have non-repudation bit set exclusively.")) {

+				criteriaList.setAssert(SIEExtensionChecker.Asssert.all.toString());

+

+				ObjectFactory of = new ObjectFactory();

+				KeyUsageType ku = of.createKeyUsageType();

+				KeyUsageBitType kb = of.createKeyUsageBitType();

+				kb.setName(SIEExtensionChecker.KeyUseageBit.nonRepudiation

+					.toString());

+				kb.setValue(true);

+				ku.getKeyUsageBit().add(kb);

+				criteriaList.getKeyUsage().add(ku);

+

+				Object mitigatedResult = null;

+				try {

+					mitigatedResult = enclosingMethod.invoke(thisObject, parameters);

+

+				} catch (IllegalAccessException e1) {

+					wrapException(e1);

+				} catch (InvocationTargetException e1) {

+					wrapException(e1);

+				}

+

+				if (mitigatedResult != null) {

+					wrapException(e, criteriaList.sourceLocation(), new Mitigation() {

+						@Override

+						public String getReport() {

+							return "Fixed invalid criteria list";

+						}

+					});

+					return mitigatedResult;

+				}

+

+			}

+		}

+		return super.throwException(e, enclosingMethod, thisObject, parameters);

+	}

+

+	@Override

+	protected long howLongWaitForThreads() {

+		return 10000;

+	}

+

+	@Override

+	protected BaseClass getCurrentBaseClass() {

+		//TODO check whether we can avoid by redesign to focus this only on import

+		return null;

+	}

+

+	@Override

+  public boolean normalizeXML() {

+	  return true;

+  }

+

+	public Countries getExpectedTerritory() {

+	  return null;

+  }

+

+	public MultiThreadLoggingGroup getLoggingGroup() {

+	  return this;

+  }

+

+	StringBuffer log = new StringBuffer();

+	

+	public void flushLog() {

+	  if (log != null && log.length() > 0) {

+			synchronized (System.out) {

+				Thread currentThread = Thread.currentThread();

+				print("# # # " + getHint() + " Thread: "

+				    + currentThread.getName() + "(" + currentThread.getId()

+				    + ") collected logs - BEGIN # # #\n" + log.toString() + "# # # "

+				    + getHint() + " Thread: " + currentThread.getName()

+				    + "(" + currentThread.getId() + ") collected logs -  END  # # #\n");

+			}

+			log = null;

+		}

+  }

+

+	public void print(Object msg) {

+    Log.print(msg);

+  }

+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
new file mode 100644
index 0000000..5d69f69
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
@@ -0,0 +1,850 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+

+import java.io.BufferedOutputStream;

+import java.io.File;

+import java.io.FileNotFoundException;

+import java.io.FileOutputStream;

+import java.io.OutputStream;

+import java.lang.reflect.InvocationTargetException;

+import java.lang.reflect.Method;

+import java.net.MalformedURLException;

+import java.net.URL;

+import java.security.InvalidKeyException;

+import java.security.KeyFactory;

+import java.security.NoSuchAlgorithmException;

+import java.security.PublicKey;

+import java.security.cert.CertificateException;

+import java.security.cert.X509Certificate;

+import java.sql.SQLException;

+import java.util.ArrayList;

+import java.util.Arrays;

+import java.util.Collections;

+import java.util.Iterator;

+import java.util.List;

+import java.util.ListIterator;

+import java.util.Map;

+

+import javax.xml.bind.Unmarshaller;

+import javax.xml.crypto.AlgorithmMethod;

+import javax.xml.crypto.KeySelectorException;

+

+import org.apache.log4j.Logger;

+import org.sqlite.SQLiteErrorCode;

+import org.w3c.dom.DOMError;

+import org.xml.sax.Locator;

+import org.xml.sax.SAXParseException;

+

+import at.gv.egovernment.moa.spss.tsl.exception.MitigatedTSLSecurityException;

+import iaik.util.logging.Log.MultiThreadLoggingGroup;

+import iaik.util.logging._l;

+import iaik.utils.RFC2253NameParserException;

+import iaik.utils.Util;

+import iaik.util._15;

+import iaik.xml.crypto.dsig.keyinfo.X509DataImpl;

+import iaik.xml.crypto.tsl.DbTables;

+import iaik.xml.crypto.tsl.TSLConstants;

+import iaik.xml.crypto.tsl.TSLContext;

+import iaik.xml.crypto.tsl.TSLEngine;

+import iaik.xml.crypto.tsl.TSLImportContext;

+import iaik.xml.crypto.tsl.TSLOpenURIException;

+import iaik.xml.crypto.tsl.TSLThreadContext;

+import iaik.xml.crypto.tsl.ValidationFixupFilter;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.AttributeValueFixup;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.DeleteAttrFixup;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.ElementStringValueFixup;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.FixedSaxLevelValidationExcption;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.LocalNameFixup;

+import iaik.xml.crypto.tsl.constants.Countries;

+import iaik.xml.crypto.tsl.ex.LocatorAspect;

+import iaik.xml.crypto.tsl.ex.TSLEngineFatalException;

+import iaik.xml.crypto.tsl.ex.TSLRuntimeWarning;

+import iaik.xml.crypto.tsl.ex.TSLSecurityException;

+import iaik.xml.crypto.tsl.ex.TSLSecurityException.Type;

+import iaik.xml.crypto.tsl.ex.TSLVerificationException;

+import iaik.xml.crypto.tsl.gen.DigitalIdentityType;

+import iaik.xml.crypto.tsl.verify.TSLDOMErrorHandler;

+import iaik.xml.crypto.tsl.verify.TSLValidationException;

+import iaik.xml.crypto.tsl.verify.TslKeySelector;

+import iaik.xml.crypto.utils.KeySelectorImpl.X509KeySelectorResultImpl;

+

+/**

+ *

+ */

+

+public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromFileContext {

+

+	static Logger l = Logger.getLogger(TSLImportFromFileContext.class);

+	

+	public static final class ExceptionalMitigation extends Mitigation {

+		public ExceptionalMitigation(String report) {

+			super(report);

+		}

+	}

+

+	public static final class FixedValidationMitigation extends Mitigation {

+		public FixedValidationMitigation(String report) {

+			super(report);

+		}

+	}

+

+	private final String baseuri_;

+	private Map<Countries, ListIterator<X509Certificate>>

+	  trustAnchorsWrongOnEuTsl_;

+

+	public TSLImportFromFileContext(

+			Countries expectedTerritory,

+			URL url,

+			Number otherTslPointerId,

+			String workingdirectory,

+			boolean sqlMultithreaded,

+			boolean throwExceptions,

+			boolean logExceptions,

+			boolean throwWarnings,

+			boolean logWarnings,

+			boolean nullRedundancies,

+			String baseuri,

+			Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl, 

+			TSLThreadContext parentContext) {

+			super(

+				expectedTerritory,

+				url,

+				otherTslPointerId,

+				workingdirectory,

+				sqlMultithreaded,

+				throwExceptions,

+				logExceptions,

+				throwWarnings,

+				logWarnings,

+				nullRedundancies,

+				parentContext);

+			baseuri_ = baseuri;

+			trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;

+		}

+	/* (non-Javadoc)

+	 * @see iaik.xml.crypto.tsl.TSLImportFromFileContext#getbaseURI()

+	 */

+	@Override

+	public String getbaseURI() {

+		return this.baseuri_;

+	}

+

+

+

+

+	//@Override

+		protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {

+			return super.wrapException(t, l, m);

+		}

+

+	@Override

+  public

+	synchronized void throwException(Throwable e) {

+

+		if (e instanceof TSLValidationException) {

+			// we do not throw dom validation errors for testing

+			// and just collect them

+			wrapException(e);

+		} else if (e instanceof TSLVerificationException) {

+			

+			boolean corrected = false;

+			// we do not throw verification errors for testing

+			// and just collect them

+			

+//			// NEVER DO THIS! unless you want to import TSLs without signatures.

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//			}

+//			

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//			}

+			

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//				

+//				corrected = true;

+//			}

+//			

+//			

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//

+//				corrected = true;

+//			}

+//			

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//				

+//				corrected = true;

+//			}

+//			

+//			if (corrected)

+//				wrapException(e);

+//			else

+//				super.throwException(e);

+

+			super.throwException(e);

+			

+		} else if (e instanceof FileNotFoundException) {

+			// we do not stop and continue processing

+			wrapException(e);

+		} else if (e instanceof IllegalArgumentException) {

+			// we do not stop and continue processing

+			wrapException(e);

+		} else {

+			// all other errors are treated as per default

+			super.throwException(e);

+		}

+	}

+

+	/* (non-Javadoc)

+	 * @see iaik.xml.crypto.tsl.TSLContext#throwException(java.lang.Exception, java.lang.reflect.Method, java.lang.Object, java.lang.Object[])

+	 */

+	@Override

+	public Object throwException(

+		Throwable e, Method enclosingMethod, Object thisObject, final Object[] parameters) {

+

+		if (enclosingMethod != null){

+

+			if(

+				e instanceof FixedSaxLevelValidationExcption &&

+				enclosingMethod.getDeclaringClass().equals(ValidationFixupFilter.class)){

+				wrapException(e,

+					((LocatorAspect) e).getLocator(),

+					new FixedValidationMitigation("Performed SAX Level Fixup."));

+				return null;

+			}

+

+			if(e instanceof CertificateException &&

+				enclosingMethod.getDeclaringClass().equals(TSLImportContext.class) &&

+				enclosingMethod.getName().equals("parseCertificate")) {

+

+				wrapException(e);

+				//				((DigitalIdentityType)parameters[1]).sourceLocation();

+

+				return null;

+			}

+

+			if (e instanceof TSLValidationException&&

+				enclosingMethod.getDeclaringClass().equals(TSLDOMErrorHandler.class) &&

+				enclosingMethod.getName().equals("handleError")) {

+

+				if (parameters[0] instanceof DOMError) {

+					DOMError domError = (DOMError) parameters[0];

+

+					_l.warn(""+domError.getRelatedData());

+

+					//					domError.getRelatedData().getClass().getField("")

+

+					wrapException(e);

+					return Boolean.TRUE;

+				}

+			}

+

+			if (e instanceof RFC2253NameParserException&&

+				enclosingMethod.getDeclaringClass().equals(TSLImportContext.class) &&

+				enclosingMethod.getName().equals("getNormalizedDN") &&

+				parameters[0] instanceof DigitalIdentityType ) {

+

+				DigitalIdentityType digitalId = (DigitalIdentityType) parameters[0];

+

+				String subDN = digitalId.getX509SubjectName();

+

+				//				String openSslRdnRegExp = "/([^=]+)=?(([^/]+)|\"([^\"]+)\"";

+

+				String openSslRdnRegExp = "/([^=]+)=(\"([^\"]*)\"|([^/\"][^/]*)|(.{0}))";

+				//                          1       2  3          4             5

+				// 1 matches Attribute

+				// 2 matches values

+				// 2 greedy matches properly quoted values

+				// 3 greedy matches values without quotes

+				// 4 matches the empty value

+				if (subDN.matches("^("+openSslRdnRegExp+")+$")){

+					//trigger openSSL format error handling

+

+					Object mitigatedResult = null;

+

+					String[] rdns = subDN.substring(1, subDN.length()).split("/");

+

+					rdns = (String[]) _15.reverseInPlace(rdns);

+

+					subDN = "/"+_15.implode("/", rdns);

+

+					//for now we only support properly quoted values or such without quotes

+

+					subDN = subDN.replaceAll(openSslRdnRegExp, "$1=\"$2$3\",");

+					subDN = subDN.substring(0, subDN.length()-1);

+

+					digitalId.setX509SubjectName(subDN);

+					try {

+						mitigatedResult = enclosingMethod.invoke(thisObject, new Object[]{digitalId});

+

+					} catch (IllegalAccessException e1) {

+						wrapException(e1);

+					} catch (InvocationTargetException e1) {

+						wrapException(e1);

+					}

+

+					if (mitigatedResult != null){

+						wrapException(e, digitalId.sourceLocation(), new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {

+							@Override

+							public String getReport() {

+								return "Converted OpenSSL SubjectDN";

+							}

+						});

+						return mitigatedResult;

+						

+					}

+				}

+

+				wrapException(

+					new TSLRuntimeWarning("Could not normalize :" + (digitalId).getX509SubjectName(), e),

+					digitalId.sourceLocation());

+

+				//if we cannot Normalize the DN we simply don't

+				return (digitalId).getX509SubjectName();

+			}

+

+			//TODO check if this is really needed for ESP TSL

+			if (e instanceof RFC2253NameParserException &&

+				enclosingMethod.getDeclaringClass().equals(TSLImportContext.class) &&

+				enclosingMethod.getName().equals("getNormalizedSubjectDN") &&

+				parameters[0] instanceof X509Certificate ) {

+

+				X509Certificate cert = (X509Certificate) parameters[0];

+

+

+				wrapException(e, null);

+				//if we cannot Normalize the DN we simply don't

+				return cert.getSubjectDN().getName();

+			}

+

+			if (

+				(expectedTerritory_ == Countries.MT || expectedTerritory_ == Countries.LT)&&

+				e instanceof TSLOpenURIException &&

+				enclosingMethod.getDeclaringClass().equals(TSLImportFromFileContext.class) &&

+				enclosingMethod.getName().equals("processUrl") &&

+				parameters[1] instanceof File){

+

+				URL url = null;

+				if (

+					e.getCause() instanceof FileNotFoundException &&

+					parameters[0] instanceof URL &&

+					(url =((URL)parameters[0])).getProtocol().equalsIgnoreCase("http")

+				){

+					try {

+						//Malta just changed their URL ...

+						if ("http://www.mca.org.mt/tsl/MT_TSL.xml".equalsIgnoreCase(url.toString())){

+							url = new URL("http://www.mca.org.mt/sites/default/files/pageattachments/MT_TSL.xml");

+						} else {

+							url = new URL("https", url.getHost(), url.getFile());

+						}

+					}  catch (MalformedURLException e1) {

+						wrapException(e1);

+					}

+

+					Object mitigatedResult = null;

+					try {

+

+						mitigatedResult = enclosingMethod.invoke(thisObject, new Object[]{url,parameters[1]});

+					} catch (IllegalAccessException e1) {

+						wrapException(e1);

+					} catch (InvocationTargetException e1) {

+						wrapException(e1);

+					}

+

+					if (mitigatedResult != null){

+						wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {

+							@Override

+							public String getReport() {

+								return "Trying https:// ...";

+							}

+						});

+						return mitigatedResult;

+					}

+				}

+

+				_l.err("Ignoring download error using old: " + parameters[0], null);

+				wrapException(e);

+				return parameters[1];

+			}

+

+//		if (

+//		expectedTerritory_ == Countries.PL &&(

+//			(e.getCause() instanceof java.io.EOFException ||

+//				e.getCause() instanceof iaik.security.ssl.SSLException) &&

+//				parameters[0] instanceof URL &&

+//				((URL)parameters[0]).getProtocol().equalsIgnoreCase("https")

+//		)){

+//		File f = null;

+//		System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

+//		TLS.register("TLSv1");

+//		try {

+//			f = (File) enclosingMethod.invoke(thisObject, parameters);

+//		} catch (IllegalAccessException e1) {

+//			wrapException(e1);

+//		} catch (InvocationTargetException e1) {

+//			wrapException(e1);

+//		}

+//

+//		//					System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", null);

+//		TLS.register();

+//

+//		if (f != null){

+//			wrapException(e, null, new Mitigation() {

+//				@Override

+//				public String getReport() {

+//					return "Trying TLSv1 and sun.security.ssl.allowUnsafeRenegotiation=true";

+//				}

+//			});

+//			return f;

+//		}

+//	}

+

+			if (

+				e instanceof TSLSecurityException &&

+				enclosingMethod.getDeclaringClass().equals(TSLContext.class) &&

+				enclosingMethod.getName().equals("securityCheck") &&

+				parameters[0] == TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER &&

+				trustAnchorsWrongOnEuTsl_.containsKey(expectedTerritory_) &&

+				parameters[1] instanceof X509Certificate &&

+				parameters[2] instanceof 	ListIterator<?>

+			)

+			{

+				final ListIterator<X509Certificate> trustAnchorsWrongOnEuTsl =

+					trustAnchorsWrongOnEuTsl_.get(expectedTerritory_);

+

+				if (trustAnchorsWrongOnEuTsl != parameters[2]){ //prevents recursion

+					try {

+						enclosingMethod.invoke(thisObject,

+							new Object[]{parameters[0],parameters[1], trustAnchorsWrongOnEuTsl});

+					} catch (IllegalAccessException e1) {

+						wrapException(e1);

+					} catch (InvocationTargetException e1) {

+						wrapException(e1);

+					}

+					wrapException(e, getLocator(),

+							new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){

+							@Override

+							public String getReport() {

+								return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +

+								"the EU TSL and allow the certificate " +

+								parameters[1];

+							}

+						});

+					return null;

+				}

+				X509Certificate crt = (X509Certificate)parameters[1];

+

+		    File f = new File("./wrong/"+expectedTerritory_+"/",

+		    	iaik.util._15.toHexString(getFingerPrint(crt,

+		    		new byte[TSLConstants.CertHash.LENGTH]))+".der");

+		    File parent = f.getParentFile();

+		    if(!parent.exists() && !parent.mkdirs()){

+		        throw new IllegalStateException("Couldn't create dir: " + parent);

+		    }

+

+		    if (!f.exists()){

+		      try {

+		        OutputStream os = new BufferedOutputStream(

+		          new FileOutputStream(f)

+		          );

+		        os.write(crt.getEncoded());

+		        os.close();

+		      } catch (Exception e1) {

+		        e1.printStackTrace();

+		        System.exit(1);

+		      }

+		    }

+

+				//continue ...

+			}

+

+			if (

+				( expectedTerritory_ == Countries.SK ||

+					expectedTerritory_ == Countries.SE ||

+					expectedTerritory_ == Countries.NO ||

+					expectedTerritory_ == Countries.PL) &&

+				e instanceof KeySelectorException &&

+				enclosingMethod.getDeclaringClass().equals(TslKeySelector.class) &&

+				enclosingMethod.getName().equals("select") &&

+				parameters[0] instanceof X509DataImpl){

+

+				X509DataImpl x509Data = (X509DataImpl) parameters[0];

+				AlgorithmMethod method = (AlgorithmMethod) parameters[2];

+

+				List certificates = new ArrayList();

+

+				Iterator x509content = x509Data.getContent().iterator();

+				while (x509content.hasNext()) {

+					Object element = x509content.next();

+					if (element instanceof X509Certificate) {

+						X509Certificate rawCert = (X509Certificate)element;

+						certificates.add(rawCert);

+					}

+				}

+

+				if (!certificates.isEmpty()) {

+					X509Certificate[] rawCertificates = new X509Certificate[certificates.size()];

+					certificates.toArray(rawCertificates);

+					certificates.clear();

+					Iterator certs = null;

+					try {

+						// convert the certificates to IAIK certifcates

+						iaik.x509.X509Certificate[] iaikCertificates = Util.convertCertificateChain(rawCertificates);

+						// sort the certificate chain

+						iaik.x509.X509Certificate[] sortedChain = Util.arrangeCertificateChain(iaikCertificates, false);

+						if (sortedChain == null) {

+							// chain could not be sorted; maybe there are two different certificates

+							// containing the same public key; use the unsorted chain

+							certificates = Arrays.asList(iaikCertificates);

+							certs = certificates.iterator();

+						} else {

+							certs = (Collections.nCopies(1, sortedChain[0])).iterator();

+							certificates = Arrays.asList(sortedChain);

+						}

+					} catch (CertificateException e1) {

+						//cannot handle this throw error

+						return super.throwException(e, enclosingMethod, thisObject, parameters);

+					}

+

+					PublicKey oldPublicKey = null;

+					while (certs.hasNext()) {

+

+						iaik.x509.X509Certificate cert = (iaik.x509.X509Certificate)certs.next();

+

+						boolean hit = false;

+

+						PublicKey publicKey = cert.getPublicKey();

+

+						//            failReason_ = "";

+

+						// Does the certificate provide a key for the requested algorithm?

+						try {

+							KeyFactory kfac = KeyFactory.getInstance(method.getAlgorithm());

+							kfac.translateKey(publicKey);

+							hit = true;

+							if (oldPublicKey != null) {

+								if (!publicKey.equals(oldPublicKey)) {

+									//cannot handle this throw error

+									return super.throwException(e, enclosingMethod, thisObject, parameters);

+								}

+							}

+							oldPublicKey = publicKey;

+						} catch (NoSuchAlgorithmException e1) {

+							//cannot handle this throw error

+							return super.throwException(e, enclosingMethod, thisObject, parameters);

+						} catch (InvalidKeyException e1) {

+							//cannot handle this throw error

+							return super.throwException(e, enclosingMethod, thisObject, parameters);

+						}

+						if (hit) {

+							//make an exception for SK, SE who violate XMLDSig ds:KeyInfo/ds:X509Data

+							wrapException(e, getLocator(),

+								new ExceptionalMitigation("make an exception for " + expectedTerritory_ + " who violate XMLDSig ds:KeyInfo"));

+							return new X509KeySelectorResultImpl(publicKey, certificates, null);

+						}

+					}

+				}

+			}

+			

+			if	( expectedTerritory_ == Countries.DK && 

+					e instanceof KeySelectorException &&

+					parameters[0] instanceof X509DataImpl){

+				if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt                Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt                Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+

+						"Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {

+						

+			    	X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];

+			    		

+			    	ListIterator li = x509DataImpl.getContent().listIterator();

+			    	li.next();

+			    	String sn = (String) li.next();

+			    	

+			    	_l.err(sn, null);

+			    	

+			    	System.exit(1);

+			    	

+						Object mitigatedResult = null;

+						try {

+

+							mitigatedResult = enclosingMethod.invoke(thisObject, parameters);

+						} catch (IllegalAccessException e1) {

+							wrapException(e1);

+						} catch (InvocationTargetException e1) {

+							wrapException(e1);

+						}

+

+						if (mitigatedResult != null){

+							wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {

+								@Override

+								public String getReport() {

+									return "Deleted wrong X509SubjectName from XMLDSIG Signature.";

+								}

+							});

+							return mitigatedResult;

+							

+						}

+					}

+			}

+

+

+		} else {

+			if (e instanceof MitigatedTSLSecurityException){

+				// we allow to mitigate Security exceptions for testing

+				// and collect them

+				wrapException(e);

+				return null;

+			} else if (e instanceof FixedSaxLevelValidationExcption) {

+				// we allow to mitigate Sax Level Fixup for testing

+				// and collect them

+				wrapException(e);

+				return null;

+			}

+		}

+

+		return super.throwException(e, enclosingMethod, thisObject, parameters);

+	}

+

+

+

+	@Override

+	public Unmarshaller createTSLUnmarshaller()

+		throws TSLEngineFatalException {

+		if (expectedTerritory_ == Countries.FI){

+			//we cannot fix FI at SAX Level and re-validate

+			return TSLEngine.createTSLUnmarshaller(false);

+		}

+		return super.createTSLUnmarshaller();

+	}

+

+	@Override

+	public String compressStatus(String status) {

+		if(expectedTerritory_ == Countries.EL){

+			//fix the whitespace in Greece TSL

+			status = status.trim();

+		}		

+		if (status != null && status.startsWith("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/")) {

+		        status = status.substring("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/".length());

+		      }

+

+		return super.compressStatus(status);

+	}

+

+

+	@Override

+	public String compressServiceType(String sType) {

+		if(expectedTerritory_ == Countries.EL){

+			//fix the whitespace in Greece TSL

+			sType = sType.trim();

+		}

+		return super.compressServiceType(sType);

+	}

+

+

+	@Override

+	public iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup getSaxLevelValidationFixup(SAXParseException e) {

+

+		if (expectedTerritory_ == Countries.AT){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+		if (expectedTerritory_ == Countries.CZ){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+		if (expectedTerritory_ == Countries.FR){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+		if (expectedTerritory_ == Countries.NO){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+		if (expectedTerritory_ == Countries.SK){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+

+		if (expectedTerritory_ == Countries.ES && getDownloadLocation().toString().contains(".es/")){

+			if (e.getMessage().equals("cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tslx:CertSubjectDNAttributeType'.")){

+				return new LocalNameFixup("CertSubjectDNAttributeType","CertSubjectDNAttribute",e, this);

+			}

+		}

+

+		if (expectedTerritory_ == Countries.MT && getDownloadLocation().toString().contains(".mt/")){

+			if (e.getMessage().equals("cvc-complex-type.2.4.a: Invalid content was found starting with element 'tsl:TSLPolicy'. One of '{\"http://uri.etsi.org/02231/v2#\":TSLLegalNotice}' is expected.")){

+				return new LocalNameFixup("TSLPolicy","TSLLegalNotice",e, this);

+			}

+		}

+

+		if (e.getMessage().equals("cvc-complex-type.3.2.2: Attribute 'assert' is not allowed to appear in element 'ecc:otherCriteriaList'.")){

+			return new LocalNameFixup("otherCriteriaList","CriteriaList",e, this);

+		} else if (e.getMessage().startsWith("cvc-datatype-valid.1.2.1: '") &&  e.getMessage().endsWith("' is not a valid value for 'dateTime'.")){

+			return new ElementStringValueFixup("-(.)-","-0$1-",e, this);

+		} else if (e.getMessage().startsWith("cvc-type.3.1.3: The value '") &&  e.getMessage().endsWith("' of element 'tsl:ListIssueDateTime' is not valid.")){

+			//			return new DateTimeFixup();

+		} else if (e.getMessage().startsWith("cvc-datatype-valid.1.2.1: '") &&  e.getMessage().endsWith("' is not a valid value for 'base64Binary'.")){

+			return new ElementStringValueFixup("(\\s)=([^=]+)","$1$2",e, this);

+		} else if (e.getMessage().startsWith("cvc-type.3.1.3: The value '") &&  e.getMessage().endsWith("' of element 'tsl:X509Certificate' is not valid.")){

+			//			return new Base64BinaryFixup();

+		} else if (e.getMessage().startsWith("cvc-datatype-valid.1.2.1: '") &&  e.getMessage().endsWith("' is not a valid value for 'anyURI'.")){

+

+			//TODO only for sweden and find a better discriminatory than the URI

+//			if (expectedTerritory_ == Countries.SE){

+//			return new ElementStringValueFixup(

+//			"-http://www.pts.se/upload/Ovrigt/Internet/Branschinformation/Trusted%20List%20SE%20MR.xml",

+//			"http://www.pts.se/upload/Ovrigt/Internet/Branschinformation/Trusted%20List%20SE%20MR.xml");

+				return new ElementStringValueFixup("-http://www.pts.se/",	"http://www.pts.se/", e, this);

+//			}

+

+

+		} else if (e.getMessage().startsWith("cvc-datatype-valid.1.2.1: '") &&  e.getMessage().endsWith("' is not a valid value for 'NCName'.")){

+			if (expectedTerritory_ == Countries.CY || expectedTerritory_ == Countries.LV ||

+					expectedTerritory_ == Countries.HR || expectedTerritory_ == Countries.NL){

+				return new AttributeValueFixup("","Id","(.+)","x$1",e, this);

+			}

+		} else if (e.getMessage().startsWith("cvc-complex-type.2.3: Element '") &&  e.getMessage().endsWith("' cannot have character [children], because the type's content type is element-only.")) {

+			//cvc-complex-type.2.3: Element 'tsl:ServiceDigitalIdentity' cannot have character [children], because the type's content type is element-only.

+			if (expectedTerritory_ == Countries.FI){

+//				return new ElementStringValueFixup("(\\s*)-(\\s*)","$1$2",e, this);

+				return new Fixup(e, this){

+					{

+					  changed_ = true;

+					  fixupPerformed();

+					}

+					@Override

+					public String fixup(String input) {

+						return null;

+					}

+

+					@Override

+					public Mitigation getMitigation() {

+						return new Mitigation("Ignored");

+					}

+

+				};

+			}

+		}

+

+		if (e.getMessage().startsWith("cvc-elt")){

+

+		}	else if (e.getMessage().startsWith("cvc-type")) {

+

+		} else if (e.getMessage().startsWith("cvc-complex-type")) {

+

+		} else if (e.getMessage().startsWith("cvc-datatype-valid")) {

+

+		} else if (e.getMessage().startsWith("cvc-attribute")) {

+

+		}

+		//cvc-complex-type.2.4.a: Invalid content was found starting with element 'tsl:TSLPolicy'. One of '{"http://uri.etsi.org/02231/v2#":TSLLegalNotice}' is expected.

+

+		//cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'ecc:PolicySet'

+		//cvc-complex-type.2.4.a: Invalid content was found starting with element 'ecc:Identifier'. One of '{"http://uri.etsi.org/02231/v2/additionaltypes#":AttributeOID}' is expected.

+		//cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tsl:ExtensionOID'.

+		//cvc-type.3.1.3: The value '-http://www.pts.se/upload/Ovrigt/Internet/Branschinformation/Trusted%20List%20SE%20MR.xml' of element 'tsl:URI' is not valid.,locator=[node=null,object=null,url=file:/C:/Gesichert/Development/projects/TSL/./hashcache/900BA6AB3702EC9518627496749AA28129C56100.tsl.xml,line=109,col=118,offset=-1]]

+

+		return super.getSaxLevelValidationFixup(e);

+	}

+

+	@Override

+	public void securityCheck(Type securityCheckType,

+		java.security.cert.X509Certificate[] certs,

+		ListIterator<java.security.cert.X509Certificate> expectedTslSignerCerts) {

+

+		//TODO check whether we always want to do that to make sure we use the endentity

+		try {

+			certs = Util.convertCertificateChain(certs);

+		} catch (CertificateException e) {

+			throwException(e);

+		}

+  	certs = Util.arrangeCertificateChain((iaik.x509.X509Certificate[]) certs, false);

+		super.securityCheck(securityCheckType, certs, expectedTslSignerCerts);

+	}

+

+

+	@Override

+	public boolean doRollback() {

+		//accept each and every TSL ... even partially ... for testing

+		return false;

+//		return true;

+	}

+

+	@Override

+	public Boolean doesViolateRawHash(SQLException e, byte[] rawHash) {

+

+		String msg = e.getMessage();

+

+		_l.info(msg);

+		return(

+			msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&

+			msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")

+		);

+	}

+

+	@Override

+	protected Long getLocalLastModified(File targetFile) {

+		return super.getLocalLastModified(targetFile);

+	}

+	@Override

+	protected long howLongWaitForThreads() {

+		// TODO Auto-generated method stub

+		return 100000;

+	}

+	

+	@Override

+  protected boolean normalizeXML() {

+	  return true;

+  }

+	public MultiThreadLoggingGroup getLoggingGroup() {

+	  return this;

+  }

+	

+	StringBuilder log = new StringBuilder();

+	

+	public void flushLog() {

+	  if (log != null && log.length() > 0) {

+			Thread currentThread = Thread.currentThread();

+			String ncName = getNcName(currentThread);

+			synchronized (log) {

+				parentContext_.print("<" + ncName + " state=\"" + currentThread.getState()

+				    + "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "</"

+				    + ncName + ">" + _15.LB);

+				parentContext_.flushLog();

+				log.setLength(0);

+			}

+		}

+  }

+	

+	/**

+	 * Collect all the logs for this context

+	 * @see iaik.util.logging.Log.MultiThreadLoggingGroup#print(java.lang.Object)

+	 */

+	public void print(Object msg) {

+		synchronized (log) {

+			log.append(msg);

+		}

+	}

+	

+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java
new file mode 100644
index 0000000..0956617
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java
@@ -0,0 +1,109 @@
+package at.gv.egovernment.moa.spss.util;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.commons.io.FileUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import iaik.pki.store.certstore.directory.DirectoryStoreException;
+import iaik.pki.store.certstore.utils.DirectoryCertStoreConverter;
+
+public class CertStoreConverter {
+
+	private static final Logger logger = LoggerFactory.getLogger(CertStoreConverter.class);
+	
+	public static boolean convert(String certStoreRoot, TransactionId transId) {
+		String certStoreSubjectDN = certStoreRoot + File.separator + "subjectdn";
+
+		logger.error("checking for new cert store format {} -> {}", certStoreRoot, certStoreSubjectDN);
+
+		File certStoreDirectory = new File(certStoreRoot);
+		if (certStoreDirectory.isDirectory() && certStoreDirectory.exists()) {
+
+			File file = new File(certStoreSubjectDN);
+
+			if (file.isDirectory() && file.exists()) {
+				// Is new Format!
+				logger.error("Cert store is allready new format!");
+				return false;
+			} else {
+				try {
+					logger.error(
+							"###########################################################################################");
+					logger.error(
+							"###########################################################################################");
+					logger.error("The certificate store @ {} will now be converted into the new format!",
+							certStoreDirectory.getAbsolutePath());
+
+					String backup = certStoreRoot;
+
+					if (certStoreRoot.endsWith(File.separator)) {
+						backup = certStoreRoot.substring(0, certStoreRoot.length() - File.separator.length());
+					}
+
+					String timestamp = String.valueOf(System.currentTimeMillis());
+					backup = backup + "_" + timestamp;
+
+					logger.error("Creating a backup of the certstore @ {}", backup);
+
+					File backupDirectory = new File(backup);
+					try {
+						FileUtils.copyDirectory(certStoreDirectory, backupDirectory);
+					} catch (IOException e) {
+						logger.error("Failed to create certstore backup!", e);
+						throw new RuntimeException("Failed to create certstore backup!", e);
+					}
+
+					logger.error("deleting original certstore @ {}", certStoreRoot);
+
+					try {
+						FileUtils.deleteDirectory(certStoreDirectory);
+					} catch (IOException e1) {
+						logger.error("Failed to delete old certstore!", e1);
+						throw new RuntimeException("Failed to delete old certstore!", e1);
+					}
+					certStoreDirectory.mkdir();
+
+					DirectoryCertStoreConverter directoryCertStoreConverter = new DirectoryCertStoreConverter();
+
+					try {
+						logger.error("running conversion of certstore @ {}", certStoreRoot);
+						directoryCertStoreConverter.convert(backupDirectory.getAbsolutePath(),
+								certStoreDirectory.getAbsolutePath(), true, false,
+								new IaikLog("DirectoryCertStoreConverter"), transId);
+					} catch (DirectoryStoreException e) {
+						logger.error("Failed to run conversion of old certstore!", e);
+
+						try {
+							FileUtils.copyDirectory(backupDirectory, certStoreDirectory);
+						} catch (IOException e1) {
+							logger.error("!!!!Failed to restore original certstore!!!! CHECK LOGS", e1);
+							throw new RuntimeException("!!!!Failed to restore original certstore!!!! CHECK LOGS", e);
+
+						}
+						throw new RuntimeException("Failed to run conversion of old certstore!", e);
+					}
+
+					logger.error("Conversion of certstore succseeded");
+					logger.error("Certstore in new format is located @ {}", certStoreDirectory.getAbsolutePath());
+					logger.error("Backup of Certstore in old format is located @ {}",
+							certStoreDirectory.getAbsolutePath());
+				} finally {
+					logger.error(
+							"###########################################################################################");
+					logger.error(
+							"###########################################################################################");
+				}
+				return true;
+			}
+		} else {
+			logger.error("Certstore does not exist yet");
+		}
+		return false;
+	}
+	
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
new file mode 100644
index 0000000..544ea91
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -0,0 +1,286 @@
+package at.gv.egovernment.moa.spss.util;
+
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.Name;
+import iaik.asn1.structures.PolicyInformation;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+import iaik.x509.extensions.CertificatePolicies;
+import iaik.x509.extensions.qualified.QCStatements;
+import iaik.x509.extensions.qualified.structures.QCStatement;
+import iaik.x509.extensions.qualified.structures.etsi.QcEuCompliance;
+import iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
+
+import java.security.Principal;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+
+public class CertificateUtils {
+	
+	
+	/**
+	 * Verifies if the given certificate contains QCP+ statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QCP+ statement, else false
+	 */
+	private static boolean checkQCPPlus(X509Certificate cert) {
+		Logger.debug("Checking QCP+ extension");
+		String OID_QCPPlus = "0.4.0.1456.1.1";
+		try {
+			CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid);
+			if (certPol == null) {
+				Logger.debug("No CertificatePolicies extension found");
+				return false;
+			}
+			
+			PolicyInformation[] polInfo = certPol.getPolicyInformation();
+			if (polInfo == null) {
+				Logger.debug("No policy information found");
+				return false;
+			}
+			
+			for (int i = 0; i < polInfo.length; i++) {
+				ObjectID oid = polInfo[i].getPolicyIdentifier();
+				String oidStr = oid.getID();
+				if (oidStr.compareToIgnoreCase(OID_QCPPlus) == 0) {
+					Logger.debug("QCP+ extension found");
+					return true;
+				}
+			}
+			
+			Logger.debug("No QCP+ extension found");
+			
+			return false;
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QCP+ extension found");
+			
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QCP statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QCP statement, else false
+	 */
+	private static boolean checkQCP(X509Certificate cert) {
+		Logger.debug("Checking QCP extension");
+		String OID_QCP = "0.4.0.1456.1.2";
+		try {
+			CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid);
+			if (certPol == null) {
+				Logger.debug("No CertificatePolicies extension found");
+				return false;
+			}
+			
+			PolicyInformation[] polInfo = certPol.getPolicyInformation();
+			if (polInfo == null) {
+				Logger.debug("No policy information found");
+				return false;
+			}
+			
+			for (int i = 0; i < polInfo.length; i++) {
+				ObjectID oid = polInfo[i].getPolicyIdentifier();
+				String oidStr = oid.getID();
+				if (oidStr.compareToIgnoreCase(OID_QCP) == 0) {
+					Logger.debug("QCP extension found");
+					return true;
+				}
+				
+			}
+			
+			Logger.debug("No QCP extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QCP extension found");
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QcEuCompliance statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QcEuCompliance statement, else false
+	 */
+	private static boolean checkQcEuCompliance(X509Certificate cert) {
+		Logger.debug("Checking QcEUCompliance extension");
+		try {
+			QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid);
+			
+			if (qcStatements == null) {
+				Logger.debug("No QcStatements extension found");
+				return false;
+			}
+			
+			QCStatement qcEuCompliance = qcStatements.getQCStatements(QcEuCompliance.statementID);
+			
+			if (qcEuCompliance != null) {
+				Logger.debug("QcEuCompliance extension found");
+				return true;
+			}
+			
+			Logger.debug("No QcEuCompliance extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QcEuCompliance extension found");
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QcEuSSCD statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QcEuSSCD statement, else false
+	 */
+	private static boolean checkQcEuSSCD(X509Certificate cert) {
+		Logger.debug("Checking QcEuSSCD extension");
+		try {
+			QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid);
+			if (qcStatements == null) {
+				Logger.debug("No QcStatements extension found");
+				return false;
+			}
+			
+			QCStatement qcEuSSCD = qcStatements.getQCStatements(QcEuSSCD.statementID);
+			
+			if (qcEuSSCD != null) {
+				Logger.debug("QcEuSSCD extension found");
+				return true;
+			}
+						
+			Logger.debug("No QcEuSSCD extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QcEuSSCD extension found");
+			return false;
+		}
+		
+	}
+
+	public static QCSSCDResult checkQCSSCD(X509Certificate[] chain, boolean isTSLenabledTrustprofile) {
+		
+		boolean qc = false;
+		boolean qcSourceTSL = false;
+		boolean sscd = false;
+		boolean sscdSourceTSL = false;
+		
+		try { 
+		
+			if (isTSLenabledTrustprofile) {
+				// perform QC check via TSL
+				boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
+				if (!checkQCFromTSL) { 
+					// if QC check via TSL returns false
+					// try certificate extensions QCP and QcEuCompliance
+					Logger.debug("QC check via TSL returned false - checking certificate extensions");
+			     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+			        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+			        
+			        if (checkQCP || checkQcEuCompliance) {
+			        	Logger.debug("Certificate is QC (Source: Certificate)");
+			        	qc = true;			        	
+			        }
+			        
+		        	qcSourceTSL = false;
+		        }
+		        else {
+		        	// use TSL result
+		        	Logger.debug("Certificate is QC (Source: TSL)");
+		        	qc = true;
+		        	qcSourceTSL = true;
+		        }
+				
+				// perform SSCD check via TSL
+	        	boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+	        	if (!checkSSCDFromTSL) {
+	        		// if SSCD check via TSL returns false
+					// try certificate extensions QCP+ and QcEuSSCD			       
+	        		Logger.debug("SSCD check via TSL returned false - checking certificate extensions");
+		        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+			        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+			        
+			        if (checkQCPPlus || checkQcEuSSCD) {
+			        	Logger.debug("Certificate is SSCD (Source: Certificate)");
+			        	sscd = true;
+			        }
+			        
+		        	sscdSourceTSL = false;
+		        }
+		        else {
+		        	// use TSL result
+		        	Logger.debug("Certificate is SSCD (Source: TSL)");
+		        	sscd = true;
+		        	sscdSourceTSL = true;
+		        }
+	        	
+			}
+			else {
+				// Trustprofile is not TSL enabled - use certificate extensions only
+
+				// perform QC check
+				// try certificate extensions QCP and QcEuCompliance
+		     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+		        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+		        
+		        if (checkQCP || checkQcEuCompliance)
+		        	qc = true;
+		        
+	        	qcSourceTSL = false;
+	        	
+	        	// perform SSCD check
+	        	// try certificate extensions QCP+ and QcEuSSCD			       
+	        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+		        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+		        
+		        if (checkQCPPlus || checkQcEuSSCD)
+		        	sscd = true;
+		        
+	        	sscdSourceTSL = false;
+			}
+		}
+		catch (TSLEngineDiedException e) {
+	    	MessageProvider msg = MessageProvider.getInstance();
+	        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+		} catch (TSLSearchException e) {
+	    	MessageProvider msg = MessageProvider.getInstance();
+	        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+		}
+		
+		QCSSCDResult result = new QCSSCDResult(qc, qcSourceTSL, sscd, sscdSourceTSL);
+		
+		return result;
+	}
+	
+	/**
+	    * Gets the country from the certificate issuer
+	    * @param cert X509 certificate
+	    * @return Country code from the certificate issuer
+	    */
+	   public static String getIssuerCountry(X509Certificate cert) {
+		   String country = null;
+		   Principal issuerdn = cert.getIssuerX500Principal();
+		   RFC2253NameParser nameParser = new RFC2253NameParser(issuerdn.getName());
+		   
+		   try {
+			   Name name = nameParser.parse();
+			   country = name.getRDN(ObjectID.country);
+		   } catch (RFC2253NameParserException e) {
+			   Logger.warn("Could not get country code from issuer.");
+		   }
+		   
+		    
+		   return country;
+	   }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
new file mode 100644
index 0000000..219bb7c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.spss.util;

+

+import java.net.InetAddress;

+import java.net.UnknownHostException;

+import java.util.Iterator;

+import java.util.List;

+

+import at.gv.egovernment.moa.logging.LogMsg;

+import at.gv.egovernment.moa.logging.Logger;

+import at.gv.egovernment.moa.spss.MOAApplicationException;

+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;

+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;

+

+public class ExternalURIVerifier {

+	

+	public static void verify(String host, int port) throws MOAApplicationException {

+		

+		

+		if (host == null)

+			return;

+		if (host.equalsIgnoreCase(""))

+			return;

+		

+			try {

+				ConfigurationProvider config = ConfigurationProvider.getInstance();

+				

+				boolean allowExternalUris = config.getAllowExternalUris();

+				List blacklist = config.getBlackListedUris();

+				List whitelist = config.getWhiteListedUris();

+				

+				InetAddress hostInetAddress = InetAddress.getByName(host);

+				String ip = hostInetAddress.getHostAddress();

+				

+				

+				if (allowExternalUris) {

+					// external URIs are allowed - check blacklist

+					Iterator it = blacklist.iterator();

+					while (it.hasNext()) {

+						String[] array = (String[])it.next();

+						String bhost = array[0];

+						String bport = array[1];

+						if (bport == null || port == -1) {

+							// check only host

+							if (ip.startsWith(bhost)) {

+								Logger.debug(new LogMsg("Blacklist check: " + host + " (" + ip + ") blacklisted"));

+								throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});

+							}

+						}

+						else {

+							// check host and port

+							int iport = new Integer(bport).intValue();

+							if (ip.startsWith(bhost) && (iport == port)) {

+								Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted"));

+								throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});							

+							}

+								

+						}

+					}

+				}

+				else {	

+					// external uris are forbidden - check whitelist

+					Iterator it = whitelist.iterator();

+					boolean allowed = false;

+					while (it.hasNext()) {

+						String[] array = (String[])it.next();

+						String bhost = array[0];

+						String bport = array[1];

+						if (bport == null || port == -1) {

+							// check only host

+							if (ip.startsWith(bhost)) {

+								Logger.debug(new LogMsg("Whitelist check: " + host + " (" + ip + ") whitelisted"));

+								allowed = true;

+								//throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});

+							}

+						}

+						else {

+							// check host and port

+							int iport = new Integer(bport).intValue();

+							if (ip.startsWith(bhost) && (iport == port)) {

+								Logger.debug(new LogMsg("Whitelist check: " + host + ":" + port + " (" + ip + ":" + port + " whitelisted"));

+								//throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});

+								allowed = true;

+							}

+								

+						}

+					}

+					

+					if (!allowed) {

+						if (port != -1) {

+							Logger.debug(new LogMsg("No external URIs allowed (" + host + ")"));

+							throw new MOAApplicationException("4001", new Object[]{host + "(" + ip + ")"});

+						}							

+						else {

+							Logger.debug(new LogMsg("No external URIs allowed (" + host + ":" + port + ")"));

+							throw new MOAApplicationException("4001", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});

+						}

+							

+					}

+					

+				}

+				

+				Logger.debug(new LogMsg("URI allowed: " + ip + ":" + port));

+			  	  

+			} catch (ConfigurationException e) {

+				throw new MOAApplicationException("config.10", null);

+			} catch (UnknownHostException e) {

+				throw new MOAApplicationException("4003", new Object[]{host});

+			}

+			

+			

+		

+	}

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
new file mode 100644
index 0000000..b5f72c4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
@@ -0,0 +1,142 @@
+/*

+ * Copyright 2003 Federal Chancellery Austria

+ * MOA-ID has been developed in a cooperation between BRZ, the Federal

+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.

+ *

+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by

+ * the European Commission - subsequent versions of the EUPL (the "Licence");

+ * You may not use this work except in compliance with the Licence.

+ * You may obtain a copy of the Licence at:

+ * http://www.osor.eu/eupl/

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the Licence is distributed on an "AS IS" basis,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the Licence for the specific language governing permissions and

+ * limitations under the Licence.

+ *

+ * This product combines work with different licenses. See the "NOTICE" text

+ * file for details on the various modules and licenses.

+ * The "NOTICE" text file is part of the distribution. Any derivative works

+ * that you distribute must include a readable copy of the "NOTICE" text file.

+ */

+

+package at.gv.egovernment.moa.spss.util;

+

+import java.io.InputStream;

+

+import org.apache.xerces.util.URI;

+import org.apache.xerces.util.URI.MalformedURIException;

+import org.xml.sax.EntityResolver;

+import org.xml.sax.InputSource;

+import org.xml.sax.SAXException;

+

+import at.gv.egovernment.moa.logging.LogMsg;

+import at.gv.egovernment.moa.logging.Logger;

+import at.gv.egovernment.moa.spss.MOAApplicationException;

+import at.gv.egovernment.moa.util.Constants;

+

+

+/**

+ * An <code>EntityResolver</code> that looks up entities stored as

+ * local resources.

+ * 

+ * <p>The following DTDs are mapped to local resources: 

+ * <ul>

+ * <li>The XMLSchema.dtd</li>

+ * <li>The datatypes.dtd</li>

+ * </ul>

+ * </p>

+ * <p>For all other resources, an attempt is made to resolve them as resources,

+ * either absolute or relative to <code>Constants.SCHEMA_ROOT</code>.

+ * 

+ * @author Patrick Peck

+ * @author Sven Aigner

+ */

+public class MOASPSSEntityResolver implements EntityResolver {

+

+  /**

+   * Resolve an entity.

+   * 

+   * The <code>systemId</code> parameter is used to perform the lookup of the

+   * entity as a resource, either by interpreting the <code>systemId</code> as

+   * an absolute resource path, or by appending the last path component of

+   * <code>systemId</code> to <code>Constants.SCHEMA_ROOT</code>.

+   * 

+   * @param publicId The public ID of the resource.

+   * @param systemId The system ID of the resource.

+   * @return An <code>InputSource</code> from which the entity can be read, or

+   * <code>null</code>, if the entity could not be found.

+   * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)

+   */

+  public InputSource resolveEntity(String publicId, String systemId) throws SAXException {

+    InputStream stream;

+    int slashPos;

+    

+    if (Logger.isDebugEnabled()) {

+      Logger.debug(

+        new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));

+    }

+

+    if (publicId != null) {

+      // check if we can resolve some standard dtd's

+      if (publicId.equalsIgnoreCase("-//W3C//DTD XMLSchema 200102//EN")) {

+        return new InputSource(

+          getClass().getResourceAsStream(

+            Constants.SCHEMA_ROOT + "XMLSchema.dtd"));

+      } else if (publicId.equalsIgnoreCase("datatypes")) {

+        return new InputSource(

+          getClass().getResourceAsStream(

+            Constants.SCHEMA_ROOT + "datatypes.dtd"));

+      }

+    } else if (systemId != null) {

+      // get the URI path

+      try {

+        URI uri = new URI(systemId);

+        systemId = uri.getPath();

+        

+        if ("".equals(systemId.trim())) {

+          return null;

+        }

+        

+//        if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {

+//          return null;

+//        }

+

+        ExternalURIVerifier.verify(uri.getHost(), uri.getPort());

+        

+      } catch (MalformedURIException e) {

+        return null;

+      } 

+      catch (MOAApplicationException e) {

+			throw new SAXException(e);

+      }

+      

+      // try to get the resource from the full path

+      stream = getClass().getResourceAsStream(systemId);

+      if (stream != null) {

+        InputSource source = new InputSource(stream);

+

+        source.setSystemId(systemId);

+        return source;

+      }

+

+      // try to get the resource from the last path component

+      slashPos = systemId.lastIndexOf('/');

+      if (slashPos >= 0 && systemId.length() > slashPos) {

+        systemId = systemId.substring(slashPos + 1, systemId.length());

+        stream =

+          getClass().getResourceAsStream(Constants.SCHEMA_ROOT + systemId);

+        if (stream != null) {

+          InputSource source = new InputSource(stream);

+

+          source.setSystemId(systemId);

+          return source;

+        }

+      }

+    }

+

+    return null; // nothing found - let the parser handle the entity

+  }

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java
new file mode 100644
index 0000000..6c8a833
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.util;
+
+import java.util.Locale;
+
+import at.gv.egovernment.moa.util.Messages;
+
+/**
+ * Singleton wrapper around a <code>Messages</code> object.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MessageProvider {
+  
+  /** The resource names of the messages to load. */  
+  private static final String[] DEFAULT_MESSAGE_RESOURCES =
+    { "resources/properties/spss_messages" };
+  /** The corresponding message locales. */
+  private static final Locale[] DEFAULT_MESSAGE_LOCALES =
+    new Locale[] { new Locale("de", "AT") };
+  /** The single instance of this class. */
+  private static MessageProvider instance;
+  
+  /** The messages provided by the <code>MessageProvider</code>. */
+  private Messages messages;
+  
+  /**
+   * Return the single instance of the <code>MessageProvider</code>.
+   * 
+   * Intialilizes the <code>MessageProvider</code> with the default message
+   * locations: <code>/resources/properties/spss_messages</code>.
+   * 
+   * @return The single <code>MessageProvider</code>.
+   */
+  public static synchronized MessageProvider getInstance() {
+    if (instance == null) {
+      instance =
+        new MessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+    }
+    return instance;
+  }
+
+  /**
+   * Create a <code>MessageProvider</code>.
+   * 
+   * @param resourceNames The names of the resources containing the messages.
+   * @param locales The corresponding locales.
+   */
+  protected MessageProvider(String[] resourceNames, Locale[] locales) {
+    this.messages = new Messages(resourceNames, locales);
+  }
+
+  /**
+   * Get the message corresponding to a given message ID.
+   *
+   * @param messageId The ID of the message.
+   * @param parameters The parameters to fill in into the message arguments.
+   * @return The formatted message. 
+   */
+  public String getMessage(String messageId, Object[] parameters) {
+    return messages.getMessage(messageId, parameters);
+  }
+
+   
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java
new file mode 100644
index 0000000..e9b1f7d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java
@@ -0,0 +1,26 @@
+package at.gv.egovernment.moa.spss.util;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.crypto.NodeSetData;
+
+import org.w3c.dom.NodeList;
+
+public class NodeListToNodeSetDataAdapter implements NodeSetData {
+
+	private List list = new ArrayList();
+	
+	public NodeListToNodeSetDataAdapter(NodeList list) {
+		for(int i = 0; i < list.getLength(); i++) {
+			this.list.add(list.item(i));
+		}
+	}
+	
+	@Override
+	public Iterator iterator() {
+		return this.list.iterator();
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java
new file mode 100644
index 0000000..99af843
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.spss.util;
+
+public class QCSSCDResult {
+
+	private boolean qc;
+	private boolean qcSourceTSL;
+	
+	private boolean sscd;
+	private boolean sscdSourceTSL;
+	
+	public QCSSCDResult() {
+		this.qc = false;
+		this.qcSourceTSL = false;
+		this.sscd = false;
+		this.sscdSourceTSL = false;
+	}
+	
+	public QCSSCDResult(boolean qc, boolean qcSourceTSL, boolean sscd, boolean sscdSourceTSL) {
+		this.qc = qc;
+		this.qcSourceTSL = qcSourceTSL;
+		this.sscd = sscd;
+		this.sscdSourceTSL = sscdSourceTSL;
+	}
+	
+	public boolean isQC() {
+		return this.qc;
+	}
+	public boolean isQCSourceTSL() {
+		return this.qcSourceTSL;
+	}
+	public boolean isSSCD() {
+		return this.sscd;
+	}
+	public boolean isSSCDSourceTSL() {
+		return this.sscdSourceTSL;
+	}
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java
new file mode 100644
index 0000000..edcac97
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.spss.util;
+
+import java.security.Provider;
+import java.security.Security;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SecProviderUtils {
+	
+	private static final Logger logger = LoggerFactory.getLogger(SecProviderUtils.class);
+	
+	
+	public static void dumpSecProviders(String message) {
+		
+		logger.info("Security Providers: {}", message);
+		
+		for(Provider provider : Security.getProviders()) {
+			logger.info("  - {} - {}", provider.getName(), provider.getVersion());
+		}
+	}
+}
diff --git a/moaSig/moa-sig-lib/src/main/javadoc/overview.html b/moaSig/moa-sig-lib/src/main/javadoc/overview.html
new file mode 100644
index 0000000..9b17bbf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/javadoc/overview.html
@@ -0,0 +1,155 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+<body bgcolor="white">
+
+MOA SP/SS API documentation overview.
+
+
+<h2>Using the MOA SP/SS API</h2>
+
+<h3>Invoking the services</h3>
+In general, invoking the MOA SP/SS API involves the following steps:
+<ol>
+<li>Set the <code>moa.spss.server.configuration</code> system property to point
+to the main MOA SP/SS configuration file. This needs to be done only once per
+JVM instance. You may also call 
+{@link at.gv.egovernment.moa.spss.api.Configurator#init} at this point to 
+pre-initialize MOA SP/SS (if not, it is done automatically upon service 
+invocation).</li>
+<li>Create an instance of the service to be used 
+({@link at.gv.egovernment.moa.spss.api.SignatureCreationService} or 
+{@link at.gv.egovernment.moa.spss.api.SignatureVerificationService}),
+via its <code>getInstance()</code> method.</li>
+<li>Create an instance of the 
+{@link at.gv.egovernment.moa.spss.api.SPSSFactory}, via its
+{@link at.gv.egovernment.moa.spss.api.SPSSFactory#getInstance} method.</li>
+<li>Use the <code>create...</code> methods of the <code>SPSSFactory</code> to
+create the desired {@link at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest}, 
+{@link at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest} or 
+{@link at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest} object.
+</li>
+<li>Call one of the service methods: 
+{@link at.gv.egovernment.moa.spss.api.SignatureCreationService#createXMLSignature(at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest) <code>createXMLSignature()</code>},
+{@link at.gv.egovernment.moa.spss.api.SignatureVerificationService#verifyCMSSignature(at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest) <code>verifyCMSSignature()</code>} or
+{@link at.gv.egovernment.moa.spss.api.SignatureVerificationService#verifyXMLSignature(at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest) <code>verifyXMLSignature()</code>}.
+</li>
+<li>Analyze the result of the service call, given as a 
+{@link at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse}, 
+{@link at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse} or
+{@link at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse}.
+In case of an error, a {@link at.gv.egovernment.moa.spss.MOAException}
+is thrown by the service. Please be aware that errors during signature creation
+are reported as part of a <code>CreateXMLSignatureResponse</code>.
+</ol>
+
+<h3>Creating MOA SP/SS API objects</h3>
+<p>
+Invoking the MOA SP/SS API <code>Service</code> classes involves creating
+a <code>Request</code> object using the {@link at.gv.egovernment.moa.spss.api.SPSSFactory SPSSFactory}.
+Object creation using the <code>SPSSFactory</code> is always bottom-up, meaning 
+that in order to create an object all of its components must have been created
+before.
+</p>
+<p>
+The names of the MOA SP/SS API classes have been chosen to correspond to the
+MOA SP/SS schema elements. The structure of the classes (i.e., their fields)
+also corresponds to the structure of the respective MOA SP/SS schema elements.
+However, a few classes escape this naming convention, mainly because the 
+corresponding schema elements contain <code>xsd:choice</code> components:
+<ul>
+<li>The various <code>Profile</code> classes have subclasses called 
+<code>ProfileID</code> and <code>ProfileExplicit</code> 
+(e.g., {@link at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileID} and
+{@link at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit}), 
+so that the profile can be given either as an ID (which is to be resolved from the 
+MOA SP/SS configuration) or explicitly.</li>
+<li>The classes {@link at.gv.egovernment.moa.spss.api.common.Content},
+{@link at.gv.egovernment.moa.spss.api.cmsverify.CMSContent} and 
+{@link at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter} have 
+subclasses specifying the type of content they actually contain. E.g., 
+{@link at.gv.egovernment.moa.spss.api.common.ContentBinary} will contain 
+a byte stream.</li>
+</ul>
+
+</p>
+<p>
+For clarity, the MOA SP/SS API classes have been organized in several packages
+listed in the following table:
+</p>
+
+<table border=1 cellspacing=0 cellpadding=5>
+<tr>
+  <td>Package</td><td>Purpose</td>
+</tr>
+<tr>
+  <td>{@link at.gv.egovernment.moa.spss.api.xmlsign}</td>
+  <td>Components of the {@link at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest} and 
+  {@link at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse}</td>
+</tr>
+<tr>
+  <td>{@link at.gv.egovernment.moa.spss.api.cmsverify}</td>
+  <td>Components of the
+  {@link at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest} and
+  {@link at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse}</td>
+</tr>
+<tr>
+  <td>{@link at.gv.egovernment.moa.spss.api.xmlverify}</td>
+  <td>Components of the
+  {@link at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest} and
+  {@link at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse}</td>
+</tr>
+<tr>
+  <td>{@link at.gv.egovernment.moa.spss.api.common}</td>
+  <td>Common components used across the classes of the above packages</td>
+</tr>
+</table>
+
+<h3>Converting MOA SP/SS API objects to and from DOM trees</h3>
+The package {@link at.gv.egovernment.moa.spss.api.xmlbind} contains helper
+classes to:
+<ul>
+<li>Parse a DOM tree containing a <code>CreateXMLSignatureRequest</code>,
+<code>VerifyCMSSignatureRequest</code> or  
+<code>VerifyCMSSignatureRequest</code> into its respective MOA SP/SS API object 
+representation. For example, to parse a <code>CreateXMLSignatureRequest</code>
+DOM tree, the {@link at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser#parse(org.w3c.dom.Element) CreateXMLSignatureRequestParser.parse()} 
+method can be used. <br />
+<b>Note:</b> The DOM tree of the request must be derived from a schema valid
+XML document. Otherwise, unexpected behaviour will almost certainly result.</li>
+<li>Build a <code>CreateXMLSignatureResponse</code>, 
+<code>VerifyCMSSignatureResponse</code> or a 
+<code>VerifyXMLSignatureResponse</code> DOM tree from the respective MOA SP/SS 
+API object. For example, to build a <code>VerifyXMLSignatureResponse</code>
+DOM tree, the {@link at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder#build(at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse) VerifyXMLSignatureResponseBuilder.build()}
+can be used.<br />
+<b>Note:</b>The serialized DOM tree will be schema valid.
+</li>
+</ul>
+The DOM trees can easily be read from and written to XML byte streams using
+the methods in the {@link at.gv.egovernment.moa.util.DOMUtils} class.
+<br />
+
+<h3>Utilities and Logging</h3>
+<p> The packages {@link at.gv.egovernment.moa.util} and 
+{@link at.gv.egovernment.moa.spss.util} contain utility classes developed for
+the MOA SP/SS implementation. Since the classes contained in these packages are 
+tailored towards the MOA SP/SS implementation, they are far from being complete 
+in the sense of providing a utility class library. Therefore, they may or may 
+not prove useful in the context of your application. Their interfaces may also
+change in future releases.
+</p>
+
+<p>The package {@link at.gv.egovernment.moa.logging} contains classes for
+logging messages to the MOA SP/SS log hierarchy via the 
+{@link at.gv.egovernment.moa.logging.Logger} class.
+</p>
+
+<h3>Related Documentation</h3>
+
+See also the <a href="../moa_spss/sp-anwendung.htm#API">API example</a> in the 
+MOA SP/SS documentation.
+
+</body>
+</html>
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/resources/resources/properties/spss_messages_de.properties b/moaSig/moa-sig-lib/src/main/resources/resources/properties/spss_messages_de.properties
new file mode 100644
index 0000000..9e2e0e4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -0,0 +1,179 @@
+# This file contains exception messages in the standard Java properties

+# format. The messages may contain formatting patterns as definied in the

+# java.text.MessageFormat class.

+

+#

+# Error messages: the key corresponds to the error code

+#

+

+1100=Fehler beim Validieren der Anfrage: {0}

+1101=Bei enveloping Datenobjekten muss entweder Content oder Reference übergeben werden

+1102=Bei detached Datenobjekten darf das Attribut Reference nicht leer sein

+1103=Ungültiger Wert für Attribut Structure im Element DataObjectInfo: {0}

+1104=Ungültiger Wert für DateTime: {0}

+1105=Ungültiger Wert für Attribut Index in Element CreateSignatureLocation: {0}

+1106=Interner Fehler beim Parsen der XML-Daten

+1107=Kein Kind-Element im Element XMLContent gefunden

+1108=Ungültiger Wert für dsig:Algorithm: {0}

+1109=XMLContent darf nur ein Kind-Element enthalten

+1110=Entweder Content oder Reference muss gesetzt sein

+1111=Reference muss gesetzt sein, wenn kein Content angegeben ist

+1112=Bei leerer Reference muss CreateSignatureEnvironment vorhanden sein

+1113=Der Endpunkt akzeptiert keine Anfragen vom Typ: {0}

+

+2200=Fehler beim Erzeugen der Antwort

+2201=Transformations-Algorithmus unbekannt: {0}

+2202=Kein XPath-Element für XPath-Transformation gefunden

+2203=TrustProfileID unbekannt: {0}

+2207=Ungültiges URI-Format: {0}

+2208=Fehler beim Öffnen des Datenobjekts (URI={0})

+2209=Fehler beim Parsen der XML-Daten

+2210=Fehler beim Lesen des Datenobjekts

+2211=Referenzierte Daten können nicht als XML interpretiert werden (URI={0})

+2212=Fehler beim Auswerten des XPath-Ausdrucks: {0}

+2213=Zugriff auf das Dateisystem verweigert (URI={0})

+2214=Ungültiges URL-Format: {0}

+2215=Kein Stylesheet für XSLT-Transformation gefunden

+2216=Kein XPath-Filter2 Element für XPath-Filter2-Transform gefunden

+2217=Kein InclusiveNamespaces Element für Exclusive Canonicalization Transform gefunden

+2218=Das Signature Environment enthält keine validen XML-Daten

+2219=Fehler beim Lesen des Signature Environment

+2220=Allgemeiner Fehler beim Erzeugen der Signatur [{0}]

+2221=Fehler bei der Behandlung des Schlüssels [{0}]

+2222=Fehler beim Erstellen des Manifests [{0}]

+2223=Fehler beim Erstellen der Referenz [{0}]

+2224=Hashwert nicht verfügbar [{0}]

+2225=Signier-Algorithmus wird nicht unterstützt [{0}]

+2226=Fehler beim Einbetten der Signatur [{0}]

+2227=Fehler beim Berechnen des Signaturwertes [{0}]

+2228=Fehler beim Behandeln der SignedProperties [{0}]

+2229=Signator-Zertifikat nicht verfügbar [{0}]

+2230=Fehler beim Auflösen eines Supplements [{0}]

+2231=Die Schlüsselgruppe ist nicht verfügbar

+2232=Die Schlüsselgruppe ist leer

+2233=Fehler beim Durchführen der Transformation [{0}]

+2234=CreateTransformsInfoProfileID nicht vorhanden (ID={0})

+2235=CreateSignatureEnvironment muss entweder Reference oder Content enthalten

+2236=CreateSignatureEnvironmentProfileID nicht vorhanden (ID={0})

+2237=Fehler beim Auflösen der internen Referenz (URI={0})

+2238=Fehler beim Auflösen des Transformationsparameters (URI={0})

+2240=Allgemeiner Fehler beim Verifizieren der Signatur [{0}]

+2241=Algorithmus wird nicht unterstützt [{0}]

+2242=Fehler beim Parsen der CMS Signatur [{0}]

+2243=Signator-Zertifikat nicht verfügbar [{0}]

+2244=Fehler beim Lesen der Signatur-Daten

+2245=Fehler beim Codieren des Signator-Zertifikats

+2246=Fehler beim Umwandeln des SubjectDN des Signator-Zertifikats nach RFC2253: {0}

+2247=Allgemeiner Fehler beim Verifizieren der Signatur [{0}]

+2248=Fehler beim Vorbereiten der Daten [{0}]

+2249=Das Attribut Signatories enthält einen ungültigen Index (Index={0})

+2262=Fehler beim Behandeln des Manifests [{0}]

+2263=Fehler beim Parsen der Properties [{0}]

+2264=Fehler beim Behandeln der Referenz [{0}]

+2265=Fehler beim Durchführen der Transformation [{0}]

+2266=Signatur ist kein dsig:Signature-Element

+2267=SupplementProfileID nicht vorhanden (ID={0})

+2268=VerifyTransformsInfoProfileID nicht vorhanden (ID={0})

+2269=Fehler beim Parsen der Transformation [{0}]

+2270=Fehler beim Decodieren des Hash-Wertes

+2271=Falsche Anzahl an ReferenceInfo Elementen in SignatureManfestCheckParams

+2280=Die Angabe XMLContent wird derzeit nicht unterstützt

+2281=XML-Supplement kann nicht serialisiert werden (Reference="{0}")

+2282=Datenobjekt mit der URI={0} wurde dem Request nicht bereit gestellt

+2290=Fehler bei der QC bzw. SSCD Prüfung via TSL

+2300=Fehler bei der Erstellen der CMS Signatur

+2301=Fehler beim Lesen des zu signierenden Datenobjekts

+

+

+2900=Interner Server-Fehler

+

+3201=Objekt kann nicht geladen werden (Reference="{0}", LocRef-URI="{1}")

+3202=Supplement für Signaturumgebung kann nicht geladen werden (Reference="{0}", LocRef-URI="{1}")

+3203=Signaturumgebung kann nicht geladen werden (Reference="{0}", LocRef-URI="{1}")

+

+4001=Externe URI {0} darf nicht geladen werden (externe sind URIs verboten und URI befindet sich nicht auf der Whitelist)

+4002=Externe URI {0} befindet sich auf der Blacklist und darf nicht geladen werden

+4003=IP-Adresse für {0} konnte nicht ermitteln werden 

+ 

+

+9900=Nicht klassifizierter Fehler in Subsystem

+9901=Nicht klassifizierter Laufzeitfehler in Subsystem

+9999=Nicht klassifizierter Fehler

+

+

+#

+# Server internal messages

+#

+

+init.00=Fehler beim Lesen der MOA SP/SS Konfiguration: das Service steht nicht zur Verfügung

+init.01=MOA SP/SS Konfiguration erfolgreich geladen

+init.02=Fehler beim Löschen der Archivdaten

+init.03=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar

+init.04=Fehler beim Initialisieren des Schema Pools

+

+config.00=Fehler beim Erstellen des KeyGroupMapping: KeyGroup mit id={0} unbekannt - die Erstellung des KeyGroupMapping wird fortgeführt

+config.01=Fehler in der Konfiguration: Wert für maximale Archivierungsdauer von Widerrufsinformationen (ArchiveDuration) nicht konfiguriert oder ungültig

+config.02=Fehler in der Konfiguration: {0} mit id={1}: falscher Profiltyp in Datei {2}

+config.03=Fehler in der Konfiguration: {0} mit id={1} konnte nicht geladen werden

+config.04=Fehler in der Konfiguration: {0} mit id={1} existiert bereits

+config.05=Umgebungsvariable {0} nicht gesetzt: benutze Default-Konfiguration

+config.06=Die MOA SP/SS Konfiguration wurde erfolgreich aktualisiert.

+config.07=Fehler in der Konfiguration: Reason code {0} unbekannt

+config.08=Fehler beim Konfigurieren der IAIK-Module

+config.09=Fehler beim Öffnen der Schlüssel-Datei {0}

+config.10=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details)

+config.11=Fehler beim Erstellen der Konfiguration (siehe Log-Datei für Details)

+config.12=Fehler beim Einlesen des Profils

+config.13=Fehler beim Erstellen des CRLDistributionPoint: CAIssuerDN={0} ungültig

+config.14=Das Attribut {0} für das TrustProfile mit id={1} ist ungültig (Wert={2})

+config.15=Fehler beim Erstellen des TrustProfile id={0}: Name des Konfigurations-Verzeichnisses konnte nicht in eine URL umgewandet werden

+config.16=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumber={1})

+config.17=DigestAlgorithmName unbekannt (AlgorithmName={0})

+config.18=Lade Keystore: {0}

+config.19=Key ID={0}

+config.20=Fehler beim Aktualisieren der MOA SP/SS Konfiguration. Die bestehende Konfiguration wird beibehalten 

+config.21=Lade Konfiguration von {0}

+config.22=Lade {0} mit id={1} von Datei {2}

+config.23=MOA SP/SS Konfiguration: {0} nicht gesetzt oder ungültiger Wert, verwende den Default-Wert: {1}

+config.25=Fehler in der Konfiguration: Das SoftwareKeyModule mit id={0} konnte nicht geladen werden, da die Datei {1} nicht existiert oder ein Verzeichnis bezeichnet

+config.26=Fehler beim Erstellen der KeyGroup mit id={0}: KeyModule mit id={1} unbekannt

+config.27=Fehler in der Konfiguration: Das Attribut {0} des TrustProfiles mit id={1} zeigt nicht auf ein existierendes Verzeichnis

+config.28=Einen detaillierten Fehlerbericht entnehmen Sie bitte der Log-Datei.

+config.29=Es sind folgende leichte Fehler aufgetreten: 

+config.31=Fehler in der Konfiguration der KeyGroup mit id={0}: Der Schlüssel im KeyModule id={1} mit IssuerName={2} und SerialNumber={3} konnte nicht geladen werden

+config.32=Fehler in der Konfiguration: Verzeichnisangabe für den Zertifikatsspeicher ist ungültig ({0}).

+config.33=External URIs are allowed. Maybe a URI blacklist exists.

+config.34=Blacklisted URI: {0}.

+config.35=External URIs not allowed. Maybe a URI whitelist exists.

+config.36=No blacklisted URIs given.

+config.37=Fehler beim Erstellen der TSL Konfiguration: Name des TSL Arbeits-Verzeichnisses konnte nicht in eine URL umgewandet werden (Wert="{0}")

+config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis ist kein Verzeichnis (Wert="{0}")

+config.39=TSL Konfguration: Kein Attribut "{0}" angegeben oder Attribut konnte nicht ausgewertet werden. Verwenden Default-Wert ("{1}")

+config.40=Fehler beim Erstellen der TSL Konfiguration: Es wurde mindestens ein TrustProfile mit aktivierter TSL-Unterstützung konfiguriert. Die allgemeine TSL-Konfiguration ist jedoch fehlerhaft.  

+config.41=Initialisiere TSL Bibliothek

+config.42=Start updating TSL enabled truststores

+config.43=Update truststore with id "{0}"

+config.44=Retrieve certificates from TSL

+config.45=Create store updater

+config.46=Start periodical TSL update task at {0} and then every {1} milliseconds

+config.48=No whitelisted URIs given.

+config.49=Whitelisted URI: {0}.

+config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.

+config.51=Fehler beim Erstellen der TSL Konfiguration: TSL-Arbeitsverzeichnis ist fehlerhaft ({0}).

+

+handler.00=Starte neue Transaktion: TID={0}, Service={1}

+handler.01=Aufruf von Adresse={0}

+handler.02=Client-Zertifikat: Subject={0}, Serial={1}, Issuer={2}

+handler.03=Client-Zertifikat nicht verfügbar

+handler.04=Anfrage erfolgreich abgearbeitet

+handler.05=Fehler beim Abarbeiten der Anfrage

+handler.06=SOAP Attachment mit der id={0} für Request hinterlegt (MIME Type des Attachments={1})

+handler.07=SOAP Request empfangen: Request={0}

+

+invoker.00=Das Signature Environment konnte nicht validierend geparst werden

+invoker.01=Keine passende Transformationskette gefunden (Index={0})

+invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})

+invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})

+

+tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.

+tsl.01=Fehler bei der QC (qualifiziertes Zertifikat) bzw. SSCD (sichere Signaturerstellungseinheit) Überprüfung via TSL.
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/resources/resources/security/cacerts b/moaSig/moa-sig-lib/src/main/resources/resources/security/cacerts
new file mode 100644
index 0000000..6eeaba4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/resources/resources/security/cacerts
diff --git a/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.wsdl b/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.wsdl
new file mode 100644
index 0000000..f9b942a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.wsdl
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- 

+  Web Service Description for MOA SP/SS 1.4

+-->

+<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">

+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-2.0.0.xsd"/>

+	<message name="CreateCMSSignatureInput">

+		<part name="body" element="moa:CreateCMSSignatureRequest"/>

+	</message>

+	<message name="CreateCMSSignatureOutput">

+		<part name="body" element="moa:CreateCMSSignatureResponse"/>

+	</message>

+	<message name="CreateXMLSignatureInput">

+		<part name="body" element="moa:CreateXMLSignatureRequest"/>

+	</message>

+	<message name="CreateXMLSignatureOutput">

+		<part name="body" element="moa:CreateXMLSignatureResponse"/>

+	</message>

+	<message name="VerifyCMSSignatureInput">

+		<part name="body" element="moa:VerifyCMSSignatureRequest"/>

+	</message>

+	<message name="VerifyCMSSignatureOutput">

+		<part name="body" element="moa:VerifyCMSSignatureResponse"/>

+	</message>

+	<message name="VerifyXMLSignatureInput">

+		<part name="body" element="moa:VerifyXMLSignatureRequest"/>

+	</message>

+	<message name="VerifyXMLSignatureOutput">

+		<part name="body" element="moa:VerifyXMLSignatureResponse"/>

+	</message>

+	<message name="MOAFault">

+		<part name="body" element="moa:ErrorResponse"/>

+	</message>

+	<portType name="SignatureCreationPortType">

+		<operation name="createXMLSignature">

+			<input message="tns:CreateXMLSignatureInput"/>

+			<output message="tns:CreateXMLSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+		<operation name="createCMSSignature">

+			<input message="tns:CreateCMSSignatureInput"/>

+			<output message="tns:CreateCMSSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+	</portType>

+	<portType name="SignatureVerificationPortType">

+		<operation name="verifyCMSSignature">

+			<input message="tns:VerifyCMSSignatureInput"/>

+			<output message="tns:VerifyCMSSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+		<operation name="verifyXMLSignature">

+			<input message="tns:VerifyXMLSignatureInput"/>

+			<output message="tns:VerifyXMLSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+	</portType>

+	<binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">

+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

+		<operation name="createXMLSignature">

+			<soap:operation soapAction="urn:CreateXMLSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</fault>

+		</operation>

+		<operation name="createCMSSignature">

+			<soap:operation soapAction="urn:CreateCMSSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</fault>

+		</operation>

+	</binding>

+	<binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">

+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

+		<operation name="verifyCMSSignature">

+			<soap:operation soapAction="urn:VerifyCMSSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</fault>

+		</operation>

+		<operation name="verifyXMLSignature">

+			<soap:operation soapAction="urn:VerifyXMLSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</fault>

+		</operation>

+	</binding>

+	<service name="SignatureCreationService">

+		<port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">

+			<!--

+        Please note that the location URL must be adapted to the actual service URL.

+      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>

+      -->

+		</port>

+	</service>

+	<service name="SignatureVerificationService">

+		<port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">

+			<!--

+        Please note that the location URL must be adapted to the actual service URL.

+      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>

+      -->

+		</port>

+	</service>

+</definitions>

diff --git a/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.xsd b/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.xsd
new file mode 100644
index 0000000..4ae327a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.xsd
@@ -0,0 +1,471 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->

+<!--

+  MOA SP/SS 1.3 Schema

+-->

+<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">

+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>

+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>

+	<!--########## Create XML Signature ###-->

+	<!--### Create XML Signature Request ###-->

+	<xsd:element name="CreateXMLSignatureRequest">

+		<xsd:complexType>

+			<xsd:complexContent>

+				<xsd:extension base="CreateXMLSignatureRequestType"/>

+			</xsd:complexContent>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="CreateXMLSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>

+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">

+				<xsd:annotation>

+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">

+							<xsd:complexType>

+								<xsd:complexContent>

+									<xsd:extension base="DataObjectInfoType">

+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>

+									</xsd:extension>

+								</xsd:complexContent>

+							</xsd:complexType>

+						</xsd:element>

+						<xsd:element name="CreateSignatureInfo" minOccurs="0">

+							<xsd:complexType>

+								<xsd:sequence>

+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>

+									<xsd:choice>

+										<xsd:annotation>

+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>

+										</xsd:annotation>

+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>

+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>

+									</xsd:choice>

+								</xsd:sequence>

+							</xsd:complexType>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Create XML Signature Response ###-->

+	<xsd:complexType name="CreateXMLSignatureResponseType">

+		<xsd:choice maxOccurs="unbounded">

+			<xsd:annotation>

+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>

+			</xsd:annotation>

+			<xsd:element name="SignatureEnvironment">

+				<xsd:annotation>

+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:any namespace="##any" processContents="lax"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element ref="ErrorResponse"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>

+	<!--########## Verify CMS Signature ###-->

+	<!--### Verifiy CMS Signature Request ###-->

+	<xsd:element name="VerifyCMSSignatureRequest">

+		<xsd:complexType>

+			<xsd:complexContent>

+				<xsd:extension base="VerifyCMSSignatureRequestType">

+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>

+				</xsd:extension>

+			</xsd:complexContent>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:complexType name="VerifyCMSSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>

+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>

+			<xsd:element name="TrustProfileID" type="xsd:token">

+				<xsd:annotation>

+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Verify CMS Signature Response ###-->

+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>

+	<xsd:complexType name="VerifyCMSSignatureResponseType">

+		<xsd:sequence maxOccurs="unbounded">

+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">

+				<xsd:annotation>

+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="SignatureCheck" type="CheckResultType"/>

+			<xsd:element name="CertificateCheck" type="CheckResultType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Verify XML Signature ###-->

+	<!--### Verify XML Signature Request ###-->

+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>

+	<xsd:complexType name="VerifyXMLSignatureRequestType">

+		<xsd:sequence>

+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>

+			<xsd:element name="VerifySignatureInfo">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>

+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:choice minOccurs="0" maxOccurs="unbounded">

+				<xsd:element ref="SupplementProfile"/>

+				<xsd:element name="SupplementProfileID" type="xsd:string"/>

+			</xsd:choice>

+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">

+							<xsd:annotation>

+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>

+							</xsd:annotation>

+						</xsd:element>

+					</xsd:sequence>

+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>

+			<xsd:element name="TrustProfileID" type="xsd:token">

+				<xsd:annotation>

+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--### Verify XML Signature Response ###-->

+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>

+	<xsd:complexType name="VerifyXMLSignatureResponseType">

+		<xsd:sequence>

+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">

+				<xsd:annotation>

+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>

+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>

+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>

+			<xsd:element name="CertificateCheck" type="CheckResultType"/>			

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:simpleType name="ProfileIdentifierType">

+		<xsd:restriction base="xsd:token"/>

+	</xsd:simpleType>

+	<xsd:complexType name="InputDataType">

+		<xsd:complexContent>

+			<xsd:extension base="ContentExLocRefBaseType">

+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">

+					<xsd:simpleType>

+						<xsd:restriction base="xsd:token">

+							<xsd:enumeration value="SignedInfo"/>

+							<xsd:enumeration value="XMLDSIGManifest"/>

+						</xsd:restriction>

+					</xsd:simpleType>

+				</xsd:attribute>

+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="MetaInfoType">

+		<xsd:sequence>

+			<xsd:element name="MimeType" type="MimeTypeType"/>

+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>

+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="FinalDataMetaInfoType">

+		<xsd:complexContent>

+			<xsd:extension base="MetaInfoType">

+				<xsd:sequence>

+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>

+				</xsd:sequence>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="DataObjectInfoType">

+		<xsd:sequence>

+			<xsd:element name="DataObject">

+				<xsd:complexType>

+					<xsd:complexContent>

+						<xsd:extension base="ContentOptionalRefType"/>

+					</xsd:complexContent>

+				</xsd:complexType>

+			</xsd:element>

+			<xsd:choice>

+				<xsd:annotation>

+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>

+				</xsd:annotation>

+				<xsd:element ref="CreateTransformsInfoProfile"/>

+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>

+			</xsd:choice>

+		</xsd:sequence>

+		<xsd:attribute name="Structure" use="required">

+			<xsd:simpleType>

+				<xsd:restriction base="xsd:string">

+					<xsd:enumeration value="detached"/>

+					<xsd:enumeration value="enveloping"/>

+				</xsd:restriction>

+			</xsd:simpleType>

+		</xsd:attribute>

+	</xsd:complexType>

+	<xsd:complexType name="TransformsInfoType">

+		<xsd:sequence>

+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>

+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="XMLDataObjectAssociationType">

+		<xsd:sequence>

+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>

+			<xsd:element name="Content" type="ContentRequiredRefType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CMSDataObjectOptionalMetaType">

+		<xsd:sequence>

+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>

+			<xsd:element name="Content" type="CMSContentBaseType"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="CMSContentBaseType">

+		<xsd:complexContent>

+			<xsd:restriction base="ContentOptionalRefType">

+				<xsd:choice minOccurs="0">

+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+				</xsd:choice>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="CheckResultType">

+		<xsd:sequence>

+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="ReferencesCheckResultType">

+		<xsd:complexContent>

+			<xsd:restriction base="CheckResultType">

+				<xsd:sequence>

+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>

+				</xsd:sequence>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">

+		<xsd:complexContent mixed="true">

+			<xsd:restriction base="AnyChildrenType">

+				<xsd:sequence>

+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>

+				</xsd:sequence>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ManifestRefsCheckResultType">

+		<xsd:complexContent>

+			<xsd:restriction base="CheckResultType">

+				<xsd:sequence>

+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>

+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>

+				</xsd:sequence>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">

+		<xsd:complexContent mixed="true">

+			<xsd:restriction base="AnyChildrenType">

+				<xsd:sequence>

+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>

+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>

+				</xsd:sequence>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<!--########## Error Response ###-->

+	<xsd:element name="ErrorResponse" type="ErrorResponseType">

+		<xsd:annotation>

+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>

+		</xsd:annotation>

+	</xsd:element>

+	<xsd:complexType name="ErrorResponseType">

+		<xsd:sequence>

+			<xsd:element name="ErrorCode" type="xsd:integer"/>

+			<xsd:element name="Info" type="xsd:string"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<!--########## Auxiliary Types ###-->

+	<xsd:simpleType name="KeyIdentifierType">

+		<xsd:restriction base="xsd:string"/>

+	</xsd:simpleType>

+	<xsd:simpleType name="KeyStorageType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="Software"/>

+			<xsd:enumeration value="Hardware"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:simpleType name="MimeTypeType">

+		<xsd:restriction base="xsd:token"/>

+	</xsd:simpleType>

+	<xsd:complexType name="AnyChildrenType" mixed="true">

+		<xsd:sequence>

+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:complexType name="XMLContentType" mixed="true">

+		<xsd:complexContent mixed="true">

+			<xsd:extension base="AnyChildrenType">

+				<xsd:attribute ref="xml:space" use="optional"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ContentBaseType">

+		<xsd:choice minOccurs="0">

+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+			<xsd:element name="XMLContent" type="XMLContentType"/>

+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:complexType name="ContentExLocRefBaseType">

+		<xsd:complexContent>

+			<xsd:restriction base="ContentBaseType">

+				<xsd:choice minOccurs="0">

+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+					<xsd:element name="XMLContent" type="XMLContentType"/>

+				</xsd:choice>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ContentOptionalRefType">

+		<xsd:complexContent>

+			<xsd:extension base="ContentBaseType">

+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>

+			</xsd:extension>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="ContentRequiredRefType">

+		<xsd:complexContent>

+			<xsd:restriction base="ContentOptionalRefType">

+				<xsd:choice minOccurs="0">

+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>

+					<xsd:element name="XMLContent" type="XMLContentType"/>

+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>

+				</xsd:choice>

+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>

+			</xsd:restriction>

+		</xsd:complexContent>

+	</xsd:complexType>

+	<xsd:complexType name="VerifyTransformsDataType">

+		<xsd:choice maxOccurs="unbounded">

+			<xsd:annotation>

+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>

+			</xsd:annotation>

+			<xsd:element ref="VerifyTransformsInfoProfile"/>

+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">

+				<xsd:annotation>

+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+		</xsd:choice>

+	</xsd:complexType>

+	<xsd:element name="QualifiedCertificate"/>

+	<xsd:element name="SecureSignatureCreationDevice"/>

+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>

+	<xsd:complexType name="PublicAuthorityType">

+		<xsd:sequence>

+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>

+		</xsd:sequence>

+	</xsd:complexType>

+	<xsd:simpleType name="SignatoriesType">

+		<xsd:union memberTypes="AllSignatoriesType">

+			<xsd:simpleType>

+				<xsd:list itemType="xsd:positiveInteger"/>

+			</xsd:simpleType>

+		</xsd:union>

+	</xsd:simpleType>

+	<xsd:simpleType name="AllSignatoriesType">

+		<xsd:restriction base="xsd:string">

+			<xsd:enumeration value="all"/>

+		</xsd:restriction>

+	</xsd:simpleType>

+	<xsd:complexType name="CreateSignatureLocationType">

+		<xsd:simpleContent>

+			<xsd:extension base="xsd:token">

+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>

+			</xsd:extension>

+		</xsd:simpleContent>

+	</xsd:complexType>

+	<xsd:complexType name="TransformParameterType">

+		<xsd:choice minOccurs="0">

+			<xsd:annotation>

+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>

+			</xsd:annotation>

+			<xsd:element name="Base64Content" type="xsd:base64Binary">

+				<xsd:annotation>

+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>

+				</xsd:annotation>

+			</xsd:element>

+			<xsd:element name="Hash">

+				<xsd:annotation>

+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>

+				</xsd:annotation>

+				<xsd:complexType>

+					<xsd:sequence>

+						<xsd:element ref="dsig:DigestMethod"/>

+						<xsd:element ref="dsig:DigestValue"/>

+					</xsd:sequence>

+				</xsd:complexType>

+			</xsd:element>

+		</xsd:choice>

+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>

+	</xsd:complexType>

+	<xsd:element name="CreateSignatureEnvironmentProfile">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>

+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="VerifyTransformsInfoProfile">

+		<xsd:annotation>

+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>

+		</xsd:annotation>

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>

+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">

+					<xsd:annotation>

+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>

+					</xsd:annotation>

+				</xsd:element>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>

+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>

+	<xsd:element name="CreateTransformsInfoProfile">

+		<xsd:complexType>

+			<xsd:sequence>

+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>

+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>

+			</xsd:sequence>

+		</xsd:complexType>

+	</xsd:element>

+</xsd:schema>

diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/AllTests.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/AllTests.java
new file mode 100644
index 0000000..16d9dc9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/AllTests.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss;
+
+import test.at.gv.egovernment.moa.spss.server.iaik.config.ConfigurationDataImplTest;
+import test.at.gv.egovernment.moa.spss.server.iaik.config.IaikConfiguratorTest;
+import test.at.gv.egovernment.moa.spss.server.tools.CertToolTest;
+
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * Test suite for all unit tests.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class AllTests {
+
+  public static Test suite() {
+    TestSuite suite = new TestSuite();
+
+    suite.addTestSuite(test.at.gv.egovernment.moa.spss.server.config.AllTests.class);
+    suite.addTestSuite(ConfigurationDataImplTest.class);
+    suite.addTestSuite(IaikConfiguratorTest.class);
+    suite.addTest(
+      test.at.gv.egovernment.moa.spss.server.invoke.AllTests.suite());
+    suite.addTest(test.at.gv.egovernment.moa.spss.api.xmlbind.AllTests.suite());
+    suite.addTestSuite(CertToolTest.class);
+
+    return suite;
+  }
+
+  public static void main(String[] args) {
+    try {
+      TestRunner.run(AllTests.class);
+    } catch (Exception e) {
+      e.printStackTrace();
+    }
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java
new file mode 100644
index 0000000..64ab7db
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss;
+
+import java.security.Security;
+
+import test.at.gv.egovernment.moa.MOATestCase;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.util.MessageProvider;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * Base class for MOA test cases.
+ * 
+ * Provides some utility functions.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SPSSTestCase extends MOATestCase {
+
+  protected static final String TESTDATA_ROOT = "data/test/";
+
+  /**
+   * Constructor for MOATestCase.
+   * @param arg0
+   */
+  public SPSSTestCase(String name) {
+    super(name);
+  }
+
+  /**
+   * Set up a transaction context with a test configuration.
+   */
+  protected void setUpTransactionContext() throws Exception {
+    System.setProperty(
+      ConfigurationProvider.CONFIG_PROPERTY_NAME,
+      "data/test/conf/moa-spss/MOA-SPSSConfiguration.xml");
+    ConfigurationProvider config = ConfigurationProvider.getInstance();
+    TransactionContext context = new TransactionContext("test", null, config);
+    TransactionContextManager.getInstance().setTransactionContext(context);
+  }
+  
+  protected void setUpLoggingContext() throws Exception {
+    LoggingContext context = new LoggingContext("test");
+    LoggingContextManager.getInstance().setLoggingContext(context);
+  }
+
+  /**
+   * Configure the IAIK modules with the current configuration.
+   * 
+   * A <code>TransactionContext</code> must have been set up before.
+   */
+  protected void setUpIaikConfiguration() throws Exception {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ClassLoader cl = getClass().getClassLoader();
+    MessageProvider msg = MessageProvider.getInstance();
+    
+    try {
+      cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
+    } catch (ClassNotFoundException e) {
+      Logger.warn(msg.getMessage("init.03", null), e);
+    }
+
+    new IaikConfigurator().configure(context.getConfiguration());
+  }
+  
+  protected void setUpSSL() throws Exception {
+    //System.setProperty("javax.net.debug", "all");
+    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    System.setProperty(
+      "java.protocol.handler.pkgs",
+      "com.sun.net.ssl.internal.www.protocol");
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/AllTests.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/AllTests.java
new file mode 100644
index 0000000..767327d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/AllTests.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.api.xmlbind;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * Runs all tests in this package.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class AllTests {
+  public static Test suite() {
+    TestSuite suite = new TestSuite();
+
+    suite.addTestSuite(CreateXMLSignatureRequestParserTest.class);
+    suite.addTestSuite(TransformParserTest.class);
+    suite.addTestSuite(VerifyCMSSignatureRequestParserTest.class);
+    suite.addTestSuite(VerifyXMLSignatureRequestParserTest.class);
+
+    return suite;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParserTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParserTest.java
new file mode 100644
index 0000000..dc67231
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParserTest.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.api.xmlbind;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+
+/**
+ * Test the <code>CreateXMLSignatureRequestParser</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateXMLSignatureRequestParserTest extends SPSSTestCase {
+  private static final String TESTDATA_BASE =
+    TESTDATA_ROOT + "xml/CreateXMLSignature/";
+
+  private CreateXMLSignatureRequestParser requestParser;
+
+  public CreateXMLSignatureRequestParserTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    requestParser = new CreateXMLSignatureRequestParser();
+  }
+
+  public void testParse() throws Exception {
+    Element requestElem =
+      parseXml(TESTDATA_BASE + "TestGeneratorCX2.001.Req.xml")
+        .getDocumentElement();
+    CreateXMLSignatureRequest request = requestParser.parse(requestElem);
+    SingleSignatureInfo sigInfo;
+    DataObjectInfo dataObjInfo;
+    CreateTransformsInfoProfileExplicit transProfile;
+    CreateSignatureEnvironmentProfileExplicit envProfile;
+
+    assertNotNull(request);
+    assertEquals("PKCS12RSAKey1", request.getKeyIdentifier());
+    assertEquals(1, request.getSingleSignatureInfos().size());
+
+    sigInfo = (SingleSignatureInfo) request.getSingleSignatureInfos().get(0);
+    assertEquals(1, sigInfo.getDataObjectInfos().size());
+    assertFalse(sigInfo.isSecurityLayerConform());
+    
+    dataObjInfo = (DataObjectInfo) sigInfo.getDataObjectInfos().get(0);
+    assertNotNull(dataObjInfo.getDataObject());
+    
+    transProfile =
+      (CreateTransformsInfoProfileExplicit) dataObjInfo
+        .getCreateTransformsInfoProfile();
+    assertNotNull(
+      transProfile.getCreateTransformsInfo().getFinalDataMetaInfo());
+
+    envProfile =
+      (CreateSignatureEnvironmentProfileExplicit) sigInfo
+        .getCreateSignatureInfo()
+        .getCreateSignatureEnvironmentProfile();
+    assertEquals(
+      "//data:Document",
+      envProfile.getCreateSignatureLocation().getXPathExpression());
+    assertEquals(0, envProfile.getCreateSignatureLocation().getIndex());
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/TransformParserTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/TransformParserTest.java
new file mode 100644
index 0000000..be6a24d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/TransformParserTest.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import at.gv.egovernment.moa.spss.api.common.CanonicalizationTransform;
+import at.gv.egovernment.moa.spss.api.common.EnvelopedSignatureTransform;
+import at.gv.egovernment.moa.spss.api.common.ExclusiveCanonicalizationTransform;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform;
+import at.gv.egovernment.moa.spss.api.common.XPathTransform;
+import at.gv.egovernment.moa.spss.api.common.XSLTTransform;
+import at.gv.egovernment.moa.spss.api.xmlbind.TransformParser;
+
+/**
+ * Test the <code>TransformParser</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TransformParserTest extends SPSSTestCase {
+  private static String TESTDATA_BASE = TESTDATA_ROOT + "xml/dsigTransform/";
+
+  private TransformParser transformParser;
+
+  public TransformParserTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() {
+    transformParser = new TransformParser();
+  }
+
+  public void testParseTransforms() throws Exception {
+    Element transformsElem =
+      parseXml(TESTDATA_BASE + "transforms.xml").getDocumentElement();
+    List transforms = transformParser.parseTransforms(transformsElem);
+
+    assertNotNull(transforms);
+    assertEquals(3, transforms.size());
+
+  }
+
+  public void testParseCanonicalizationTransform() throws Exception {
+    Element transformElem =
+      parseXml(TESTDATA_BASE + "canonicalization.xml").getDocumentElement();
+    CanonicalizationTransform transform =
+      (CanonicalizationTransform) transformParser.parseTransform(transformElem);
+
+    assertNotNull(transform);
+    assertEquals(
+      CanonicalizationTransform.CANONICAL_XML,
+      transform.getAlgorithmURI());
+  }
+
+  public void testParseExclCanonicalizationTransform() throws Exception {
+    Element transformElem =
+      parseXml(TESTDATA_BASE + "exclusiveCanonicalization.xml")
+        .getDocumentElement();
+    ExclusiveCanonicalizationTransform transform =
+      (ExclusiveCanonicalizationTransform) transformParser.parseTransform(
+        transformElem);
+
+    assertNotNull(transform);
+    assertEquals(
+      ExclusiveCanonicalizationTransform.EXCLUSIVE_CANONICAL_XML,
+      transform.getAlgorithmURI());
+    assertEquals(3, transform.getInclusiveNamespacePrefixes().size());
+  }
+
+  public void testParseEnvelopedTransform() throws Exception {
+    Element transformElem =
+      parseXml(TESTDATA_BASE + "enveloped.xml").getDocumentElement();
+    EnvelopedSignatureTransform transform =
+      (EnvelopedSignatureTransform) transformParser.parseTransform(
+        transformElem);
+
+    assertNotNull(transform);
+  }
+
+  public void testParseXPathTransform() throws Exception {
+    Element transformElem =
+      parseXml(TESTDATA_BASE + "xpath.xml").getDocumentElement();
+    XPathTransform transform =
+      (XPathTransform) transformParser.parseTransform(transformElem);
+
+    assertNotNull(transform);
+    assertEquals("//ToBeSigned/Data", transform.getXPathExpression());
+    assertEquals(1, transform.getNamespaceDeclarations().size());
+  }
+
+  public void testParseXPathFilter2Transform() throws Exception {
+    Element transformElem =
+      parseXml(TESTDATA_BASE + "xpath2.xml").getDocumentElement();
+    XPathFilter2Transform transform =
+      (XPathFilter2Transform) transformParser.parseTransform(transformElem);
+
+    assertNotNull(transform);
+    assertEquals(3, transform.getFilters().size());
+  }
+
+  public void testParseXSLTTransform() throws Exception {
+    Element transformElem =
+      parseXml(TESTDATA_BASE + "xslt.xml").getDocumentElement();
+    XSLTTransform transform =
+      (XSLTTransform) transformParser.parseTransform(transformElem);
+
+    assertNotNull(transform);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParserTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParserTest.java
new file mode 100644
index 0000000..73bf54f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParserTest.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.api.xmlbind;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyCMSSignatureRequestParser;
+
+/**
+ * Test the <code>VerifyCMSSignatureRequestParserTest</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyCMSSignatureRequestParserTest extends SPSSTestCase {
+  private static String TESTDATA_BASE =
+    TESTDATA_ROOT + "xml/VerifyCMSSignature/";
+
+  private VerifyCMSSignatureRequestParser requestParser;
+
+  public VerifyCMSSignatureRequestParserTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    requestParser = new VerifyCMSSignatureRequestParser();
+  }
+
+  public void testParse() throws Exception {
+    Element requestElem =
+      parseXml(TESTDATA_BASE + "TestGeneratorVC0.001.Req.xml")
+        .getDocumentElement();
+    VerifyCMSSignatureRequest request = requestParser.parse(requestElem);
+    MetaInfo metaInfo;
+    CMSContentExcplicit content;
+
+    assertNotNull(request);
+    assertEquals(1, request.getSignatories()[0]);
+    assertEquals(
+      DateTimeUtils.parseDateTime("2003-04-04T09:30:47-05:00"),
+      request.getDateTime());
+    assertNotNull(request.getCMSSignature());
+    assertNotNull(request.getDataObject());
+    assertEquals("TrustProfile1", request.getTrustProfileId());
+    
+    metaInfo = request.getDataObject().getMetaInfo();
+    assertNotNull(metaInfo);
+    assertEquals("text/plain", metaInfo.getMimeType());
+    assertEquals("http://10.16.46.109/TestDatenGenerator/resources/testDaten.txt", metaInfo.getDescription());
+    
+    content = (CMSContentExcplicit) request.getDataObject().getContent();
+    assertNotNull(content.getBinaryContent());
+    
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParserTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParserTest.java
new file mode 100644
index 0000000..66d7efa
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParserTest.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.api.xmlbind;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+
+/**
+ * Test the <code>VerifyXMLSignatureRequestParserTest</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestParserTest extends SPSSTestCase {
+  private static String TESTDATA_BASE =
+    TESTDATA_ROOT + "xml/VerifyXMLSignature/";
+
+  private VerifyXMLSignatureRequestParser parser;
+
+  public VerifyXMLSignatureRequestParserTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    parser = new VerifyXMLSignatureRequestParser();
+  }
+
+  public void testParse() throws Exception {
+    Element requestElem =
+      parseXml(TESTDATA_BASE + "TestGeneratorVX.201.Req.xml")
+        .getDocumentElement();
+    VerifyXMLSignatureRequest request = parser.parse(requestElem);
+    VerifySignatureInfo verifySignatureInfo;
+    VerifySignatureLocation verifyLocation;
+    SignatureManifestCheckParams checkParams;
+    ReferenceInfo refInfo;
+    VerifyTransformsInfoProfileExplicit transformsProfile;
+
+    assertNotNull(request);
+    assertEquals(
+      DateTimeUtils.parseDateTime("2003-04-01T12:53:57+01:00"),
+      request.getDateTime());
+    assertFalse(request.getReturnHashInputData());
+    assertEquals("TrustProfile1", request.getTrustProfileId());
+
+    verifySignatureInfo = request.getSignatureInfo();
+    assertNotNull(verifySignatureInfo);
+    assertNotNull(verifySignatureInfo.getVerifySignatureEnvironment());
+
+    verifyLocation = verifySignatureInfo.getVerifySignatureLocation();
+    assertNotNull(verifyLocation);
+    assertEquals("//dsig:Signature", verifyLocation.getXPathExpression());
+    assertEquals(3, verifyLocation.getNamespaceDeclarations().size());
+
+    checkParams = request.getSignatureManifestCheckParams();
+    assertNotNull(checkParams);
+    assertEquals(true, checkParams.getReturnReferenceInputData());
+    assertEquals(1, checkParams.getReferenceInfos().size());
+
+    refInfo = (ReferenceInfo) checkParams.getReferenceInfos().get(0);
+    assertEquals(1, refInfo.getVerifyTransformsInfoProfiles().size());
+
+    transformsProfile =
+      (VerifyTransformsInfoProfileExplicit) refInfo
+        .getVerifyTransformsInfoProfiles()
+        .get(0);
+    assertEquals(1, transformsProfile.getTransforms().size());
+    assertEquals(1, transformsProfile.getTransformParameters().size());
+
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/AllTests.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/AllTests.java
new file mode 100644
index 0000000..a022bbc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/AllTests.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.config;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class AllTests
+{
+  public static Test suite()
+  {
+    TestSuite suite = new TestSuite();
+    suite.addTestSuite(ConfigurationProviderTest1.class);    
+    suite.addTestSuite(ConfigurationProviderTest2.class);    
+    suite.addTestSuite(ConfigurationProviderTest3.class); 
+    return suite;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest1.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest1.java
new file mode 100644
index 0000000..180b94d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest1.java
@@ -0,0 +1,401 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.config;
+
+import iaik.asn1.structures.Name;
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+
+import java.math.BigInteger;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.server.config.CRLDistributionPoint;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule;
+import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule;
+import at.gv.egovernment.moa.spss.server.config.KeyGroup;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.config.OCSPDistributionPoint;
+import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class ConfigurationProviderTest1 extends TestCase
+{
+  private static final String CONFIG_BASE_ =
+    "e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/";
+  
+  static at.gv.egovernment.moa.spss.server.config.ConfigurationProvider provider_;
+  
+  static 
+  {
+    System.setProperty(
+      "log4j.configuration",
+      "file:/" + CONFIG_BASE_ + "log4j.properties");
+    System.setProperty(
+      at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.CONFIG_PROPERTY_NAME, 
+      CONFIG_BASE_ + "moa.spss.complete-config.xml");
+    try
+    {
+      ConfigurationProvider.reload();
+      provider_ = at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.getInstance();
+    }
+    catch (ConfigurationException e)
+    {
+      throw new RuntimeException("Fehler beim Setup des Tests: " + e.getMessage());
+    }
+  }
+  
+  /**
+   * Constructor for ConfigurationProvider.
+   * @param arg0
+   */
+  public ConfigurationProviderTest1() throws MOAException
+  {
+    super("ConfigurationProvider");
+  }
+  
+  public void testGetWarnings()
+  {
+    assertEquals(0, provider_.getWarnings().size());
+  }
+
+  public void testGetDigestMethodAlgorithmName()
+  {
+    assertEquals(
+      Constants.SHA1_URI,
+      provider_.getDigestMethodAlgorithmName());
+  }
+
+  public void testGetCanonicalizationAlgorithmName()
+  {
+    assertEquals(
+      Constants.C14N_WITH_COMMENTS_URI,
+      provider_.getCanonicalizationAlgorithmName());
+  }
+
+  public void testGetHardwareCryptoModules()
+  {
+    List hwcms = provider_.getHardwareCryptoModules();
+    assertEquals(2, hwcms.size());
+    
+    HardwareCryptoModule hwc1 = (HardwareCryptoModule) hwcms.get(0);
+    assertEquals("HWC1_Name", hwc1.getName());
+    assertEquals("HWC1_SlotId", hwc1.getSlotID());
+    assertEquals("HWC1_UserPIN", hwc1.getUserPIN());
+    
+    HardwareCryptoModule hwc2 = (HardwareCryptoModule) hwcms.get(1);
+    assertEquals("HWC2_Name", hwc2.getName());
+    assertNull(hwc2.getSlotID());
+    assertEquals("HWC2_UserPIN", hwc2.getUserPIN());
+  }
+
+  public void testGetHardwareKeyModules()
+  {
+    List hwkms = provider_.getHardwareKeyModules();
+    assertEquals(2, hwkms.size());
+    
+    HardwareKeyModule hwk1 = (HardwareKeyModule) hwkms.get(0);
+    assertEquals("HWK1_Id", hwk1.getId());
+    assertEquals("HWK1_Name", hwk1.getName());
+    assertEquals("HWK1_SlotId", hwk1.getSlotID());
+    assertEquals("HWK1_UserPIN", hwk1.getUserPIN());
+    
+    HardwareKeyModule hwk2 = (HardwareKeyModule) hwkms.get(1);
+    assertEquals("HWK2_Id", hwk2.getId());
+    assertEquals("HWK2_Name", hwk2.getName());
+    assertNull(hwk2.getSlotID());
+    assertEquals("HWK2_UserPIN", hwk2.getUserPIN());
+  }
+
+  public void testGetSoftwareKeyModules()
+  {
+    List swkms = provider_.getSoftwareKeyModules();
+    assertEquals(2, swkms.size());
+    
+    SoftwareKeyModule swk1 = (SoftwareKeyModule) swkms.get(0);
+    assertEquals("SWK1_Id", swk1.getId());
+    assertEquals(CONFIG_BASE_ + "swk/SWK1_FileName.txt", swk1.getFileName().replace('\\', '/'));
+    assertEquals("SWK1_Password", swk1.getPassWord());
+
+    SoftwareKeyModule swk2 = (SoftwareKeyModule) swkms.get(1);
+    assertEquals("SWK2_Id", swk2.getId());
+    assertEquals(CONFIG_BASE_ + "swk/SWK2_FileName.txt", swk2.getFileName().replace('\\', '/'));
+    assertNull(swk2.getPassWord());
+  }
+
+  public void testGetKeyGroups()
+  {
+    Map keyGroups = provider_.getKeyGroups();
+    assertEquals(2, keyGroups.size());
+    
+    KeyGroup kg1 = (KeyGroup) keyGroups.get("KG1_Id");
+    assertNotNull(kg1);
+    assertEquals("KG1_Id", kg1.getId());
+    
+    Set kg1Entries = kg1.getKeyGroupEntries();
+    assertEquals(2, kg1Entries.size());
+
+    Iterator kg1EntriesIt = kg1Entries.iterator();
+    while(kg1EntriesIt.hasNext())
+    {
+      KeyGroupEntry currentEntry = (KeyGroupEntry)kg1EntriesIt.next();
+      if ("HWK1_Id".equals(currentEntry.getModuleID()))
+      {
+		    assertEquals("CN=HWK1_Issuer", currentEntry.getIssuerDN());
+		    assertEquals(0, currentEntry.getSerialNumber().intValue());
+      }
+      else if ("HWK2_Id".equals(currentEntry.getModuleID()))
+      {
+		    assertEquals("CN=HWK2_Issuer", currentEntry.getIssuerDN());
+		    assertEquals(1, currentEntry.getSerialNumber().intValue());
+      }
+      else fail("Invalid module identifer found.");
+    }
+    
+    KeyGroup kg2 = (KeyGroup) keyGroups.get("KG2_Id");
+    assertNotNull(kg2);
+    assertEquals("KG2_Id", kg2.getId());
+    
+    Set kg2Entries = kg2.getKeyGroupEntries();
+    assertEquals(2, kg2Entries.size());
+    
+    Iterator kg2EntriesIt = kg1Entries.iterator();
+    while(kg1EntriesIt.hasNext())
+    {
+      KeyGroupEntry currentEntry = (KeyGroupEntry)kg2EntriesIt.next();
+      if ("SWK1_Id".equals(currentEntry.getModuleID()))
+      {
+		    assertEquals("CN=CN=SWK1_Issuer", currentEntry.getIssuerDN());
+		    assertEquals(2, currentEntry.getSerialNumber().intValue());
+      }
+      else if ("SWK2_Id".equals(currentEntry.getModuleID()))
+      {
+		    assertEquals("CN=SWK2_Issuer", currentEntry.getIssuerDN());
+		    assertEquals(3, currentEntry.getSerialNumber().intValue());
+      }
+      else fail("Invalid module identifer found.");
+    }
+  }
+
+  public void testGetKeyGroupEntries() throws RFC2253NameParserException
+  {
+    RFC2253NameParser parser = new RFC2253NameParser("CN=Customer1_Issuer");
+    Name name = parser.parse();
+    Set kgEntries = provider_.getKeyGroupEntries(name, BigInteger.valueOf(4), "KG1_Id");
+    assertEquals(2, kgEntries.size());
+
+    Iterator kgEntriesIt = kgEntries.iterator();
+    while (kgEntriesIt.hasNext())
+    {
+      KeyGroupEntry currentEntry = (KeyGroupEntry) kgEntriesIt.next();
+      if (!"HWK1_Id".equals(currentEntry.getModuleID()) && !"HWK2_Id".equals(currentEntry.getModuleID())) 
+      {
+        fail("Invalid module identifier found.");
+      }
+    }
+  }
+
+  public void testGetChainingMode() throws RFC2253NameParserException
+  {
+    X509Certificate cert = new X509Certificate();
+    RFC2253NameParser parser = new RFC2253NameParser("CN=Unknown");
+    Name name = parser.parse();
+    cert.setIssuerDN(name);
+    cert.setSerialNumber(BigInteger.valueOf(0));
+    assertEquals(ChainingModes.PKIX_MODE, provider_.getChainingMode(cert)); // Default chaining mode
+    
+    parser = new RFC2253NameParser("CN=TA1_Issuer");
+    name = parser.parse();
+    cert.setIssuerDN(name);
+    cert.setSerialNumber(BigInteger.valueOf(5));
+    assertEquals(ChainingModes.CHAIN_MODE, provider_.getChainingMode(cert));
+  }
+
+  public void testGetDistributionPoints() throws RFC2253NameParserException
+  {
+    X509Certificate cert = new X509Certificate();
+    RFC2253NameParser parser = new RFC2253NameParser("CN=DP1_Issuer");
+    Name name = parser.parse();
+    cert.setIssuerDN(name);
+
+    Set dps = provider_.getDistributionPoints(cert);
+    assertEquals(2, dps.size());
+    
+    Iterator dpIt = dps.iterator();
+    while (dpIt.hasNext())
+    {
+      CRLDistributionPoint currentDP = (CRLDistributionPoint)dpIt.next();
+      if ("http://crl.myca.org".equals(currentDP.getUri()))
+      {
+        int reasonCodes =       
+          iaik.asn1.structures.DistributionPoint.unused |
+          iaik.asn1.structures.DistributionPoint.keyCompromise |
+          iaik.asn1.structures.DistributionPoint.cACompromise |
+          iaik.asn1.structures.DistributionPoint.affiliationChanged |
+          iaik.asn1.structures.DistributionPoint.superseded |
+          iaik.asn1.structures.DistributionPoint.cessationOfOperation |
+          iaik.asn1.structures.DistributionPoint.certificateHold |
+          iaik.asn1.structures.DistributionPoint.privilegeWithdrawn |
+          iaik.asn1.structures.DistributionPoint.aACompromise;
+        assertEquals(reasonCodes, currentDP.getReasonCodes());
+      }
+      else if ("http://crl.myotherca.org".equals(currentDP.getUri()))
+      {
+        int reasonCodes =
+          iaik.asn1.structures.DistributionPoint.aACompromise |
+          iaik.asn1.structures.DistributionPoint.affiliationChanged;
+        assertEquals(reasonCodes, currentDP.getReasonCodes());
+      }
+      else fail("Invalid CRL DP URI found: " + currentDP.getUri());  
+    }
+    
+    parser = new RFC2253NameParser("CN=DP2_Issuer");
+    name = parser.parse();
+    cert.setIssuerDN(name);
+
+    dps = provider_.getDistributionPoints(cert);
+    assertEquals(1, dps.size());
+    
+    OCSPDistributionPoint dpo = (OCSPDistributionPoint) dps.toArray()[0];
+    assertEquals("http://crl.yetanotherca.org", dpo.getUri());
+  }
+
+  public void testGetCRLArchiveDuration()
+  {
+    assertEquals(730, provider_.getCRLArchiveDuration());
+  }
+
+  public void testGetEnableRevocationArchiving()
+  {
+    assertFalse(provider_.getEnableRevocationArchiving());
+  }
+
+  public void testGetCertStoreLocation()
+  {
+    assertEquals(
+      CONFIG_BASE_ + "certstore_test", 
+      provider_.getCertStoreLocation().replace('\\', '/'));
+  }
+
+  public void testGetCreateTransformsInfoProfile()
+  {
+    Element ctip1 = provider_.getCreateTransformsInfoProfile("CTIP_1");
+    assertEquals("CreateTransformsInfoProfile", ctip1.getLocalName());
+
+    Element ctip2 = provider_.getCreateTransformsInfoProfile("CTIP_2");
+    assertEquals("CreateTransformsInfoProfile", ctip2.getLocalName());
+  }
+
+  public void testGetCreateSignatureEnvironmentProfile()
+  {
+    Element csep = provider_.getCreateSignatureEnvironmentProfile("CSEP_1");
+    assertEquals("CreateSignatureEnvironmentProfile", csep.getLocalName());
+  }
+
+  public void testGetVerifyTransformsInfoProfile()
+  {
+    Element vtip = provider_.getVerifyTransformsInfoProfile("VTIP_1");
+    assertEquals("VerifyTransformsInfoProfile", vtip.getLocalName());
+  }
+
+  public void testGetSupplementProfile()
+  {
+    Element sp = provider_.getSupplementProfile("SP_1");
+    assertEquals("SupplementProfile", sp.getLocalName());
+  }
+
+  public void testGetTrustProfile()
+  {
+    TrustProfile tp1 = provider_.getTrustProfile("TP1_Id");
+    assertEquals(
+      "file:/" + CONFIG_BASE_ + "trustprofiles/tp1/anchors",
+      tp1.getUri());
+    assertEquals(
+      "file:/" + CONFIG_BASE_ + "trustprofiles/tp1/signercerts",
+      tp1.getSignerCertsUri());
+    
+    TrustProfile tp2 = provider_.getTrustProfile("TP2_Id");
+    assertEquals(
+      "file:" + CONFIG_BASE_ + "trustprofiles/tp2/anchors",
+      tp2.getUri());
+    assertEquals(
+      "file:" + CONFIG_BASE_ + "trustprofiles/tp2/signercerts",
+      tp2.getSignerCertsUri());
+  }
+
+  public void testGetRevocationArchiveJDBCURL()
+  {
+    assertEquals("jdbc://dummy", provider_.getRevocationArchiveJDBCURL());
+  }
+
+  public void testGetRevocationArchiveJDBCDriverClass()
+  {
+    assertEquals("fully.qualified.classname", provider_.getRevocationArchiveJDBCDriverClass());
+  }
+
+  public void testGetEnableRevocationChecking()
+  {
+    assertFalse(provider_.getEnableRevocationChecking());
+  }
+
+  public void testGetMaxRevocationAge()
+  {
+    assertEquals(10000, provider_.getMaxRevocationAge());
+  }
+
+  public void testGetServiceOrder()
+  {
+    String[] serviceOrder = provider_.getServiceOrder();
+    assertEquals(2, serviceOrder.length);
+    assertEquals("crl", serviceOrder[0]);
+    assertEquals("ocsp", serviceOrder[1]);
+  }
+
+  public void testGetAutoAddCertificates()
+  {
+    assertFalse(provider_.getAutoAddCertificates());
+  }
+
+  public void testGetUseAuthorityInfoAccess()
+  {
+    assertFalse(provider_.getUseAuthorityInfoAccess());
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest2.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest2.java
new file mode 100644
index 0000000..45cae37
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest2.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.config;
+
+import iaik.asn1.structures.Name;
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+
+import java.math.BigInteger;
+import java.util.List;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class ConfigurationProviderTest2 extends TestCase
+{
+  private static final String CONFIG_BASE_ =
+    "e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/";
+  
+  static at.gv.egovernment.moa.spss.server.config.ConfigurationProvider provider_;
+  
+  static 
+  {
+    System.setProperty(
+      "log4j.configuration",
+      "file:/" + CONFIG_BASE_ + "log4j.properties");
+    System.setProperty(
+      at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.CONFIG_PROPERTY_NAME, 
+      CONFIG_BASE_ + "moa.ss.noopts-config.xml");
+    try
+    {
+      ConfigurationProvider.reload();
+      provider_ = at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.getInstance();
+    }
+    catch (ConfigurationException e)
+    {
+      throw new RuntimeException("Fehler beim Setup des Tests: " + e.getMessage());
+    }
+  }
+  
+  
+  /**
+   * Constructor for ConfigurationProvider.
+   * @param arg0
+   */
+  public ConfigurationProviderTest2() throws MOAException
+  {
+    super("ConfigurationProvider");
+  }
+
+  public void testGetWarnings()
+  {
+    // 3 Warnings should be collected: C14N not found, DigestMethod not found, ArchiveDuration not found
+    assertEquals(3, provider_.getWarnings().size());
+  }
+
+  public void testGetDigestMethodAlgorithmName()
+  {
+    // Element is missing in config file, check if default value is returned
+    assertEquals(
+      Constants.SHA1_URI,
+      provider_.getDigestMethodAlgorithmName());
+  }
+
+  public void testGetCanonicalizationAlgorithmName()
+  {
+    // Element is missing in config file, check if default value is returned
+    assertEquals( 
+      Constants.C14N_URI,
+      provider_.getCanonicalizationAlgorithmName());
+  }
+
+  public void testGetHardwareCryptoModules()
+  {
+    // No hardware crypto modules in config file, check for empty list
+    List hwcms = provider_.getHardwareCryptoModules();
+    assertEquals(0, hwcms.size());
+  }
+
+  public void testGetHardwareKeyModules()
+  {
+    List hwkms = provider_.getHardwareKeyModules();
+    assertEquals(1, hwkms.size());
+  }
+
+  public void testGetSoftwareKeyModules()
+  {
+    // No software key modules in config file, check for empty list
+    List swkms = provider_.getSoftwareKeyModules();
+    assertEquals(0, swkms.size());
+  }
+
+  public void testGetChainingMode() throws RFC2253NameParserException
+  {
+    // Default Chaining Mode not set in configuration, check for default value
+    X509Certificate cert = new X509Certificate();
+    RFC2253NameParser parser = new RFC2253NameParser("CN=Unknown");
+    Name name = parser.parse();
+    cert.setIssuerDN(name);
+    cert.setSerialNumber(BigInteger.valueOf(0));
+    assertEquals(ChainingModes.PKIX_MODE, provider_.getChainingMode(cert)); 
+  }
+
+  public void testGetDistributionPoints() throws RFC2253NameParserException
+  {
+    // Element is missing in config file, check if emty list is returned
+    X509Certificate cert = new X509Certificate();
+    RFC2253NameParser parser = new RFC2253NameParser("CN=DP1_Issuer");
+    Name name = parser.parse();
+    cert.setIssuerDN(name);
+
+    Set dps = provider_.getDistributionPoints(cert);
+    assertEquals(0, dps.size());
+  }
+
+  public void testGetCRLArchiveDuration()
+  {
+    // Element is missing in config file, check if default value is returned
+    assertEquals(0, provider_.getCRLArchiveDuration());
+  }
+
+  public void testGetEnableRevocationArchiving()
+  {
+    // Element is missing in config file, check if default value is returned
+    assertFalse(provider_.getEnableRevocationArchiving());
+  }
+
+  public void testGetCertStoreLocation()
+  {
+    // Element is missing in config file, check if default value is returned
+    assertEquals(
+      CONFIG_BASE_ + "certstore", 
+      provider_.getCertStoreLocation().replace('\\', '/'));
+  }
+
+  public void testGetCreateTransformsInfoProfile()
+  {
+    // No profile in config file, check for null
+    Element ctip1 = provider_.getCreateTransformsInfoProfile("CTIP_1");
+    assertNull(ctip1);
+  }
+
+  public void testGetCreateSignatureEnvironmentProfile()
+  {
+    // No profile in config file, check for null
+    Element csep = provider_.getCreateSignatureEnvironmentProfile("CSEP_1");
+    assertNull(csep);
+  }
+
+  public void testGetVerifyTransformsInfoProfile()
+  {
+    // No profile in config file, check for null
+    Element vtip = provider_.getVerifyTransformsInfoProfile("VTIP_1");
+    assertNull(vtip);
+  }
+
+  public void testGetSupplementProfile()
+  {
+    // No profile in config file, check for null
+    Element sp = provider_.getSupplementProfile("SP_1");
+    assertNull(sp);
+  }
+
+  public void testGetTrustProfile()
+  {
+    // No trust profiles config file, check for null
+    TrustProfile tp1 = provider_.getTrustProfile("TP1_Id");
+    assertNull(tp1);
+  }
+
+  public void testGetRevocationArchiveJDBCURL()
+  {
+    // Element is missing in config file, check for null
+    assertNull(provider_.getRevocationArchiveJDBCURL());
+  }
+
+  public void testGetRevocationArchiveJDBCDriverClass()
+  {
+    // Element is missing in config file, check for null
+    assertNull(provider_.getRevocationArchiveJDBCDriverClass());
+  }
+
+  public void testGetEnableRevocationChecking()
+  {
+    // Element is missing in config file, check for default value
+    assertFalse(provider_.getEnableRevocationChecking());
+  }
+
+  public void testGetMaxRevocationAge()
+  {
+    // Element is missing in config file, check for default value
+    assertEquals(0, provider_.getMaxRevocationAge());
+  }
+
+  public void testGetServiceOrder()
+  {
+    // Element is missing in config file, check for empty array
+    String[] serviceOrder = provider_.getServiceOrder();
+    assertEquals(0, serviceOrder.length);
+  }
+
+  public void testGetAutoAddCertificates()
+  {
+    // Element is missing in config file, check for default value
+    assertFalse(provider_.getAutoAddCertificates());
+  }
+
+  public void testGetUseAuthorityInfoAccess()
+  {
+    // Element is missing in config file, check for default value
+    assertFalse(provider_.getUseAuthorityInfoAccess());
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest3.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest3.java
new file mode 100644
index 0000000..59fa200
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest3.java
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.config;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+
+import java.util.List;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class ConfigurationProviderTest3 extends TestCase
+{
+  private static final String CONFIG_BASE_ =
+    "e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/";
+  
+  static at.gv.egovernment.moa.spss.server.config.ConfigurationProvider provider_;
+  
+  static 
+  {
+    System.setProperty(
+      "log4j.configuration",
+      "file:/" + CONFIG_BASE_ + "log4j.properties");
+    System.setProperty(
+      at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.CONFIG_PROPERTY_NAME, 
+      CONFIG_BASE_ + "moa.sp.noopts-config.xml");
+    try
+    {
+      ConfigurationProvider.reload();
+      provider_ = at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.getInstance();
+    }
+    catch (ConfigurationException e)
+    {
+      throw new RuntimeException("Fehler beim Setup des Tests: " + e.getMessage());
+    }
+  }
+  
+  /**
+   * Constructor for ConfigurationProvider.
+   * @param arg0
+   */
+  public ConfigurationProviderTest3() throws MOAException
+  {
+    super("ConfigurationProvider");
+  }
+
+  public void testGetWarnings()
+  {
+    // 3 Warnings should be collected: C14N not found, DigestMethod not found, ArchiveDuration not found
+    assertEquals(3, provider_.getWarnings().size());
+  }
+
+  public void testGetDigestMethodAlgorithmName()
+  {
+    // Element is missing in config file, check if default value is returned
+    assertEquals(
+      Constants.SHA1_URI,
+      provider_.getDigestMethodAlgorithmName());
+  }
+
+  public void testGetCanonicalizationAlgorithmName()
+  {
+    // Element is missing in config file, check if default value is returned
+    assertEquals( 
+      Constants.C14N_URI,
+      provider_.getCanonicalizationAlgorithmName());
+  }
+
+  public void testGetHardwareCryptoModules()
+  {
+    // No hardware crypto modules in config file, check for empty list
+    List hwcms = provider_.getHardwareCryptoModules();
+    assertEquals(0, hwcms.size());
+  }
+
+  public void testGetHardwareKeyModules()
+  {
+    // No hardware key modules in config file, check for empty list
+    List hwkms = provider_.getHardwareKeyModules();
+    assertEquals(0, hwkms.size());
+  }
+
+  public void testGetSoftwareKeyModules()
+  {
+    // No software key modules in config file, check for empty list
+    List swkms = provider_.getSoftwareKeyModules();
+    assertEquals(0, swkms.size());
+  }
+
+  public void testGetDistributionPoints() throws RFC2253NameParserException
+  {
+    // No distribution points in config file, check for emtpy set
+    X509Certificate cert = new X509Certificate();
+    RFC2253NameParser parser = new RFC2253NameParser("CN=DP1_Issuer");
+    Name name = parser.parse();
+    cert.setIssuerDN(name);
+
+    Set dps = provider_.getDistributionPoints(cert);
+    assertEquals(0, dps.size());
+  }
+
+  public void testGetCRLArchiveDuration()
+  {
+    // No archive duration in config file, check for default value
+    assertEquals(0, provider_.getCRLArchiveDuration());
+  }
+
+  public void testGetCreateTransformsInfoProfile()
+  {
+    // No profile in config file, check for null
+    Element ctip1 = provider_.getCreateTransformsInfoProfile("CTIP_1");
+    assertNull(ctip1);
+  }
+
+  public void testGetCreateSignatureEnvironmentProfile()
+  {
+    // No profile in config file, check for null
+    Element csep = provider_.getCreateSignatureEnvironmentProfile("CSEP_1");
+    assertNull(csep);
+  }
+
+  public void testGetVerifyTransformsInfoProfile()
+  {
+    // No profile in config file, check for null
+    Element vtip = provider_.getVerifyTransformsInfoProfile("VTIP_1");
+    assertNull(vtip);
+  }
+
+  public void testGetSupplementProfile()
+  {
+    // No profile in config file, check for null
+    Element sp = provider_.getSupplementProfile("SP_1");
+    assertNull(sp);
+  }
+
+  public void testGetRevocationArchiveJDBCURL()
+  {
+    // No archive in config file, check for null
+    assertNull(provider_.getRevocationArchiveJDBCURL());
+  }
+
+  public void testGetRevocationArchiveJDBCDriverClass()
+  {
+    // No archive in config file, check for null
+    assertNull(provider_.getRevocationArchiveJDBCDriverClass());
+  }
+
+  public void testGetServiceOrder()
+  {
+    // Element is missing in config file, check for empty array
+    String[] serviceOrder = provider_.getServiceOrder();
+    assertEquals(0, serviceOrder.length);
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImplTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImplTest.java
new file mode 100644
index 0000000..11b0294
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImplTest.java
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import iaik.asn1.structures.DistributionPoint;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.pki.pathvalidation.ValidationConfiguration;
+import iaik.pki.revocation.CRLDistributionPoint;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.certstore.CertStoreTypes;
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+import iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter;
+import iaik.server.ConfigurationData;
+import iaik.server.modules.keys.HardwareKeyModuleConfiguration;
+import iaik.server.modules.keys.SoftwareKeyModuleConfiguration;
+
+import at.gv.egovernment.moa.spss.server.iaik.config.ConfigurationDataImpl;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * Tests the <code>ConfigurationDataImpl</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationDataImplTest extends SPSSTestCase {
+
+  private ConfigurationData config;
+  private X509Certificate iaikCert;
+
+  public ConfigurationDataImplTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    TransactionContext context;
+
+    setUpTransactionContext();
+    context = TransactionContextManager.getInstance().getTransactionContext();
+
+    config = new ConfigurationDataImpl(context.getConfiguration());
+
+    KeyStore ks = KeyStore.getInstance("JKS", "SUN");
+    ks.load(
+      new FileInputStream(TESTDATA_ROOT + "security/server.keystore"),
+      "changeit".toCharArray());
+
+    CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+    Collection certs =
+      certFactory.generateCertificates(
+        new FileInputStream(
+          TESTDATA_ROOT
+            + "conf/moa-spss/trustprofiles/TrustProfile1/IAIKRoot.cer"));
+    iaikCert = (X509Certificate) certs.toArray()[0];
+
+  }
+
+  public void testGetPKIConfiguration() {
+    PKIConfiguration pkiConfig = config.getPKIConfiguration();
+    ArchiveConfiguration archiveConfig = pkiConfig.getArchiveConfiguration();
+    CertStoreConfiguration certStoreConfig =
+      pkiConfig.getCertStoreConfiguration();
+    RevocationConfiguration revocationConfig =
+      pkiConfig.getRevocationConfiguration();
+    ValidationConfiguration validationConfig =
+      pkiConfig.getValidationConfiguration();
+    DataBaseArchiveParameter archiveParam;
+    Set distributionPoints;
+    Iterator iter;
+    boolean found;
+
+    // test archive parameters
+    archiveParam =
+      (DataBaseArchiveParameter) archiveConfig.getArchiveParameters();
+    assertEquals(
+      archiveParam.getJDBCUrl(),
+      "jdbc:postgresql://10.16.46.108/moa?user=moa&password=moatest");
+
+    // test cert store configuration
+    assertEquals(1, certStoreConfig.getParameters().length);
+    assertEquals(
+      CertStoreTypes.DIRECTORY,
+      certStoreConfig.getParameters()[0].getType());
+
+    // test revocation configuration
+    distributionPoints =
+      revocationConfig.getAlternativeDistributionPoints(iaikCert, null, new Date());
+    assertEquals(3, distributionPoints.size());
+    found = false;
+    for (iter = distributionPoints.iterator(); iter.hasNext();) {
+      CRLDistributionPoint dp = (CRLDistributionPoint) iter.next();
+      if (dp.getUri().equals("http://www.iaik.at/testCA/iaik_test_sig.crl")) {
+        found =
+          dp.getReasonCodes()
+            == (DistributionPoint.keyCompromise
+              | DistributionPoint.affiliationChanged);
+      }
+    }
+    assertTrue(found);
+
+    // test validation configuration
+    assertEquals(
+      ChainingModes.PKIX_MODE,
+      validationConfig.getChainingMode(iaikCert));
+  }
+
+  /*
+  public void testGetCryptoModuleConfigurations() {
+    List cryptoConfigs = config.getCryptoModuleConfigurations();
+    HardwareCryptoModuleConfiguration moduleConfig;
+
+    assertEquals(2, cryptoConfigs.size());
+    moduleConfig = (HardwareCryptoModuleConfiguration) cryptoConfigs.get(0);
+    assertEquals("Module1", moduleConfig.getModuleName());
+    assertEquals("Slot1", moduleConfig.getSlotID());
+    assertEquals("PIN1", new String(moduleConfig.getUserPIN()));
+  }
+  */
+
+  public void testGetKeyModuleConfigurations() {
+    List keyConfigs = config.getKeyModuleConfigurations();
+    HardwareKeyModuleConfiguration hwKey;
+    SoftwareKeyModuleConfiguration swKey;
+
+    assertEquals(7, keyConfigs.size());
+    hwKey = (HardwareKeyModuleConfiguration) keyConfigs.get(0);
+    assertEquals("cryptoki.dll", hwKey.getModuleName());
+    assertEquals("0", hwKey.getSlotID());
+    assertEquals("0000", new String(hwKey.getUserPIN()));
+    swKey = (SoftwareKeyModuleConfiguration) keyConfigs.get(1);
+    assertEquals(
+      "buergerkarte",
+      new String(swKey.getKeyStoreAuthenticationData()));
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfiguratorTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfiguratorTest.java
new file mode 100644
index 0000000..d0555f4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfiguratorTest.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.iaik.config;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * Tests the <code>IaikConfigurator</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikConfiguratorTest extends SPSSTestCase {
+
+  public IaikConfiguratorTest(String name) {
+    super(name);
+  }
+
+  /**
+   * @see TestCase#setUp()
+   */
+  protected void setUp() throws Exception {
+    super.setUpTransactionContext();
+  }
+
+  public void testConfigure() throws Exception {
+    IaikConfigurator configurator = new IaikConfigurator();
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+
+    configurator.configure(context.getConfiguration());
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/AllTests.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/AllTests.java
new file mode 100644
index 0000000..dc15679
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/AllTests.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.invoke;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * Runs all tests in this package.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class AllTests {
+  public static Test suite() {
+    TestSuite suite = new TestSuite();
+
+    suite.addTestSuite(DataObjectFactoryTest.class);
+    suite.addTestSuite(TransformationFactoryTest.class);
+    suite.addTestSuite(XMLSignatureCreationInvokerTest.class);
+    suite.addTestSuite(CMSSignatureVerificationInvokerTest.class);
+    suite.addTestSuite(XMLSignatureVerificationInvokerTest.class);
+
+    return suite;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvokerTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvokerTest.java
new file mode 100644
index 0000000..0db5dbc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvokerTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.invoke;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyCMSSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyCMSSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+
+/**
+ * Mainly a smoke test for debugging the CMSSignatureVerificationInvoker.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureVerificationInvokerTest extends SPSSTestCase {
+  private static final String TESTDATA_BASE =
+    TESTDATA_ROOT + "xml/VerifyCMSSignature/";
+
+  /**
+   * Constructor for CMSSignatureVerificationInvokerTest.
+   * @param name
+   */
+  public CMSSignatureVerificationInvokerTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    setUpTransactionContext();
+    setUpLoggingContext();
+    setUpIaikConfiguration();
+  }
+
+  public void testVerifyCMSSignature() throws Exception {
+    try {
+      CMSSignatureVerificationInvoker invoker =
+        CMSSignatureVerificationInvoker.getInstance();
+      VerifyCMSSignatureRequestParser requestParser =
+        new VerifyCMSSignatureRequestParser();
+      Document doc =
+        SPSSTestCase.parseXmlValidating(
+          TESTDATA_BASE + "TestGeneratorVC0.001.Req.xml");
+      VerifyCMSSignatureRequest request =
+        requestParser.parse(doc.getDocumentElement());
+      VerifyCMSSignatureResponse response = invoker.verifyCMSSignature(request);
+      VerifyCMSSignatureResponseBuilder responseBuilder =
+        new VerifyCMSSignatureResponseBuilder();
+      Element result = responseBuilder.build(response).getDocumentElement();
+
+      System.out.println(DOMUtils.serializeNode(result));
+    } catch (Exception e) {
+      e.printStackTrace();
+      fail();
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactoryTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactoryTest.java
new file mode 100644
index 0000000..602393c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactoryTest.java
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.invoke;
+
+import java.io.InputStream;
+import java.security.Security;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import iaik.server.modules.xml.BinaryDataObject;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ByteArrayDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ByteStreamDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLNodeListDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.invoke.DataObjectFactory;
+
+/**
+ * Test cases for the <code>DataObjectFactory</code> class.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DataObjectFactoryTest extends SPSSTestCase {
+
+  private static final String HTTP_BINARY_CONTENT_URL = "http://www.google.com";
+  private static final String HTTP_XML_CONTENT_URL =
+    "http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd";
+  private static final String HTTPS_BINARY_CONTENT_URL =
+    "https://businessnet.ba-ca.com";
+  private static final String HTTPS_UNTRUSTED_URL =
+    "https://heribert.anecon.com";
+  private static final String HTTP_UNKNOWN_HOST_URL = "http://uurjmjmruuw.com";
+  private static final String MALFORMED_URL = "//hsld///ddd";
+  private static final String FILE_BINARY_CONTENT_URL = "file:/C:/boot.ini";
+  private static final String XML_CONTENT =
+    "<XMLContent>"
+      + "  <User name=\"test1\"/>"
+      + "  <USer name=\"test2\"/>"
+      + "</XMLContent>";
+  private static final String BASE64_CONTENT = "U3Zlbg==";
+
+  private SPSSFactory spssFactory = SPSSFactory.getInstance();
+  private DataObjectFactory factory;
+
+  /**
+   * Constructor for DataObjectFactoryTest.
+   * @param name
+   */
+  public DataObjectFactoryTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    factory = DataObjectFactory.getInstance();
+
+    // set up SSL
+    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    System.setProperty(
+      "java.protocol.handler.pkgs",
+      "com.sun.net.ssl.internal.www.protocol");
+    /*
+    System.setProperty(
+      "javax.net.ssl.keyStore",
+      "data/test/security/client.keystore");
+    System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
+    System.setProperty(
+      "javax.net.ssl.trustStore",
+      "data/test/security/client.keystore");
+    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+    */
+  }
+
+  public void testCreateFromURIWithBinaryHttp() throws Exception {
+    DataObject dataObject =
+      factory.createFromURI(HTTP_BINARY_CONTENT_URL, false);
+
+    assertNotNull(dataObject);
+    assertTrue(dataObject instanceof ByteStreamDataObjectImpl);
+    assertNotNull(((BinaryDataObject) dataObject).getInputStream());
+  }
+
+  public void testCreateFromURIWithXmlHttp() throws Exception {
+    DataObject dataObject = factory.createFromURI(HTTP_XML_CONTENT_URL, false);
+    Element element;
+
+    assertNotNull(dataObject);
+    assertTrue(dataObject instanceof XMLDataObjectImpl);
+    element = ((XMLDataObject) dataObject).getElement();
+    assertNotNull(element);
+    assertEquals("schema", element.getTagName());
+  }
+
+  public void testCreateFromURIWithMalformedURI() throws Exception {
+    try {
+      factory.createFromURI(MALFORMED_URL, false);
+      fail();
+    } catch (MOAException e) {
+    }
+  }
+
+  public void testCreateFromURIWithNonExistingHttpURL() throws Exception {
+    try {
+      factory.createFromURI(HTTP_UNKNOWN_HOST_URL, false);
+      fail();
+    } catch (MOAException e) {
+    }
+  }
+
+  public void testCreateFromURIWithHttps() throws Exception {
+    DataObject dataObject =
+      factory.createFromURI(HTTPS_BINARY_CONTENT_URL, false);
+    assertNotNull(dataObject);
+    assertTrue(dataObject instanceof BinaryDataObject);
+  }
+
+  public void testCreateFromURIWithUntrustedHttps() throws Exception {
+    try {
+      factory.createFromURI(HTTPS_UNTRUSTED_URL, false);
+      fail();
+    } catch (MOAException e) {
+
+    }
+  }
+
+  public void testCreateFromURIWithFile() throws Exception {
+    try {
+      factory.createFromURI(FILE_BINARY_CONTENT_URL, false);
+      fail();
+    } catch (MOAException e) {
+    }
+  }
+
+  public void testCreateFromContentOptionalRefTypeWithXmlContent()
+    throws Exception {
+    Document doc = parseXmlString(XML_CONTENT);
+    Content content =
+      spssFactory.createContent(
+        doc.getDocumentElement().getChildNodes(),
+        "http://data");
+    DataObject dataObject =
+      factory.createFromContentOptionalRefType(
+        content,
+        null,
+        null,
+        true,
+        false,
+        true,
+        false);
+
+    assertTrue(dataObject instanceof XMLNodeListDataObjectImpl);
+  }
+
+  public void testCreateFromContentOptionalRefTypeWithBase64Content()
+    throws Exception {
+    InputStream is = Base64Utils.decodeToStream(BASE64_CONTENT, true);
+    Content content = spssFactory.createContent(is, "http://data");
+    DataObject dataObject =
+      factory.createFromContentOptionalRefType(
+        content,
+        null, 
+        null,
+        false,
+        false,
+        true,
+        false);
+
+    assertNotNull(dataObject);
+    assertTrue(dataObject instanceof ByteArrayDataObjectImpl);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/TransformationFactoryTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/TransformationFactoryTest.java
new file mode 100644
index 0000000..52f8038
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/TransformationFactoryTest.java
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.xmlbind.TransformParser;
+import at.gv.egovernment.moa.spss.server.invoke.TransformationFactory;
+import at.gv.egovernment.moa.util.Constants;
+import iaik.server.modules.xml.Base64Transformation;
+import iaik.server.modules.xml.Canonicalization;
+import iaik.server.modules.xml.EnvelopedSignatureTransformation;
+import iaik.server.modules.xml.Transformation;
+import iaik.server.modules.xml.XPath2Transformation;
+import iaik.server.modules.xml.XPathTransformation;
+import iaik.server.modules.xml.XSLTTransformation;
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+/**
+ * Test cases for the <code>TransformationFactory</code> class.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TransformationFactoryTest extends SPSSTestCase {
+
+  private static final String TESTDATA_BASE =
+    TESTDATA_ROOT + "xml/dsigTransform/";
+  private TransformationFactory factory = TransformationFactory.getInstance();
+  private TransformParser transformParser = new TransformParser();
+
+  /**
+   * Constructor for TransformationFactoryTest.
+   * @param name
+   */
+  public TransformationFactoryTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    //IXSILInit.init(new URI("init/properties/init.properties"));
+    //IXSILInit.init(new URI("file:data/deploy/ixsil/init/properties/init.properties"));
+
+  }
+
+  public void testCreateCanonicalization() throws Exception {
+    Document transform = parseXml(TESTDATA_BASE + "canonicalization.xml");
+    Transform tr =
+      transformParser.parseTransform(transform.getDocumentElement());
+    Transformation t = factory.createTransformation(tr);
+
+    assertTrue(t instanceof Canonicalization);
+    assertEquals(
+      "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
+      t.getAlgorithmURI());
+  }
+
+  public void testCreateCanonicalizationWithComments() throws Exception {
+    Document transform =
+      parseXml(TESTDATA_BASE + "canonicalizationWithComments.xml");
+    Transform tr =
+      transformParser.parseTransform(transform.getDocumentElement());
+    Transformation t = factory.createTransformation(tr);
+
+    assertTrue(t instanceof Canonicalization);
+    assertEquals(
+      "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments",
+      t.getAlgorithmURI());
+  }
+
+  public void testCreateBase64Decode() throws Exception {
+    Document transform = parseXml(TESTDATA_BASE + "base64.xml");
+    Transform tr =
+      transformParser.parseTransform(transform.getDocumentElement());
+    Transformation t = factory.createTransformation(tr);
+    assertTrue(t instanceof Base64Transformation);
+  }
+
+  public void testCreateEnvelopedSignature() throws Exception {
+    Document transform = parseXml(TESTDATA_BASE + "enveloped.xml");
+    Transform tr =
+      transformParser.parseTransform(transform.getDocumentElement());
+    Transformation t = factory.createTransformation(tr);
+    assertTrue(t instanceof EnvelopedSignatureTransformation);
+  }
+
+  public void testXPathTransformation() throws Exception {
+    Document transform = parseXml(TESTDATA_BASE + "xpath.xml");
+    Transform tr =
+      transformParser.parseTransform(transform.getDocumentElement());
+    Transformation t = factory.createTransformation(tr);
+    Map nsDecls;
+
+    assertTrue(t instanceof XPathTransformation);
+    nsDecls = ((XPathTransformation) t).getNamespaceDeclarations();
+    assertEquals(1, nsDecls.size());
+    assertEquals(Constants.DSIG_NS_URI, nsDecls.get("dsig"));
+  }
+
+  public void testCreateXPath2Transformation() throws Exception {
+    Document transform = parseXml(TESTDATA_BASE + "xpath2.xml");
+    Transform tr =
+      transformParser.parseTransform(transform.getDocumentElement());
+    Transformation t = factory.createTransformation(tr);
+    assertTrue(t instanceof XPath2Transformation);
+  }
+
+  public void testCreateXSLTTransformation() throws Exception {
+    Document transform = parseXml(TESTDATA_BASE + "xslt.xml");
+    Transform tr =
+      transformParser.parseTransform(transform.getDocumentElement());
+    XSLTTransformation t =
+      (XSLTTransformation) factory.createTransformation(tr);
+    assertNotNull(t.getStylesheetElement());
+  }
+
+  public void testCreateWithIllegalAlgorithm() throws Exception {
+    try {
+      Document transform = parseXml(TESTDATA_BASE + "illegalAlgorithm.xml");
+      Transform tr =
+        transformParser.parseTransform(transform.getDocumentElement());
+      factory.createTransformation(tr);
+      fail();
+    } catch (MOAApplicationException e) {
+    }
+  }
+
+  public void testEqualsXslt() throws Exception {
+    Document xslt = parseXml(TESTDATA_BASE + "xslt.xml");
+    Transform tr = transformParser.parseTransform(xslt.getDocumentElement());
+    Transformation trXslt = factory.createTransformation(tr);
+
+    Document xsltEqu = parseXml(TESTDATA_BASE + "xsltEqual.xml");
+    tr = transformParser.parseTransform(xsltEqu.getDocumentElement());
+    Transformation trXsltEqu = factory.createTransformation(tr);
+
+    Document xsltDiff = parseXml(TESTDATA_BASE + "xsltDifferent.xml");
+    tr = transformParser.parseTransform(xsltDiff.getDocumentElement());
+    Transformation trXsltDiff = factory.createTransformation(tr);
+
+    Document canonicalization =
+      parseXml(TESTDATA_BASE + "canonicalization.xml");
+
+    assertTrue(trXslt.equals(trXsltEqu));
+    assertFalse(trXslt.equals(trXsltDiff));
+    assertFalse(trXsltEqu.equals(trXsltDiff));
+    assertEquals(trXslt.hashCode(), trXsltEqu.hashCode());
+    assertFalse(trXslt.hashCode() == trXsltDiff.hashCode());
+    assertFalse(trXsltEqu.hashCode() == trXsltDiff.hashCode());
+    assertFalse(trXslt.equals(canonicalization));
+  }
+
+  public void testEqualsXPath() throws Exception {
+    Document xpath = parseXml(TESTDATA_BASE + "xpath.xml");
+    Transform tr = transformParser.parseTransform(xpath.getDocumentElement());
+    Transformation trXpath = factory.createTransformation(tr);
+    Transformation trXpathEqu = factory.createTransformation(tr);
+
+    Document xpathDiff = parseXml(TESTDATA_BASE + "xpathDifferent.xml");
+    tr = transformParser.parseTransform(xpathDiff.getDocumentElement());
+    Transformation trXpathDiff = factory.createTransformation(tr);
+
+    assertTrue(trXpath.equals(trXpathEqu));
+    assertEquals(trXpath.hashCode(), trXpathEqu.hashCode());
+    assertFalse(trXpath.equals(trXpathDiff));
+    assertFalse(trXpath.hashCode() == trXpathDiff.hashCode());
+  }
+
+  public void testEqualsXPath2() throws Exception {
+    Document xpath2 = parseXml(TESTDATA_BASE + "xpath2.xml");
+    Transform tr = transformParser.parseTransform(xpath2.getDocumentElement());
+    Transformation trXpath2 = factory.createTransformation(tr);
+    Transformation trXpath2Equ = factory.createTransformation(tr);
+
+    Document xpath2Diff = parseXml(TESTDATA_BASE + "xpath2Different.xml");
+    tr = transformParser.parseTransform(xpath2Diff.getDocumentElement());
+    Transformation trXpath2Diff = factory.createTransformation(tr);
+
+    assertTrue(trXpath2.equals(trXpath2Equ));
+    assertEquals(trXpath2.hashCode(), trXpath2Equ.hashCode());
+    assertFalse(trXpath2.equals(trXpath2Diff));
+    assertFalse(trXpath2.hashCode() == trXpath2Diff.hashCode());
+  }
+
+  public void testCreateTransformationList() throws Exception {
+    Document transforms = parseXml(TESTDATA_BASE + "transforms.xml");
+    List trs = transformParser.parseTransforms(transforms.getDocumentElement());
+    List transformationList = factory.createTransformationList(trs);
+
+    assertEquals(3, transformationList.size());
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvokerTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvokerTest.java
new file mode 100644
index 0000000..8b3e6b0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvokerTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.Collections;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker;
+
+/**
+ * Mainly a smoke test for debugging the XMLSignatureCreationInvoker.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureCreationInvokerTest extends SPSSTestCase {
+  private static final String TESTDATA_BASE =
+    TESTDATA_ROOT + "xml/CreateXMLSignature/";
+
+  public XMLSignatureCreationInvokerTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    setUpTransactionContext();
+    setUpLoggingContext();
+    setUpIaikConfiguration();
+    setUpSSL();
+  }
+
+  public void testCreateXMLSignature() throws Exception {
+    try {
+      XMLSignatureCreationInvoker invoker =
+        XMLSignatureCreationInvoker.getInstance();
+      CreateXMLSignatureRequestParser requestParser =
+        new CreateXMLSignatureRequestParser();
+      Document doc =
+        SPSSTestCase.parseXmlValidating(
+          TESTDATA_BASE + "TestGeneratorCX2.004.Req.xml");
+      CreateXMLSignatureRequest request =
+        requestParser.parse(doc.getDocumentElement());
+      CreateXMLSignatureResponse response = 
+        invoker.createXMLSignature(request, Collections.EMPTY_SET);
+      CreateXMLSignatureResponseBuilder responseBuilder = 
+        new CreateXMLSignatureResponseBuilder();
+      Element result = responseBuilder.build(response).getDocumentElement();
+
+      System.out.println(DOMUtils.serializeNode(result));
+    } catch (Exception e) {
+      e.printStackTrace();
+      fail();
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvokerTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvokerTest.java
new file mode 100644
index 0000000..7ea63e2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvokerTest.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.invoke;
+
+import org.w3c.dom.Document;
+
+import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
+
+/**
+ * Mainly a smoke test for debugging the XMLSignatureVerificationInvoker.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureVerificationInvokerTest extends SPSSTestCase {
+  private static final String TESTDATA_BASE =
+    TESTDATA_ROOT + "xml/VerifyXMLSignature/";
+
+  public XMLSignatureVerificationInvokerTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    setUpTransactionContext();
+    setUpLoggingContext();
+    setUpIaikConfiguration();
+  }
+
+  public void testVerifyXMLSignature() throws Exception {
+    try {
+      XMLSignatureVerificationInvoker invoker =
+        XMLSignatureVerificationInvoker.getInstance();
+      VerifyXMLSignatureRequestParser requestParser =
+        new VerifyXMLSignatureRequestParser();
+      VerifyXMLSignatureResponseBuilder responseBuilder =
+        new VerifyXMLSignatureResponseBuilder();
+      Document doc =
+        SPSSTestCase.parseXmlValidating(
+          TESTDATA_BASE + "TestGeneratorVX.201.Req.xml");
+
+      VerifyXMLSignatureRequest request =
+        requestParser.parse(doc.getDocumentElement());
+      VerifyXMLSignatureResponse response;
+
+      response = invoker.verifyXMLSignature(request);
+      System.out.println(
+        DOMUtils.serializeNode(responseBuilder.build(response)));
+    } catch (Exception e) {
+      e.printStackTrace();
+      fail();
+    }
+  }
+ 
+
+}
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/tools/CertToolTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/tools/CertToolTest.java
new file mode 100644
index 0000000..296ba00
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/tools/CertToolTest.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.at.gv.egovernment.moa.spss.server.tools;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+
+import at.gv.egovernment.moa.spss.server.tools.CertTool;
+import test.at.gv.egovernment.moa.MOATestCase;
+
+/**
+ * Tests for the <code>CertTool</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CertToolTest extends MOATestCase {
+
+  private static final String EXPECTED_RESULT =
+    "SubjectDN (RFC2253):"
+      + " CN=Patrick Peck,OU=MOA Team,O=BRZ,L=Vienna,ST=Vienna,C=AT\r\n"
+      + "IssuerDN (RFC2253) :"
+      + " CN=Patrick Peck,OU=MOA Team,O=BRZ,L=Vienna,ST=Vienna,C=AT\r\n"
+      + "Serial Number      :"
+      + " 1047548672\r\n";
+  private CertTool certTool;
+
+  /**
+   * Constructor for CertToolTest.
+   * @param name
+   */
+  public CertToolTest(String name) {
+    super(name);
+  }
+
+  protected void setUp() {
+    certTool = new CertTool();
+  }
+
+  public void testPrintCertInfo() {
+    ByteArrayOutputStream bos = new ByteArrayOutputStream();
+    PrintStream ps = new PrintStream(bos);
+    String result;
+
+    certTool.printCertInfo(TESTDATA_ROOT + "security/server.cer", ps);
+    result = new String(bos.toByteArray());
+    System.out.println(result);
+    assertEquals(EXPECTED_RESULT, result);
+  }
+
+}
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
new file mode 100644
index 0000000..2c33a5e
--- /dev/null
+++ b/moaSig/moa-sig/build.gradle
@@ -0,0 +1,21 @@
+apply plugin: 'war'
+apply plugin: 'eclipse-wtp'
+
+repositories {
+    maven {
+        url "http://joinup.ec.europa.eu/site/pdf-as/maven/"
+    }
+}
+
+dependencies {
+	compile project(':moa-sig-lib')
+	compile fileTree(dir: 'libs', include: '*.jar')
+	providedCompile 'javax.servlet:servlet-api:2.4'
+	compile 'commons-discovery:commons-discovery:0.5'
+	compile 'org.slf4j:slf4j-log4j12:1.7.12'
+	
+	compile 'at.gv.egiz.pdfas:pdf-as-lib:4.0.7'
+	compile 'at.gv.egiz.pdfas:pdf-as-pdfbox:4.0.7'
+	compile 'at.gv.egiz.pdfas:sigs-pades:4.0.7'
+}
+
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
new file mode 100644
index 0000000..bacd7cb
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.spss.server.initializer;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.init.ExternalInitializer;
+import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker;
+
+public class PDFASInitializer implements ExternalInitializer {
+
+	@Override
+	public void initialize(ConfigurationProvider configurationProvider) {
+		String pdfAsConfiguration = configurationProvider.getPDFASConfiguration();
+		if(pdfAsConfiguration != null) {
+			PDFASInvoker
+			.init(pdfAsConfiguration);
+		}
+	}
+
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
new file mode 100644
index 0000000..97bf58b
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
@@ -0,0 +1,132 @@
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
+import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource;
+import at.gv.egiz.pdfas.lib.api.Configuration;
+import at.gv.egiz.pdfas.lib.api.PdfAs;
+import at.gv.egiz.pdfas.lib.api.PdfAsFactory;
+import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
+import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+import at.gv.egiz.pdfas.sigs.pades.PAdESSigner;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.pdfas.InternalMoaConnector;
+import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRequest;
+import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRespone;
+import at.gv.egovernment.moa.spss.server.xmlbind.PDFSignatureInfo;
+import at.gv.egovernment.moa.spss.server.xmlbind.SignedPDFInfo;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFRequest;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFResponse;
+
+public class PDFASInvoker {
+
+	private static PDFASInvoker instance = null;
+
+	private PdfAs pdfAS;
+
+	private PDFASInvoker(File configuration) {
+		pdfAS = PdfAsFactory.createPdfAs(configuration);
+	}
+
+	public synchronized static void init(String pdfAsConfiguration) {
+		instance = new PDFASInvoker(new File(pdfAsConfiguration));
+	}
+
+	public synchronized static PDFASInvoker getInstance() {
+		if (instance == null) {
+			throw new RuntimeException("PDF PDFASInvoker not initialized");
+		}
+		return instance;
+	}
+
+	public VerifyPDFResponse verifyPDFSignature(VerifyPDFRequest verifyPDFRequest, String transactionId) {
+		Configuration pdfConfiguration = this.pdfAS.getConfiguration();
+		
+		VerifyPDFResponse verifyPDFResponse = new VerifyPDFResponse();
+		
+		VerifyParameter verifyParameter = PdfAsFactory.createVerifyParameter(pdfConfiguration, new ByteArrayDataSource(
+				verifyPDFRequest.getSignedPDF()));
+		
+		try {
+			List<VerifyResult> verifyResults = this.pdfAS.verify(verifyParameter);
+			verifyPDFResponse.setResponseType(VerifyPDFResponse.SUCCESS_SIGNATURE);
+			verifyPDFResponse.setVerificationResults(verifyResults);
+		} catch (Throwable e) {
+			if (e instanceof PDFASError) {
+				PDFASError pdfAsError = (PDFASError) e;
+				Logger.warn("Failed to generate signed PDF document", e);
+				verifyPDFResponse.setErrorCode((int) pdfAsError.getCode());
+				verifyPDFResponse.setErrorInfo(pdfAsError.getInfo());
+			} else {
+				Logger.error("Unknown exception!: ", e);
+				verifyPDFResponse.setErrorCode(9999);
+				verifyPDFResponse.setErrorInfo("Nicht klassifizierter Fehler");
+			}
+		}
+		
+		return verifyPDFResponse;
+	}
+	
+	public CreatePDFRespone createPDFSignature(CreatePDFRequest createPDFRequest, String transactionId) {
+		Configuration pdfConfiguration = this.pdfAS.getConfiguration();
+
+		String keyIdentifier = createPDFRequest.getKeyIdentifier();
+
+		Iterator<PDFSignatureInfo> signatureInfoIterator = createPDFRequest.getSignatureInfoList().iterator();
+
+		CreatePDFRespone createPDFRespone = new CreatePDFRespone();
+
+		while (signatureInfoIterator.hasNext()) {
+			PDFSignatureInfo pdfSignatureInfo = signatureInfoIterator.next();
+			SignedPDFInfo signedPDFInfo = new SignedPDFInfo(pdfSignatureInfo.getSignatureID());
+			try {
+				ByteArrayOutputStream baos = new ByteArrayOutputStream();
+				SignParameter signParameter = PdfAsFactory.createSignParameter(pdfConfiguration,
+						new ByteArrayDataSource(pdfSignatureInfo.getPdfDocument()), baos);
+
+				signParameter.setSignaturePosition(pdfSignatureInfo.getSignaturePosition());
+				signParameter.setSignatureProfileId(pdfSignatureInfo.getSignatureProfile());
+
+				IPlainSigner signer = new PAdESSigner(
+						new InternalMoaConnector(keyIdentifier, new TransactionId(transactionId), null));
+
+				signParameter.setPlainSigner(signer);
+
+				try {
+					this.pdfAS.sign(signParameter);
+					signedPDFInfo.setPdfDocument(baos.toByteArray());
+					signedPDFInfo.setResponseType(SignedPDFInfo.SUCCESS_SIGNATURE);
+				} catch (Throwable e) {
+					signedPDFInfo.setResponseType(SignedPDFInfo.ERROR_RESPONSE);
+
+					if (e instanceof PDFASError) {
+						PDFASError pdfAsError = (PDFASError) e;
+						Logger.warn("Failed to generate signed PDF document", e);
+						signedPDFInfo.setErrorCode((int) pdfAsError.getCode());
+						signedPDFInfo.setErrorInfo(pdfAsError.getInfo());
+					} else {
+						Logger.error("Unknown exception!: ", e);
+						signedPDFInfo.setErrorCode(9999);
+						signedPDFInfo.setErrorInfo("Nicht klassifizierter Fehler");
+					}
+				} finally {
+					IOUtils.closeQuietly(baos);
+				}
+
+			} finally {
+				createPDFRespone.getSignatureInfoList().add(signedPDFInfo);
+			}
+
+		}
+		return createPDFRespone;
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/ExtendedVerifyResult.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/ExtendedVerifyResult.java
new file mode 100644
index 0000000..30bf148
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/ExtendedVerifyResult.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.spss.server.pdfas;
+
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
+
+public class ExtendedVerifyResult extends VerifyResultImpl implements VerifyResult {
+	private String qcSource;
+	private boolean publicAuthority;
+	private String publicAuthorityID;
+	private boolean SSCD;
+	private String sscdSource;
+	private String issureCountryCode;
+
+	public synchronized String getIssureCountryCode() {
+		return issureCountryCode;
+	}
+
+	public synchronized void setIssureCountryCode(String issureCountryCode) {
+		this.issureCountryCode = issureCountryCode;
+	}
+
+	public synchronized String getQcSource() {
+		return qcSource;
+	}
+
+	public synchronized void setQcSource(String qcSource) {
+		this.qcSource = qcSource;
+	}
+
+	public synchronized boolean isPublicAuthority() {
+		return publicAuthority;
+	}
+
+	public synchronized void setPublicAuthority(boolean publicAuthority) {
+		this.publicAuthority = publicAuthority;
+	}
+
+	public synchronized String getPublicAuthorityID() {
+		return publicAuthorityID;
+	}
+
+	public synchronized void setPublicAuthorityID(String publicAuthorityID) {
+		this.publicAuthorityID = publicAuthorityID;
+	}
+
+	public synchronized boolean isSSCD() {
+		return SSCD;
+	}
+
+	public synchronized void setSSCD(boolean sSCD) {
+		SSCD = sSCD;
+	}
+
+	public synchronized String getSscdSource() {
+		return sscdSource;
+	}
+
+	public synchronized void setSscdSource(String sscdSource) {
+		this.sscdSource = sscdSource;
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
new file mode 100644
index 0000000..6edee0d
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
@@ -0,0 +1,226 @@
+package at.gv.egovernment.moa.spss.server.pdfas;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
+import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
+import at.gv.egiz.sl.util.ISignatureConnector;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.impl.CMSContentExplicitImpl;
+import at.gv.egovernment.moa.spss.api.impl.CMSDataObjectImpl;
+import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureRequestImpl;
+import at.gv.egovernment.moa.spss.api.impl.DataObjectInfoCMSImpl;
+import at.gv.egovernment.moa.spss.api.impl.MetaInfoImpl;
+import at.gv.egovernment.moa.spss.api.impl.SingleSignatureInfoCMSImpl;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker;
+import at.gv.egovernment.moa.util.Base64Utils;
+import iaik.logging.TransactionId;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+import iaik.x509.X509Certificate;
+
+public class InternalMoaConnector implements ISignatureConnector {
+
+	private String keyIdentifier;
+	private X509Certificate clientCert;
+	private TransactionId transactionId;
+
+	public InternalMoaConnector(String keyIdentifier, TransactionId transactionId, X509Certificate clientCert) {
+		this.keyIdentifier = keyIdentifier;
+		this.transactionId = transactionId;
+		this.clientCert = clientCert;
+	}
+
+	private Set buildKeySet(String keyGroupID, KeyModule module) throws ConfigurationException {
+		ConfigurationProvider config = ConfigurationProvider.getInstance();
+		Set keyGroupEntries;
+
+		// get the KeyGroup entries from the configuration
+		if (clientCert != null) {
+			Principal issuer = clientCert.getIssuerDN();
+			BigInteger serialNumber = clientCert.getSerialNumber();
+
+			keyGroupEntries = config.getKeyGroupEntries(issuer, serialNumber, keyGroupID);
+		} else {
+			keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
+		}
+
+		// map the KeyGroup entries to a set of KeyEntryIDs
+		if (keyGroupEntries == null) {
+			return Collections.EMPTY_SET;
+		} else if (keyGroupEntries.size() == 0) {
+			return Collections.EMPTY_SET;
+		} else {
+
+			Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+			Set keySet = new HashSet();
+			Iterator iter;
+
+			// filter out the keys that do not exist in the IAIK configuration
+			// by walking through the key entries and checking if the exist in
+			// the
+			// keyGroupEntries
+			for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+				KeyEntryID entryID = (KeyEntryID) iter.next();
+				KeyGroupEntry entry = new KeyGroupEntry(entryID.getModuleID(), entryID.getCertificateIssuer(),
+						entryID.getCertificateSerialNumber());
+				if (keyGroupEntries.contains(entry)) {
+					keySet.add(entryID);
+				}
+			}
+			return keySet;
+		}
+	}
+
+	@Override
+	public X509Certificate getCertificate(SignParameter parameter) throws PdfAsException {
+		KeyModule module = KeyModuleFactory.getInstance(this.transactionId);
+
+		Set keySet = null;
+		try {
+			keySet = buildKeySet(this.keyIdentifier, module);
+		} catch (ConfigurationException e2) {
+			Logger.warn("MOA not correctly configured!", e2);
+			throw new PdfAsException("MOA not correctly configured!");
+		}
+
+		if (keySet == null || keySet.isEmpty()) {
+			Logger.warn("No keys available for Key Identifier " + this.keyIdentifier + " and given authentication.");
+			throw new PdfAsException("Invalid Key Identifier: " + this.keyIdentifier);
+		}
+
+		if (keySet.size() != 1) {
+			Logger.warn(
+					"Too many keys available for Key Identifier " + this.keyIdentifier + " and given authentication.");
+			throw new PdfAsException("Too many keys available for Key Identifier: " + this.keyIdentifier);
+		}
+
+		Iterator iter;
+
+		// filter out the keys that do not exist in the IAIK configuration
+		// by walking through the key entries and checking if the exist in
+		// the
+		// keyGroupEntries
+		for (iter = keySet.iterator(); iter.hasNext();) {
+			KeyEntryID entryID = (KeyEntryID) iter.next();
+
+			List certChain = null;
+			try {
+				certChain = module.getPrivateKeyEntry(entryID).getCertificateChain();
+			} catch (UnknownKeyException e1) {
+				Logger.warn("Unknown KeyIdentifier found!", e1);
+				throw new PdfAsException("Unknown Key Identifier: " + this.keyIdentifier);
+			}
+
+			if (certChain != null && !certChain.isEmpty()) {
+				Logger.trace("Returning Certificate!");
+				Certificate keyCert = ((Certificate) certChain.get(0));
+				if (keyCert instanceof X509Certificate) {
+					return (X509Certificate) keyCert;
+				} else {
+					try {
+						return new X509Certificate(keyCert.getEncoded());
+					} catch (CertificateEncodingException e) {
+						Logger.warn("Invalid certificate found!", e);
+						throw new PdfAsException("Invalid certificate for Key Identifier: " + this.keyIdentifier);
+					} catch (CertificateException e) {
+						Logger.warn("Invalid certificate found!", e);
+						throw new PdfAsException("Invalid certificate for Key Identifier: " + this.keyIdentifier);
+					}
+				}
+			}
+
+			break;
+		}
+
+		// No Certificate could be found!
+		Logger.warn("Failed to find keys available for Key Identifier " + this.keyIdentifier
+				+ " and given authentication.");
+		throw new PdfAsException("Failed to find keys available for Key Identifier: " + this.keyIdentifier);
+	}
+
+	@Override
+	public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter, RequestedSignature requestedSignature)
+			throws PdfAsException {
+
+		CreateCMSSignatureRequestImpl createCMSSignatureRequest = new CreateCMSSignatureRequestImpl();
+		createCMSSignatureRequest.setKeyIdentifier(this.keyIdentifier);
+		SingleSignatureInfoCMSImpl singleSignatureInfos = new SingleSignatureInfoCMSImpl();
+
+		DataObjectInfoCMSImpl dataObjectInfoCMSImpl = new DataObjectInfoCMSImpl();
+
+		dataObjectInfoCMSImpl.setStructure(DataObjectInfoCMSImpl.STRUCTURE_DETACHED);
+
+		CMSDataObjectImpl cmsDataObjectImpl = new CMSDataObjectImpl();
+
+		CMSContentExplicitImpl cmsContent = new CMSContentExplicitImpl();
+		cmsContent.setBinaryContent(new ByteArrayInputStream(input));
+
+		cmsDataObjectImpl.setContent(cmsContent);
+
+		MetaInfoImpl metaInfoImpl = new MetaInfoImpl();
+
+		metaInfoImpl.setMimeType("application/pdf");
+
+		cmsDataObjectImpl.setMetaInfo(metaInfoImpl);
+
+		dataObjectInfoCMSImpl.setDataObject(cmsDataObjectImpl);
+
+		singleSignatureInfos.setDataObjectInfo(dataObjectInfoCMSImpl);
+
+		createCMSSignatureRequest.getSingleSignatureInfos().add(singleSignatureInfos);
+
+		try {
+			CreateCMSSignatureResponse createCMSSignatureResponse = CMSSignatureCreationInvoker.getInstance()
+					.createCMSSignature(createCMSSignatureRequest, Collections.EMPTY_SET);
+
+			if (createCMSSignatureResponse.getResponseElements().isEmpty()) {
+				Logger.error("MOA CMS Signature response is empty!");
+				throw new PdfAsException("MOA CMS Signature response is empty");
+			}
+
+			CreateCMSSignatureResponseElement createCMSSignatureResponseElement = (CreateCMSSignatureResponseElement) createCMSSignatureResponse
+					.getResponseElements().get(0);
+			
+			if(createCMSSignatureResponseElement.getResponseType() 
+					== CreateCMSSignatureResponseElement.ERROR_RESPONSE) { 
+				ErrorResponse errorResponse = (ErrorResponse) createCMSSignatureResponseElement;
+			} else if(createCMSSignatureResponseElement.getResponseType() 
+					== CreateCMSSignatureResponseElement.CMS_SIGNATURE ) {
+				CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) createCMSSignatureResponseElement;
+				return Base64Utils.decode(cmsSignatureResponse.getCMSSignature(), true);
+			}
+		} catch (MOAException e) {
+			Logger.error("Failed to create signature!", e);
+			throw new PdfAsException("Failed to create signature!", e);
+		} catch (IOException e) {
+			Logger.error("Failed to create signature!", e);
+			throw new PdfAsException("Failed to create signature!", e);
+		}
+
+		return null;
+	}
+
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
new file mode 100644
index 0000000..f937495
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
@@ -0,0 +1,128 @@
+package at.gv.egovernment.moa.spss.server.pdfas;
+
+import java.io.ByteArrayInputStream;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.lib.api.Configuration;
+import at.gv.egiz.pdfas.lib.api.verify.SignatureCheck;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+import at.gv.egiz.pdfas.lib.impl.verify.IVerifier;
+import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
+import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.impl.CMSContentExplicitImpl;
+import at.gv.egovernment.moa.spss.api.impl.CMSDataObjectImpl;
+import at.gv.egovernment.moa.spss.api.impl.MetaInfoImpl;
+import at.gv.egovernment.moa.spss.api.impl.VerifyCMSSignatureRequestImpl;
+import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import iaik.x509.X509Certificate;
+
+public class InternalMoaVerifier implements IVerifier {
+
+	public static final String MOA_TRUSTPROFILE = "internal.moa.trustprofile";
+
+	private String trustProfile;
+
+	private static final Logger logger = LoggerFactory.getLogger(InternalMoaVerifier.class);
+
+	@Override
+	public List<VerifyResult> verify(byte[] signature, byte[] signatureContent, Date verificationTime)
+			throws PdfAsException {
+
+		List<VerifyResult> verificationResultList = new ArrayList<VerifyResult>();
+
+		VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest = new VerifyCMSSignatureRequestImpl();
+		verifyCMSSignatureRequest.setDateTime(verificationTime);
+		verifyCMSSignatureRequest.setTrustProfileId(this.trustProfile);
+		verifyCMSSignatureRequest.setCMSSignature(new ByteArrayInputStream(signature));
+
+		CMSContentExplicitImpl cmsContentExplicitImpl = new CMSContentExplicitImpl();
+		cmsContentExplicitImpl.setBinaryContent(new ByteArrayInputStream(signatureContent));
+
+		CMSDataObjectImpl cmsDataObjectImpl = new CMSDataObjectImpl();
+		cmsDataObjectImpl.setContent(cmsContentExplicitImpl);
+
+		MetaInfoImpl metaInfo = new MetaInfoImpl();
+		metaInfo.setMimeType("application/pdf");
+		metaInfo.setDescription("PDF Document");
+		cmsDataObjectImpl.setMetaInfo(metaInfo);
+
+		verifyCMSSignatureRequest.setDataObject(cmsDataObjectImpl);
+
+		verifyCMSSignatureRequest.setSignatories(VerifyCMSSignatureRequest.ALL_SIGNATORIES);
+
+		try {
+			VerifyCMSSignatureResponse verifyCMSSignatureResponse = CMSSignatureVerificationInvoker.getInstance()
+					.verifyCMSSignature(verifyCMSSignatureRequest);
+			Iterator iter;
+			for (iter = verifyCMSSignatureResponse.getResponseElements().iterator(); iter.hasNext();) {
+				VerifyCMSSignatureResponseElement responseElement = (VerifyCMSSignatureResponseElement) iter.next();
+				ExtendedVerifyResult verifyResult = new ExtendedVerifyResult();
+
+				verifyResult.setCertificateCheck(convertCheck(responseElement.getCertificateCheck()));
+				verifyResult.setValueCheckCode(convertCheck(responseElement.getSignatureCheck()));
+				verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, null));
+				verifyResult.setQualifiedCertificate(responseElement.getSignerInfo().isQualifiedCertificate());
+				verifyResult.setVerificationDone(true);
+
+				if (responseElement.getSignerInfo().getSignerCertificate() instanceof X509Certificate) {
+					verifyResult.setSignerCertificate(
+							(X509Certificate) responseElement.getSignerInfo().getSignerCertificate());
+				} else {
+					verifyResult.setSignerCertificate(
+							new X509Certificate(responseElement.getSignerInfo().getSignerCertificate().getEncoded()));
+				}
+				
+				verifyResult.setQcSource(responseElement.getSignerInfo().getQCSource());
+				
+				verifyResult.setPublicAuthority(responseElement.getSignerInfo().isPublicAuthority());
+				verifyResult.setPublicAuthorityID(responseElement.getSignerInfo().getPublicAuhtorityID());
+				verifyResult.setSSCD(responseElement.getSignerInfo().isSSCD());
+				verifyResult.setSscdSource(responseElement.getSignerInfo().getSSCDSource());
+				verifyResult.setIssureCountryCode(responseElement.getSignerInfo().getIssuerCountryCode());
+				
+				verificationResultList.add(verifyResult);
+			}
+		} catch (MOAException e) {
+			logger.error("Failed to verify CMS Signature with MOA", e);
+			throw new PdfAsException("Failed to verify CMS Signature with MOA", e);
+		} catch (CertificateEncodingException e) {
+			logger.error("Failed to verify CMS Signature with MOA", e);
+			throw new PdfAsException("Failed to verify CMS Signature with MOA", e);
+		} catch (CertificateException e) {
+			logger.error("Failed to verify CMS Signature with MOA", e);
+			throw new PdfAsException("Failed to verify CMS Signature with MOA", e);
+		}
+
+		return verificationResultList;
+	}
+
+	private SignatureCheck convertCheck(CheckResult checkResult) {
+		return new SignatureCheckImpl(checkResult.getCode(), null);
+	}
+
+	@Override
+	public void setConfiguration(Configuration config) {
+		this.trustProfile = config.getValue(MOA_TRUSTPROFILE);
+	}
+
+	@Override
+	public SignatureVerificationLevel getLevel() {
+		return SignatureVerificationLevel.FULL_VERIFICATION;
+	}
+
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
new file mode 100644
index 0000000..a18ee9f
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -0,0 +1,476 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.X509Certificate;
+import java.util.Iterator;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.axis.AxisFault;
+import org.apache.axis.Message;
+import org.apache.axis.MessageContext;
+import org.apache.axis.attachments.AttachmentPart;
+import org.apache.axis.handlers.BasicHandler;
+import org.apache.axis.transport.http.HTTPConstants;
+import org.apache.axis.utils.Messages;
+import org.apache.axis.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionIDGenerator;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * An handler that is invoked on each web service request and performs some
+ * central message handling.
+ * 
+ * Mainly sets up the <code>TransactionContext</code> for the current
+ * transaction (i.e. web service request).
+ * 
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class AxisHandler extends BasicHandler {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 2520698947819506866L;
+
+	/** The resource names of the messages to load. */
+	private static final String MOA_SPSS_WSDL_RESOURCE_ = "/resources/wsdl/MOA-SPSS-2.0.0.wsdl";
+
+	/** The property name for accessing the HTTP request. */
+	private static final String REQUEST_PROPERTY = HTTPConstants.MC_HTTP_SERVLETREQUEST;
+
+	/** The property name for accessing the X509 client certificate chain. */
+	private static final String X509_CERTIFICATE_PROPERTY = "javax.servlet.request.X509Certificate";
+
+	/** The property name for accessing the SOAP action header. */
+	private static final String SOAP_ACTION_HEADER = "soapaction";
+
+	/** URI of the SOAP XML namespace. */
+	public static final String SOAP_NS_URI = "http://schemas.xmlsoap.org/soap/envelope/";
+
+	/** Prefix used for the SOAP XML namespace */
+	public static final String SOAP_PREFIX = "soapenv";
+
+	/** Simple string contains the front part of the enveloping SOAP wrapping */
+	private static final String SOAP_PART_PRE = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body>";
+
+	/** Simple string contains the post part of the enveloping SOAP wrapping */
+	private static final String SOAP_PART_POST = "</soapenv:Body></soapenv:Envelope>";
+
+	/**
+	 * Handle an invocation of this handler.
+	 * 
+	 * @param msgContext
+	 *            Information about this request/response.
+	 * @throws AxisFault
+	 *             An error occurred during processing of the request.
+	 * @see org.apache.axis.Handler#invoke(MessageContext)
+	 */
+	public void invoke(MessageContext msgContext) throws AxisFault {
+		if (!msgContext.getPastPivot()) {
+			handleRequest(msgContext);
+		} else {
+			handleResponse(msgContext);
+		}
+	}
+
+	/**
+	 * This method is called by <code>invoke</code> to handle incoming requests.
+	 * 
+	 * @param msgContext
+	 *            The context as provided to <code>invoke</code>.
+	 * @throws AxisFault
+	 *             An error occurred during processing of the request.
+	 */
+	private void handleRequest(MessageContext msgContext) throws AxisFault {
+		try {
+			Logger.trace("---- Entering Axishandler");
+			// generate a unique transaction id and build the TransactionContext
+			// for this request
+			HttpServletRequest request = (HttpServletRequest) msgContext.getProperty(REQUEST_PROPERTY);
+
+			X509Certificate[] clientCert = (X509Certificate[]) request.getAttribute(X509_CERTIFICATE_PROPERTY);
+
+			// Configure Axis
+			// AxisProperties.setProperty(AxisEngine.PROP_ENABLE_NAMESPACE_PREFIX_OPTIMIZATION,"false");
+			// AxisProperties.setProperty(AxisEngine.PROP_DOMULTIREFS,"false");
+			// AxisProperties.setProperty(AxisEngine.PROP_SEND_XSI,"true");
+			// msgContext.setProperty(org.apache.axis.SOAPPart.ALLOW_FORM_OPTIMIZATION,
+			// Boolean.FALSE);
+			// msgContext.setProperty(org.apache.axis.
+			// AxisEngine.PROP_ENABLE_NAMESPACE_PREFIX_OPTIMIZATION,"false");
+
+			Message soapMessage = msgContext.getCurrentMessage();
+
+			ConfigurationProvider configuration = ConfigurationProvider.getInstance();
+
+			Element xmlRequest = null;
+			// log.info(soapMessage.getSOAPPartAsString());
+			Element soapPart = DOMUtils
+					.parseDocument(new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null)
+					.getDocumentElement();
+			if (soapPart != null) {
+				// TODO: check if DOM Version is intolerant when white spaces
+				// are between tags (preceding normalization would be necessary)
+				NodeList soapBodies = soapPart.getElementsByTagNameNS(SOAP_NS_URI, "Body");
+				if (soapBodies != null && soapBodies.getLength() > 0) {
+					xmlRequest = DOMUtils.getElementFromNodeList(soapBodies.item(0).getChildNodes());
+				}
+				// oder TODO: Evaluierung ob XPATH schneller
+				/*
+				 * HashMap nSMap = new HashMap(); nSMap.put((String)SOAP_PREFIX,
+				 * SOAP_NS_URI); Element soapBody = (Element)
+				 * XPathUtils.selectSingleNode(soapPart, nSMap,
+				 * "/"+SOAP_PREFIX+":Envelope/"+SOAP_PREFIX+":Body"); if
+				 * (soapBody!=null) { xmlRequest =
+				 * DOMUtils.getElementFromNodeList(soapBody.getChildNodes()); }
+				 */
+			}
+
+			TransactionContext context = new TransactionContext(TransactionIDGenerator.nextID(), clientCert,
+					configuration, xmlRequest, null);
+
+			String soapAction = (String) request.getHeader(SOAP_ACTION_HEADER);
+			if ("\"\"".equals(soapAction)) {
+				// if http soap action header is empty
+				soapAction = msgContext.getTargetService();
+			}
+			context.setRequestName(soapAction);
+
+			if (soapMessage.getAttachmentsImpl() != null) {
+				Logger.info("Attachments is NOT null!");
+				Logger.trace(">>> Get AttachmentCount");
+				int attachmentCount = soapMessage.getAttachmentsImpl().getAttachmentCount();
+				Logger.trace("<<< Finished Get AttachmentCount");
+				if (attachmentCount > 0) {
+
+					// add SOAP attachments to transaction context
+					@SuppressWarnings("rawtypes")
+					Iterator iterator = soapMessage.getAttachments();
+					while (iterator.hasNext()) {
+						AttachmentPart attachment = (AttachmentPart) iterator.next();
+						String id = attachment.getContentId();
+						String type = attachment.getContentType();
+
+						// Now get the InputStream (note: we could also get the
+						// content with Object content =
+						// attachment.getContent();)
+						InputStream is = null;
+						javax.activation.DataHandler datahandler = attachment.getDataHandler();
+
+						int TYPE = 2;
+						switch (TYPE) {
+						case 1: {
+							org.apache.axis.attachments.ManagedMemoryDataSource mmds = (org.apache.axis.attachments.ManagedMemoryDataSource) datahandler
+									.getDataSource();
+							context.addAttachment(id, type, mmds);
+							break;
+						}
+						case 2: {
+							is = datahandler.getDataSource().getInputStream();
+							context.addAttachment(id, type, is, datahandler.getDataSource().getName());
+							break;
+						}
+						}
+						debug("handler.06", new Object[] { id, type });
+					}
+				}
+			} else {
+				Logger.info("Attachments is null!");
+			}
+
+			setUpContexts(context);
+
+			// log some information about the request
+			info("handler.00", new Object[] { context.getTransactionID(), msgContext.getTargetService() });
+			info("handler.01", new Object[] { request.getRemoteAddr() });
+			if (clientCert != null) {
+				info("handler.02", new Object[] { clientCert[0].getSubjectDN(), clientCert[0].getSerialNumber(),
+						clientCert[0].getIssuerDN() });
+
+			} else {
+				info("handler.03", null);
+			}
+			if (Logger.isTraceEnabled()) {
+				// OutputFormat format = new OutputFormat((Document)
+				// xmlRequest.getOwnerDocument());
+				// format.setLineSeparator("\n");
+				// format.setIndenting(false);
+				// format.setPreserveSpace(true);
+				// format.setOmitXMLDeclaration(false);
+				// format.setEncoding("UTF-8");
+				// ByteArrayOutputStream baos = new ByteArrayOutputStream();
+				// XMLSerializer conSerializer = new XMLSerializer(baos,
+				// format);
+				// conSerializer.serialize(xmlRequest);
+				// Logger.debug(new LogMsg("Request:" + baos.toString()));
+
+				String msg = soapMessage.getSOAPPartAsString();
+				Logger.trace(new LogMsg(msg));
+			}
+		} catch (MOASystemException e) {
+			MOASystemException se = new MOASystemException("2900", null, e);
+			AxisFault fault = AxisFault.makeFault(se);
+			fault.setFaultDetail(new Element[] { se.toErrorResponse() });
+			throw fault;
+		} catch (Throwable t) {
+			t.printStackTrace();
+			Logger.info(new LogMsg(t.getStackTrace()));
+			MOASystemException e = new MOASystemException("2900", null, t);
+			AxisFault fault = AxisFault.makeFault(e);
+			fault.setFaultDetail(new Element[] { e.toErrorResponse() });
+			throw fault;
+		}
+		Logger.trace("---- Leaving Axishandler");
+	}
+
+	/**
+	 * This method is called by <code>invoke</code> to handle outgoing
+	 * responses.
+	 * 
+	 * @param msgContext
+	 *            The context as provided to <code>invoke</code>.
+	 * @throws AxisFault
+	 *             An error occurred during processing of the response.
+	 */
+	private void handleResponse(MessageContext msgContext) throws AxisFault {
+		String xmlResponseString = null;
+		String soapResponseString = null;
+
+		TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+		Element xmlResponse = context.getResponse();
+
+		if (xmlResponse != null) {
+			try {
+				xmlResponseString = DOMUtils.serializeNode(xmlResponse, true);
+				/*
+				 * Soll die Antwort nur \n enthalten, so gibt es 2
+				 * Möglichkeiten: 1.) Xalan Version und xmlResponseString =
+				 * DOMUtils.serializeNode(xmlResponse, true, "\n"); 2.)
+				 * OutputFormat serializerFormat = new OutputFormat((Document)
+				 * xmlResponse.getOwnerDocument());
+				 * serializerFormat.setLineSeparator("\n");
+				 * serializerFormat.setIndenting(false);
+				 * serializerFormat.setPreserveSpace(true);
+				 * serializerFormat.setOmitXMLDeclaration(true);
+				 * serializerFormat.setEncoding("UTF-8"); ByteArrayOutputStream
+				 * serializedBytes = new ByteArrayOutputStream(); XMLSerializer
+				 * serializer = new XMLSerializer(serializedBytes,
+				 * serializerFormat); serializer.serialize(xmlResponse);
+				 * serializedBytes.close(); xmlResponseString =
+				 * serializedBytes.toString("UTF-8");
+				 */
+				if (Logger.isTraceEnabled()) {
+					Logger.trace(new LogMsg(xmlResponseString));
+				}
+				soapResponseString = SOAP_PART_PRE + xmlResponseString + SOAP_PART_POST;
+				// override axis response-message
+				msgContext.setResponseMessage(new Message(soapResponseString));
+			} catch (Throwable t) {
+				t.printStackTrace();
+				Logger.info(new LogMsg(t.getStackTrace()));
+				MOASystemException e = new MOASystemException("2900", null, t);
+				AxisFault fault = AxisFault.makeFault(e);
+				fault.setFaultDetail(new Element[] { e.toErrorResponse() });
+				throw fault;
+			}
+
+		} else {
+			// Fallback: if functions do not set the resulting response in the
+			// transaction, the original one from axis will be used
+			soapResponseString = msgContext.getCurrentMessage().getSOAPPartAsString();
+		}
+
+		info("handler.04", null);
+		if (Logger.isDebugEnabled()) {
+			Logger.debug(new LogMsg(soapResponseString));
+		}
+		tearDownContexts();
+	}
+
+	/**
+	 * Called, when the processing of the web service fails.
+	 * 
+	 * @param msgContext
+	 *            Information about the current request.
+	 * @see org.apache.axis.Handler#onFault(org.apache.axis.MessageContext)
+	 */
+	public void onFault(MessageContext msgContext) {
+		info("handler.05", null);
+		tearDownContexts();
+	}
+
+	/**
+	 * Set up the thread-local contexts (<code>TransactionContext</code> and
+	 * <code>LoggingContext</code>).
+	 * 
+	 * @param context
+	 *            The <code>TransactionContext</code> to set for the current
+	 *            request.
+	 */
+	private void setUpContexts(TransactionContext context) {
+		// set the transaction context in the TransactionContextManager
+		TransactionContextManager tcm = TransactionContextManager.getInstance();
+		tcm.setTransactionContext(context);
+
+		// set the logging context in the LoggingContextManager
+		LoggingContextManager lcm = LoggingContextManager.getInstance();
+		LoggingContext lc = new LoggingContext(context.getTransactionID());
+		lcm.setLoggingContext(lc);
+	}
+
+	/**
+	 * Tear down the thread-local contexts.
+	 */
+	private void tearDownContexts() {
+		TransactionContextManager tcm = TransactionContextManager.getInstance();
+
+		// delete temporary files
+		TransactionContext context = tcm.getTransactionContext();
+		context.cleanAttachmentCache();
+
+		// unset the transaction context
+		tcm.setTransactionContext(null);
+
+		// unset the logging context
+		LoggingContextManager lcm = LoggingContextManager.getInstance();
+		lcm.setLoggingContext(null);
+	}
+
+	/**
+	 * Generate the WSDL into the <code>msgContext</code>.
+	 * 
+	 * The code of this method is more or less copied from the
+	 * <code>org.apache.axis.handlers.soap.SOAPService</code> class contained in
+	 * the 1.1 release of Axis to allow for a missing <code>wsdlFile</code> (so
+	 * that a resource by the same name is searched for in the classpath). The
+	 * implementation of this method should be obsolete if Axis 1.1 or higher is
+	 * used.
+	 * 
+	 * @param msgContext
+	 *            The <code>MessageContext</code> that will contain the WSDL
+	 *            description of the current web service.
+	 * @throws AxisFault
+	 *             An error occurred producing the WSDL.
+	 */
+	public void generateWSDL(MessageContext msgContext) throws AxisFault {
+		InputStream instream = null;
+
+		try {
+			String filename = MOA_SPSS_WSDL_RESOURCE_;
+
+			File file = new File(filename);
+			if (file.exists()) {
+				// if this resolves to a file, load it
+				instream = new FileInputStream(filename);
+			} else {
+				// else load a named resource in our classloader.
+				instream = this.getClass().getResourceAsStream(filename);
+				if (instream == null) {
+					String errorText = Messages.getMessage("wsdlFileMissing", filename);
+					throw new AxisFault(errorText);
+				}
+			}
+			Document doc = XMLUtils.newDocument(instream);
+			msgContext.setProperty("WSDL", doc);
+		} catch (Exception e) {
+			throw AxisFault.makeFault(e);
+		} finally {
+			if (instream != null) {
+				try {
+					instream.close();
+				} catch (IOException e) {
+					// ok to do nothing here
+				}
+			}
+		}
+	}
+
+	/**
+	 * Utility function to issue an info message to the log.
+	 * 
+	 * @param messageId
+	 *            The ID of the message to log.
+	 * @param parameters
+	 *            Additional message parameters.
+	 */
+	private static void info(String messageId, Object[] parameters) {
+		MessageProvider msg = MessageProvider.getInstance();
+
+		Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
+	}
+
+	/**
+	 * Utility function to issue an debug message to the log.
+	 * 
+	 * @param messageId
+	 *            The ID of the message to log.
+	 * @param parameters
+	 *            Additional message parameters.
+	 */
+	private static void debug(String messageId, Object[] parameters) {
+		MessageProvider msg = MessageProvider.getInstance();
+
+		Logger.debug(new LogMsg(msg.getMessage(messageId, parameters)));
+	}
+
+	// private byte[] toByteArray(AttachmentPart attachment) throws
+	// SOAPException, IOException
+	// {
+	// ByteArrayOutputStream outputStream = new
+	// ByteArrayOutputStream(attachment.getSize());
+	// InputStream inputStream = (InputStream) attachment.getContent();
+	// int currentByte = -1;
+	// while ((currentByte = inputStream.read()) != -1)
+	// outputStream.write(currentByte);
+	//
+	// inputStream.close();
+	// outputStream.close();
+	//
+	// return outputStream.toByteArray();
+	//
+	// }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
new file mode 100644
index 0000000..c8a0f68
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
@@ -0,0 +1,178 @@
+package at.gv.egovernment.moa.spss.server.service;
+
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionIDGenerator;
+
+/**
+ * 
+ * @author Andreas Fitzek
+ * @version $Id$
+ */
+public class CertificateProviderServlet extends HttpServlet {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -6907582473072190122L;
+
+	/** The property name for accessing the X509 client certificate chain. */
+	private static final String X509_CERTIFICATE_PROPERTY = "javax.servlet.request.X509Certificate";
+
+	public static final String PARAM_KEYID = "id";
+	
+	/**
+	 * Build the set of <code>KeyEntryID</code>s available to the given
+	 * <code>keyGroupID</code>.
+	 * 
+	 * @param keyGroupID
+	 *            The keygroup ID for which the available keys should be
+	 *            returned.
+	 * @return The <code>Set</code> of <code>KeyEntryID</code>s identifying the
+	 *         available keys.
+	 * @throws ConfigurationException
+	 */
+	private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module)
+			throws ConfigurationException {
+		ConfigurationProvider config = ConfigurationProvider.getInstance();
+		Set keyGroupEntries;
+
+		// get the KeyGroup entries from the configuration
+		if (cert != null) {
+			Principal issuer = cert.getIssuerDN();
+			BigInteger serialNumber = cert.getSerialNumber();
+
+			keyGroupEntries = config.getKeyGroupEntries(issuer, serialNumber,
+					keyGroupID);
+		} else {
+			keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
+		}
+
+		// map the KeyGroup entries to a set of KeyEntryIDs
+		if (keyGroupEntries == null) {
+			return null;
+		} else if (keyGroupEntries.size() == 0) {
+			return Collections.EMPTY_SET;
+		} else {
+			
+			Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+			Set keySet = new HashSet();
+			Iterator iter;
+			
+			// filter out the keys that do not exist in the IAIK configuration
+			// by walking through the key entries and checking if the exist in
+			// the
+			// keyGroupEntries
+			for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+				KeyEntryID entryID = (KeyEntryID) iter.next();
+				KeyGroupEntry entry = new KeyGroupEntry(entryID.getModuleID(),
+						entryID.getCertificateIssuer(),
+						entryID.getCertificateSerialNumber());
+				if (keyGroupEntries.contains(entry)) {
+					keySet.add(entryID);
+				}
+			}
+			return keySet;
+		}
+	}
+
+	private X509Certificate getClientCertificate(HttpServletRequest request) {
+		X509Certificate[] clientCert = (X509Certificate[]) request
+				.getAttribute(X509_CERTIFICATE_PROPERTY);
+		if(clientCert != null) {
+			return clientCert[0];
+		}
+		return null;
+	}
+
+	public void doGet(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+		try {
+			X509Certificate cert = getClientCertificate(request);
+			String keyId = request.getParameter(PARAM_KEYID);
+			
+			if(keyId == null) {
+				Logger.warn(PARAM_KEYID + " not provided in Request. Returning: " + HttpServletResponse.SC_BAD_REQUEST);
+				response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+				return;
+			}
+			
+			String transactionId = TransactionIDGenerator.nextID();
+			
+			KeyModule module = KeyModuleFactory.getInstance(new TransactionId(
+					transactionId));
+			
+			Set keySet = buildKeySet(keyId, cert, module);
+			
+			if(keySet == null || keySet.isEmpty()) {
+				Logger.warn("No keys available for Key Identifier " + keyId + " and given authentication.");
+				response.sendError(HttpServletResponse.SC_NOT_FOUND);
+				return;
+			}
+			
+			
+			if(keySet.size() != 1) {
+				Logger.warn("Too many keys available for Key Identifier " + keyId + " and given authentication.");
+				response.sendError(HttpServletResponse.SC_CONFLICT);
+				return;
+			}
+			
+			Iterator iter;
+
+			// filter out the keys that do not exist in the IAIK configuration
+			// by walking through the key entries and checking if the exist in
+			// the
+			// keyGroupEntries
+			for (iter = keySet.iterator(); iter.hasNext();) {
+				KeyEntryID entryID = (KeyEntryID) iter.next();
+				
+				List certChain = module.getPrivateKeyEntry(entryID).getCertificateChain();
+				
+				if(certChain != null && !certChain.isEmpty()) {
+					Logger.trace("Returning Certificate!");
+					Certificate keyCert = ((Certificate)certChain.get(0));
+					byte[] certData = keyCert.getEncoded();
+					response.setStatus(HttpServletResponse.SC_OK);
+					response.setContentType("application/pkix-cert");
+					response.setHeader("Content-disposition","attachment; filename=\"" + keyId + ".cer\"");
+					response.getOutputStream().write(certData);
+					response.getOutputStream().close();
+					return;
+				}
+				
+				break;
+			}
+			
+			// No Certificate could be found!
+			Logger.warn("Failed to find keys available for Key Identifier " + keyId + " and given authentication.");
+			response.sendError(HttpServletResponse.SC_NOT_FOUND);
+			return;
+		} catch(Throwable e) {
+			Logger.error("Unhandled Exception when providing certificate", e);
+			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+		}
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
new file mode 100644
index 0000000..8bdfb65
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.init.*;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * A servlet to initialize and update the MOA configuration.
+ * 
+ * @author Fatemeh Philippi
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationServlet extends HttpServlet {
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 8372961105222028696L;
+/** The document type of the HTML to generate. */
+  private static final String DOC_TYPE =
+    "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
+
+  /**
+   * Handle a HTTP GET request, used to indicated that the MOA
+   * configuration needs to be updated (reloaded).
+   * 
+   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+   */
+  public void doGet(HttpServletRequest request, HttpServletResponse response)
+    throws ServletException, IOException {
+
+    MessageProvider msg = MessageProvider.getInstance();
+    PrintWriter out;
+
+    // set up a logging context for logging the reconfiguration
+    LoggingContextManager.getInstance().setLoggingContext(
+      new LoggingContext("configuration update"));
+
+    response.setContentType("text/html");
+    out = response.getWriter();
+    out.println(DOC_TYPE);
+    out.println("<head><title>MOA configuration update</title></head>");
+    out.println("<body bgcolor=\"#FFFFFF\">");
+    try {
+      // reconfigure the system
+      ConfigurationProvider config = ConfigurationProvider.reload();
+      IaikConfigurator iaikConfigurator = new IaikConfigurator();
+
+      iaikConfigurator.configure(config);
+
+      // print a status message
+      out.println("<p><b>" + msg.getMessage("config.06", null) + "</b></p>");
+      Logger.info(new LogMsg(msg.getMessage("config.06", null)));
+
+      if (!config.getWarnings().isEmpty()) {
+        // print the warnings
+        List allWarnings = new ArrayList();
+        Iterator iter;
+        
+        allWarnings.addAll(config.getWarnings());
+        allWarnings.addAll(iaikConfigurator.getWarnings());
+        
+        out.println("<p><b>" + msg.getMessage("config.29", null) + "</b></p>");
+        for (iter = allWarnings.iterator(); iter.hasNext();) {
+          out.println(iter.next() + "<br />");
+        }
+        out.println("<p><b>" + msg.getMessage("config.28", null) + "</b></p>");
+      }
+
+    } catch (Throwable t) {
+      out.println("<p><b>" + msg.getMessage("config.20", null) + "</b></p>");
+      out.println("<p><b>" + msg.getMessage("config.28", null) + "</b></p>");
+      Logger.warn(new LogMsg(msg.getMessage("config.20", null)), t);
+    }
+    out.println("</body>");
+
+    out.flush();
+    out.close();
+    
+    // tear down the logging context
+    LoggingContextManager.getInstance().setLoggingContext(null);
+  }
+
+  /**
+   * Do the same as <code>doGet</code>.
+   * 
+   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+   */
+  public void doPost(HttpServletRequest request, HttpServletResponse response)
+    throws ServletException, IOException {
+    doGet(request, response);
+  }
+
+  /**
+   * Perform some initial initialization tasks for the MOA web services
+   * application.
+   * 
+   * Does an initial load of the MOA configuration to test if a working web
+   * service can be provided.
+   * 
+   * @see javax.servlet.GenericServlet#init()
+   */
+  public void init() throws ServletException {
+    SystemInitializer.init();
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/DeleteableDataSourceWrapper.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/DeleteableDataSourceWrapper.java
new file mode 100644
index 0000000..1d49cd7
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/DeleteableDataSourceWrapper.java
@@ -0,0 +1,43 @@
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import at.gv.egovernment.moa.spss.server.transaction.DeleteableDataSource;
+
+public class DeleteableDataSourceWrapper implements DeleteableDataSource {
+
+	private org.apache.axis.attachments.ManagedMemoryDataSource wrapped;
+	
+	public DeleteableDataSourceWrapper(org.apache.axis.attachments.ManagedMemoryDataSource wrapped) {
+		this.wrapped = wrapped;
+	}
+
+	@Override
+	public String getContentType() {
+		return this.wrapped.getContentType();
+	}
+
+	@Override
+	public InputStream getInputStream() throws IOException {
+		return this.wrapped.getInputStream();
+	}
+
+	@Override
+	public String getName() {
+		return this.wrapped.getName();
+	}
+
+	@Override
+	public OutputStream getOutputStream() throws IOException {
+		return this.wrapped.getOutputStream();
+	}
+
+	@Override
+	public void delete() {
+		this.wrapped.delete();
+	}
+	
+	
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
new file mode 100644
index 0000000..d986f7a
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.io.ByteArrayInputStream;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MOAErrorHandler;
+
+/**
+ * Helper methods for the Service classes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ServiceUtils {
+
+  /**
+   * Schema-validate a request.
+   * 
+   * @param request The request to validate.
+   * @throws MOAApplicationException An error occurred validating the requst.
+   */
+  public static void validateRequest(Element[] request)
+    throws MOAApplicationException {
+
+    // validate the request
+    try {
+      DOMUtils.validateElement(
+        request[0],
+        Constants.ALL_SCHEMA_LOCATIONS,
+        null,
+        new MOASPSSEntityResolver());
+    } catch (Exception e) {
+      throw new MOAApplicationException(
+        "1100",
+        new Object[] { e.getMessage()},
+        e);
+    }
+  }
+
+  /**
+   * Reparse the request with schema-validation turned on so that ID references
+   * are resolved.
+   * 
+   * @param request The request to reparse.
+   * @return The reparsed request.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public static Element reparseRequest(Element request)
+    throws MOAApplicationException {
+
+    try {
+      byte[] requestBytes = DOMUtils.serializeNode(request, "UTF-8");
+      Document validatedRequest = DOMUtils.parseDocument(new ByteArrayInputStream(requestBytes),
+    	          true,
+    	          Constants.ALL_SCHEMA_LOCATIONS,
+    	          null,
+    		      new MOASPSSEntityResolver(),
+    		      new MOAErrorHandler());
+    	  
+//        DOMUtils.parseDocument(
+//          new ByteArrayInputStream(requestBytes),
+//          true,
+//          Constants.ALL_SCHEMA_LOCATIONS,
+//          null);
+      return validatedRequest.getDocumentElement();
+    } catch (Exception e) {
+      throw new MOAApplicationException(
+        "1100",
+        new Object[] { e.getMessage()},
+        e);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
new file mode 100644
index 0000000..0c800a2
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -0,0 +1,314 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.service;
+
+import java.util.Collections;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axis.AxisFault;
+import org.apache.axis.i18n.Messages;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker;
+import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker;
+import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRequest;
+import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRespone;
+import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFSignatureRequestParser;
+import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFSignatureResponseBuilder;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StreamUtils;
+
+/**
+ * The service endpoint for the <code>SignatureCreation</code> web service.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SignatureCreationService {
+	
+	/**
+	   * Handle a <code>CreatePDFSignatureRequest</code>.
+	   * 
+	   * @param request The <code>CreatePDFSignatureRequest</code> to work on
+	   * (contained in the 0th element of the array).
+	   * @return A <code>CreatePDFSignatureResponse</code> as the only element of
+	   * the <code>Element</code> array.
+	   * @throws AxisFault An error occurred during handling of the message.
+	   */
+	  public Element[] CreatePDFSignatureRequest(Element[] request)
+	    throws AxisFault {
+		  Logger.trace("---- Entering SignatureCreationService");
+		  //PDFSignatureCreationInvoker invoker =
+			//	  PDFSignatureCreationInvoker.getInstance();
+	    Element[] response = new Element[1];
+
+	    // check that we have a CreateXMLSignatureRequest; if not, create an
+	    // AxisFault, just like the org.apache.axis.providers.java.MsgProvider
+	    if (!Constants.MOA_SPSS_CREATE_PDF_REQUEST.equals(request[0].getLocalName()) ||
+	      !Constants.MOA_NS_URI.equals(request[0].getNamespaceURI()))
+	    {
+	      QName qname =
+	        new QName(request[0].getNamespaceURI(), request[0].getLocalName());
+	      throw new AxisFault(
+	        Messages.getMessage("noOperationForQName", qname.toString())); // TODO GK Operation name does not make it into the error repsonse
+	    }
+
+	    // handle the request
+	    try {
+	        
+	      // create a parser and builder for binding API objects to/from XML
+	      CreatePDFSignatureRequestParser requestParser =
+	        new CreatePDFSignatureRequestParser();
+	      CreatePDFSignatureResponseBuilder responseBuilder =
+	        new CreatePDFSignatureResponseBuilder();
+	      Element reparsedReq;
+	      CreatePDFRequest requestObj;
+	      CreatePDFRespone responseObj;
+
+	      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
+	      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+	  
+	      // validate the request
+	      reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
+	      
+	      // convert to API objects
+		  Logger.trace(">>> preparsing Request");
+	      requestObj = requestParser.parse(reparsedReq);
+		  Logger.trace("<<< preparsed Request");
+	      
+		  Logger.trace(">>> creating Signature");
+	      // invoke the core logic
+	      responseObj = PDFASInvoker.getInstance().createPDFSignature(requestObj, context.getTransactionID());
+		  Logger.trace("<<< created Signature");
+
+		  Logger.trace(">>> building Response");
+	      // map back to XML
+	      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+		  Logger.trace("<<< built Response");
+	      
+	      // save response in transaction
+	      context.setResponse(response[0]);
+		  Logger.trace("---- Leaving SignatureCreationService");
+		  
+
+	    } catch (MOAException e) {
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    } catch (Throwable t) {
+	      MOASystemException e = new MOASystemException("2900", null, t);
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    }
+
+	    return response;
+	  }
+	
+	 /**
+	   * Handle a <code>CreateXMLSignatureRequest</code>.
+	   * 
+	   * @param request The <code>CreateXMLSignatureRequest</code> to work on
+	   * (contained in the 0th element of the array).
+	   * @return A <code>CreateXMLSignatureResponse</code> as the only element of
+	   * the <code>Element</code> array.
+	   * @throws AxisFault An error occurred during handling of the message.
+	   */
+	  public Element[] CreateCMSSignatureRequest(Element[] request)
+	    throws AxisFault {
+		  Logger.trace("---- Entering SignatureCreationService");
+	    CMSSignatureCreationInvoker invoker =
+	      CMSSignatureCreationInvoker.getInstance();
+	    Element[] response = new Element[1];
+
+	    // check that we have a CreateXMLSignatureRequest; if not, create an
+	    // AxisFault, just like the org.apache.axis.providers.java.MsgProvider
+	    if (!Constants.MOA_SPSS_CREATE_CMS_REQUEST.equals(request[0].getLocalName()) ||
+	      !Constants.MOA_NS_URI.equals(request[0].getNamespaceURI()))
+	    {
+	      QName qname =
+	        new QName(request[0].getNamespaceURI(), request[0].getLocalName());
+	      throw new AxisFault(
+	        Messages.getMessage("noOperationForQName", qname.toString())); // TODO GK Operation name does not make it into the error repsonse
+	    }
+
+	    // handle the request
+	    try {
+	        
+	      // create a parser and builder for binding API objects to/from XML
+	      CreateCMSSignatureRequestParser requestParser =
+	        new CreateCMSSignatureRequestParser();
+	      CreateCMSSignatureResponseBuilder responseBuilder =
+	        new CreateCMSSignatureResponseBuilder();
+	      Element reparsedReq;
+	      CreateCMSSignatureRequest requestObj;
+	      CreateCMSSignatureResponse responseObj;
+
+	      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
+	      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+	  
+	      // validate the request
+	      reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
+
+	      // convert to API objects
+		  Logger.trace(">>> preparsing Request");
+	      requestObj = requestParser.parse(reparsedReq);
+		  Logger.trace("<<< preparsed Request");
+	      
+		  Logger.trace(">>> creating Signature");
+	      // invoke the core logic
+	      responseObj = invoker.createCMSSignature(requestObj, Collections.EMPTY_SET);
+		  Logger.trace("<<< created Signature");
+
+		  Logger.trace(">>> building Response");
+	      // map back to XML
+	      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+		  Logger.trace("<<< built Response");
+	      
+	      // save response in transaction
+	      context.setResponse(response[0]);
+		  Logger.trace("---- Leaving SignatureCreationService");
+		  
+
+	    } catch (MOAException e) {
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    } catch (Throwable t) {
+	      MOASystemException e = new MOASystemException("2900", null, t);
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    }
+
+	    return response;
+	  }
+
+  /**
+   * Handle a <code>CreateXMLSignatureRequest</code>.
+   * 
+   * @param request The <code>CreateXMLSignatureRequest</code> to work on
+   * (contained in the 0th element of the array).
+   * @return A <code>CreateXMLSignatureResponse</code> as the only element of
+   * the <code>Element</code> array.
+   * @throws AxisFault An error occurred during handling of the message.
+   */
+  public Element[] CreateXMLSignatureRequest(Element[] request)
+    throws AxisFault {
+	  Logger.trace("---- Entering SignatureCreationService");
+    XMLSignatureCreationInvoker invoker =
+      XMLSignatureCreationInvoker.getInstance();
+    Element[] response = new Element[1];
+
+    // check that we have a CreateXMLSignatureRequest; if not, create an
+    // AxisFault, just like the org.apache.axis.providers.java.MsgProvider
+    if (!Constants.MOA_SPSS_CREATE_XML_REQUEST.equals(request[0].getLocalName()) ||
+      !Constants.MOA_NS_URI.equals(request[0].getNamespaceURI()))
+    {
+      QName qname =
+        new QName(request[0].getNamespaceURI(), request[0].getLocalName());
+      throw new AxisFault(
+        Messages.getMessage("noOperationForQName", qname.toString())); // TODO GK Operation name does not make it into the error repsonse
+    }
+
+    // handle the request
+    try {
+        
+      // create a parser and builder for binding API objects to/from XML
+      CreateXMLSignatureRequestParser requestParser =
+        new CreateXMLSignatureRequestParser();
+      CreateXMLSignatureResponseBuilder responseBuilder =
+        new CreateXMLSignatureResponseBuilder();
+      Element reparsedReq;
+      CreateXMLSignatureRequest requestObj;
+      CreateXMLSignatureResponse responseObj;
+
+      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
+      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+  
+      // validate the request
+      reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
+
+      // convert to API objects
+	  Logger.trace(">>> preparsing Request");
+      requestObj = requestParser.parse(reparsedReq);
+	  Logger.trace("<<< preparsed Request");
+      
+	  Logger.trace(">>> creating Signature");
+      // invoke the core logic
+      responseObj = invoker.createXMLSignature(requestObj, Collections.EMPTY_SET);
+	  Logger.trace("<<< created Signature");
+
+	  Logger.trace(">>> building Response");
+      // map back to XML
+      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+	  Logger.trace("<<< built Response");
+      
+      // save response in transaction
+      context.setResponse(response[0]);
+	  Logger.trace("---- Leaving SignatureCreationService");
+	  
+
+    } catch (MOAException e) {
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+      throw fault;
+    } catch (Throwable t) {
+      MOASystemException e = new MOASystemException("2900", null, t);
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      Logger.debug("Anfrage zur Signaturerstellung wurde nicht erfolgreich beendet:" 
+        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+      throw fault;
+    }
+
+    return response;
+  }
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
new file mode 100644
index 0000000..40b287d
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
@@ -0,0 +1,241 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.service;
+
+import org.apache.axis.AxisFault;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyCMSSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyCMSSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.util.StreamUtils;
+
+/**
+ * The service endpoint for the <code>SignatureVerification</code> web service.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SignatureVerificationService {
+
+	/**
+	   * Handle a <code>VerifyPDFSignatureRequest</code>.
+	   * 
+	   * @param request The <code>VerifyPDFSignatureRequest</code> to work on
+	   * (contained in the 0th element of the array).
+	   * @return A <code>VerifyPDFSignatureResponse</code> as the only element of
+	   * the <code>Element</code> array.
+	   * @throws AxisFault An error occurred during handling of the message.
+	   */
+	  public Element[] VerifyPDFSignatureRequest(Element[] request)
+	    throws AxisFault {
+	    CMSSignatureVerificationInvoker invoker =
+	      CMSSignatureVerificationInvoker.getInstance();
+	    Element[] response = new Element[1];
+	    
+	    try {
+	             
+	      // create a parser and builder for binding API objects to/from XML
+	      VerifyCMSSignatureRequestParser requestParser =
+	        new VerifyCMSSignatureRequestParser();
+	      VerifyCMSSignatureResponseBuilder responseBuilder =
+	        new VerifyCMSSignatureResponseBuilder();
+	      Element reparsedReq;
+	      VerifyCMSSignatureRequest requestObj;
+	      VerifyCMSSignatureResponse responseObj;
+
+	      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
+	      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+	      // validate the request
+	      reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
+	      
+	      // convert to API objects
+	      requestObj = requestParser.parse(reparsedReq);
+
+	      // invoke the core logic
+	      responseObj = invoker.verifyCMSSignature(requestObj);
+
+	      // map back to XML
+	      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+
+	      // save response in transaction
+	      context.setResponse(response[0]);
+	      
+	     
+	    } catch (MOAException e) {
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturpruefung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    } catch (Throwable t) {
+	      MOASystemException e = new MOASystemException("2900", null, t);
+	      AxisFault fault = AxisFault.makeFault(e);
+	      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+	      Logger.debug("Anfrage zur Signaturpruefung wurde nicht erfolgreich beendet:" 
+	        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+	      throw fault;
+	    }
+
+	    return response;
+	  }
+	
+  /**
+   * Handle a <code>VerifyCMSSignatureRequest</code>.
+   * 
+   * @param request The <code>VerifyCMSSignatureRequest</code> to work on
+   * (contained in the 0th element of the array).
+   * @return A <code>VerifyCMSSignatureResponse</code> as the only element of
+   * the <code>Element</code> array.
+   * @throws AxisFault An error occurred during handling of the message.
+   */
+  public Element[] VerifyCMSSignatureRequest(Element[] request)
+    throws AxisFault {
+    CMSSignatureVerificationInvoker invoker =
+      CMSSignatureVerificationInvoker.getInstance();
+    Element[] response = new Element[1];
+    
+    try {
+             
+      // create a parser and builder for binding API objects to/from XML
+      VerifyCMSSignatureRequestParser requestParser =
+        new VerifyCMSSignatureRequestParser();
+      VerifyCMSSignatureResponseBuilder responseBuilder =
+        new VerifyCMSSignatureResponseBuilder();
+      Element reparsedReq;
+      VerifyCMSSignatureRequest requestObj;
+      VerifyCMSSignatureResponse responseObj;
+
+      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
+      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+      // validate the request
+      reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
+      
+      // convert to API objects
+      requestObj = requestParser.parse(reparsedReq);
+
+      // invoke the core logic
+      responseObj = invoker.verifyCMSSignature(requestObj);
+
+      // map back to XML
+      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+
+      // save response in transaction
+      context.setResponse(response[0]);
+      
+     
+    } catch (MOAException e) {
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      Logger.debug("Anfrage zur Signaturpruefung wurde nicht erfolgreich beendet:" 
+        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+      throw fault;
+    } catch (Throwable t) {
+      MOASystemException e = new MOASystemException("2900", null, t);
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      Logger.debug("Anfrage zur Signaturpruefung wurde nicht erfolgreich beendet:" 
+        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+      throw fault;
+    }
+
+    return response;
+  }
+
+  /**
+   * Handle a <code>VerifyXMLSignatureRequest</code>.
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> to work on
+   * (contained in the 0th element of the array).
+   * @return A <code>VerifyXMLSignatureResponse</code> as the only element of
+   * the <code>Element</code> array.
+   * @throws AxisFault An error occurred during handling of the message.
+   */
+  public Element[] VerifyXMLSignatureRequest(Element[] request)
+    throws AxisFault {
+    XMLSignatureVerificationInvoker invoker =
+      XMLSignatureVerificationInvoker.getInstance();
+    Element[] response = new Element[1];
+
+    try {
+
+        // create a parser and builder for binding API objects to/from XML
+      VerifyXMLSignatureRequestParser requestParser =
+        new VerifyXMLSignatureRequestParser();
+      VerifyXMLSignatureResponseBuilder responseBuilder =
+        new VerifyXMLSignatureResponseBuilder();
+      Element reparsedReq;
+      VerifyXMLSignatureRequest requestObj;
+      VerifyXMLSignatureResponse responseObj;
+
+      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
+      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+      // validate the request
+      reparsedReq = ServiceUtils.reparseRequest(context.getRequest());
+      
+      // convert to API objects
+      requestObj = requestParser.parse(reparsedReq);
+      
+      // invoke the core logic
+      responseObj = invoker.verifyXMLSignature(requestObj);
+
+      // map back to XML
+      response[0] = responseBuilder.build(responseObj).getDocumentElement();
+      
+      // save response in transaction
+      context.setResponse(response[0]);
+      
+
+    } catch (MOAException e) {
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      Logger.debug("Anfrage zur Signaturpruefung wurde nicht erfolgreich beendet:" 
+        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+      throw fault;
+    } catch (Throwable t) {
+      MOASystemException e = new MOASystemException("2900", null, t);
+      AxisFault fault = AxisFault.makeFault(e);
+      fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+      Logger.debug("Anfrage zur Signaturpruefung wurde nicht erfolgreich beendet:" 
+        + System.getProperty("line.separator") + StreamUtils.getStackTraceAsString(e));
+      throw fault;
+    }
+
+    return response;
+  }
+
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFRequest.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFRequest.java
new file mode 100644
index 0000000..110665c
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFRequest.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class CreatePDFRequest {
+	private String keyIdentifier;
+	private List<PDFSignatureInfo> signatureInfoList = new ArrayList<PDFSignatureInfo>();
+	
+	public CreatePDFRequest(String keyIdentifier) {
+		this.keyIdentifier = keyIdentifier;
+	}
+
+	public synchronized String getKeyIdentifier() {
+		return keyIdentifier;
+	}
+
+	public synchronized List<PDFSignatureInfo> getSignatureInfoList() {
+		return signatureInfoList;
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFRespone.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFRespone.java
new file mode 100644
index 0000000..ef7e832
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFRespone.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class CreatePDFRespone {
+	private List<SignedPDFInfo> signatureInfoList = new ArrayList<SignedPDFInfo>();
+	
+	public CreatePDFRespone() {
+	}
+
+	public synchronized List<SignedPDFInfo> getSignatureInfoList() {
+		return signatureInfoList;
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFSignatureRequestParser.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFSignatureRequestParser.java
new file mode 100644
index 0000000..163a7ba
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFSignatureRequestParser.java
@@ -0,0 +1,142 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+import java.io.IOException;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A parser to parse <code>CreateCMSSignatureRequest</code> DOM trees into
+ * <code>CreateCMSSignatureRequest</code> API objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreatePDFSignatureRequestParser {
+
+	//
+	// XPath expresssions to select elements in the CreateCMSSignatureRequest
+	//
+	private static final String MOA = Constants.MOA_PREFIX + ":";
+	private static final String KEY_IDENTIFIER_XPATH = "/" + MOA + "CreatePDFSignatureRequest/" + MOA + "KeyIdentifier";
+	private static final String SINGLE_SIGNATURE_INFO_XPATH = "/" + MOA + "CreatePDFSignatureRequest/" + MOA
+			+ "SingleSignatureInfo";
+	private static final String SIGNATURE_PROFILE_XPATH = MOA + "SignatureProfile";
+	private static final String SIGNATURE_POSITION_XPATH = MOA + "SignaturePosition";
+	private static final String SIGNATURE_ID_XPATH = MOA + "SignatureID";
+
+	private static final String PDF_DOCUMENT_XPATH = MOA + "PDFDocument";
+
+	/**
+	 * Create a new <code>CreateCMSSignatureRequestParser</code>.
+	 */
+	public CreatePDFSignatureRequestParser() {
+	}
+
+	/**
+	 * Parse a <code>CreateCMSSignatureRequest</code> DOM element, as defined by
+	 * the MOA schema.
+	 * 
+	 * @param requestElem
+	 *            The <code>CreateCMSSignatureRequest</code> to parse. The
+	 *            request must have been successfully parsed against the schema
+	 *            for this method to succeed.
+	 * @return A <code>CreateCMSSignatureRequest</code> API object containing
+	 *         the data from the DOM element.
+	 * @throws MOAApplicationException
+	 *             An error occurred parsing the request.
+	 */
+	public CreatePDFRequest parse(Element requestElem) throws MOAApplicationException {
+
+		String keyIdentifier = XPathUtils.getElementValue(requestElem, KEY_IDENTIFIER_XPATH, null);
+
+		CreatePDFRequest createPDFRequest = new CreatePDFRequest(keyIdentifier);
+		parseSingleSignatureInfos(requestElem, createPDFRequest);
+
+		return createPDFRequest;
+	}
+
+	/**
+	 * Parse all <code>SingleSignatureInfo</code> elements of the
+	 * <code>CreateCMSSignatureRequest</code>.
+	 * 
+	 * @param requestElem
+	 *            The <code>CreateCMSSignatureRequest</code> to parse.
+	 * @return A <code>List</code> of <code>SingleSignatureInfo</code> API
+	 *         objects.
+	 * @throws MOAApplicationException
+	 *             An error occurred parsing on of the
+	 *             <code>SingleSignatureInfo</code> elements.
+	 */
+	private void parseSingleSignatureInfos(Element requestElem, CreatePDFRequest createPDFRequest)
+			throws MOAApplicationException {
+
+		NodeIterator sigInfoElems = XPathUtils.selectNodeIterator(requestElem, SINGLE_SIGNATURE_INFO_XPATH);
+		Element sigInfoElem;
+
+		while ((sigInfoElem = (Element) sigInfoElems.nextNode()) != null) {
+			createPDFRequest.getSignatureInfoList().add(parsePDFSignatureInfo(sigInfoElem));
+		}
+	}
+
+	/**
+	 * Parse a <code>SingleSignatureInfo</code> DOM element.
+	 * 
+	 * @param sigInfoElem
+	 *            The <code>SingleSignatureInfo</code> DOM element to parse.
+	 * @return A <code>SingleSignatureInfo</code> API object containing the
+	 *         information of <code>sigInfoElem</code>.
+	 * @throws MOAApplicationException
+	 *             An error occurred parsing the
+	 *             <code>SingleSignatureInfo</code>.
+	 */
+	private PDFSignatureInfo parsePDFSignatureInfo(Element sigInfoElem) throws MOAApplicationException {
+
+		String signatureProfile = XPathUtils.getElementValue(sigInfoElem, SIGNATURE_PROFILE_XPATH, null);
+		String signaturePosition = XPathUtils.getElementValue(sigInfoElem, SIGNATURE_POSITION_XPATH, null);
+		String signatureID = XPathUtils.getElementValue(sigInfoElem, SIGNATURE_ID_XPATH, null);
+		
+
+		Element base64ContentElem = (Element) XPathUtils.selectSingleNode(sigInfoElem, PDF_DOCUMENT_XPATH);
+		String base64Str = DOMUtils.getText(base64ContentElem);
+		try {
+			byte[] inputPDF = Base64Utils.decode(base64Str, true);
+			PDFSignatureInfo PDFSignatureInfo = new PDFSignatureInfo(inputPDF,
+					signatureProfile, signaturePosition, signatureID);
+			
+			return PDFSignatureInfo;
+		} catch (IOException e) {
+			throw new MOAApplicationException("2244", null, e);
+		}
+		
+	}
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFSignatureResponseBuilder.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFSignatureResponseBuilder.java
new file mode 100644
index 0000000..78586ba
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/CreatePDFSignatureResponseBuilder.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+import java.io.IOException;
+import java.util.Iterator;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.xmlbind.ResponseBuilderUtils;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Convert a <code>CreateCMSSignatureResponse</code> API object into its XML
+ * representation, according to the MOA XML schema.
+ * 
+ * @version $Id$
+ */
+public class CreatePDFSignatureResponseBuilder {
+	private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+	private static final Logger logger = LoggerFactory.getLogger(CreatePDFSignatureResponseBuilder.class);
+	
+	/** The XML document containing the response element. */
+	private Document responseDoc;
+	/** The response <code>CreateCMSSignatureResponse</code> DOM element. */
+	private Element responseElem;
+
+	/**
+	 * Create a new <code>CreateCMSSignatureResponseBuilder</code>:
+	 * 
+	 * @throws MOASystemException
+	 *             An error occurred setting up the resulting XML document.
+	 */
+	public CreatePDFSignatureResponseBuilder() throws MOASystemException {
+		responseDoc = ResponseBuilderUtils.createResponse("CreatePDFSignatureResponse");
+		responseElem = responseDoc.getDocumentElement();
+	}
+
+	/**
+	 * Build a document containing a <code>CreateCMSSignatureResponse</code> DOM
+	 * element being the XML representation of the given
+	 * <code>CreateCMSSignatureResponse</code> API object.
+	 * 
+	 * @param response
+	 *            The <code>CreateCMSSignatureResponse</code> to convert to XML.
+	 * @return A document containing the <code>CreateCMSSignatureResponse</code>
+	 *         DOM element.
+	 */
+	public Document build(CreatePDFRespone response) {
+		Iterator<SignedPDFInfo> iter = response.getSignatureInfoList().iterator();
+
+		while (iter.hasNext()) {
+			SignedPDFInfo signedPDFInfo = iter.next();
+			addPDFSignature(signedPDFInfo);
+		}
+
+		return responseDoc;
+	}
+
+	/**
+	 * Add a <code>CMSSignature</code> element to the response.
+	 * 
+	 * @param cmsSignatureResponse
+	 *            The content to put under the <code>CMSSignature</code>
+	 *            element.
+	 */
+	private void addPDFSignature(SignedPDFInfo signedPDFInfo) {
+		Element pdfSignature = responseDoc.createElementNS(MOA_NS_URI, "PDFSignature");
+		
+		if(signedPDFInfo.getSignatureID() != null) {
+			Element signatureID = responseDoc.createElementNS(MOA_NS_URI, "SignatureID");
+			signatureID.setTextContent(signedPDFInfo.getSignatureID());
+			pdfSignature.appendChild(signatureID);
+		}
+		
+		switch (signedPDFInfo.getResponseType()) {
+		case SignedPDFInfo.SUCCESS_SIGNATURE:
+			pdfSignature.appendChild(addSuccessSignature(signedPDFInfo));
+			break;
+
+		default:
+			pdfSignature.appendChild(addErrorResponse(signedPDFInfo));
+			break;
+		}
+
+		responseElem.appendChild(pdfSignature);
+	}
+	
+	private Element addSuccessSignature(SignedPDFInfo signedPDFInfo) {
+		try {
+			String base64Value = Base64Utils.encode(signedPDFInfo.getPdfDocument());
+			Element cmsSignature = responseDoc.createElementNS(MOA_NS_URI, "PDFSignature");
+			cmsSignature.setTextContent(base64Value);
+
+			return cmsSignature;
+		} catch (IOException e) {
+			logger.error("Failed to encode pdf signature", e);
+			signedPDFInfo.setErrorCode(2300);
+			signedPDFInfo.setErrorInfo("Failed to encode the signed document");
+			return addErrorResponse(signedPDFInfo);
+		}
+
+		
+	}
+
+	/**
+	 * Add a <code>ErrorResponse</code> element to the response.
+	 * 
+	 * @param errorResponse
+	 *            The API object containing the information to put into the
+	 *            <code>ErrorResponse</code> DOM element.
+	 */
+	private Element addErrorResponse(SignedPDFInfo signedPDFInfo) {
+		Element errorElem = responseDoc.createElementNS(MOA_NS_URI, "ErrorResponse");
+		Element errorCodeElem = responseDoc.createElementNS(MOA_NS_URI, "ErrorCode");
+		Element infoElem = responseDoc.createElementNS(MOA_NS_URI, "Info");
+		String errorCodeStr = Integer.toString(signedPDFInfo.getErrorCode());
+
+		errorCodeElem.appendChild(responseDoc.createTextNode(errorCodeStr));
+		errorElem.appendChild(errorCodeElem);
+		infoElem.appendChild(responseDoc.createTextNode(signedPDFInfo.getErrorInfo()));
+		errorElem.appendChild(errorCodeElem);
+		errorElem.appendChild(infoElem);
+		
+		return errorElem;
+	}
+
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/PDFSignatureInfo.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/PDFSignatureInfo.java
new file mode 100644
index 0000000..fd2be7c
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/PDFSignatureInfo.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+public class PDFSignatureInfo {
+	private String signatureProfile = null;
+	private String signaturePosition = null;
+	private String signatureID = null;
+	private byte[] pdfDocument = null;
+	
+	public PDFSignatureInfo(byte[] pdfDocument, 
+			String signatureProfile, String signaturePosition, 
+			String signatureID) {
+		this.pdfDocument = pdfDocument;
+		this.signatureProfile = signatureProfile;
+		this.signaturePosition = signaturePosition;
+		this.signatureID = signatureID;
+	}
+
+	public synchronized String getSignatureProfile() {
+		return signatureProfile;
+	}
+
+	public synchronized String getSignaturePosition() {
+		return signaturePosition;
+	}
+
+	public synchronized String getSignatureID() {
+		return signatureID;
+	}
+
+	public synchronized byte[] getPdfDocument() {
+		return pdfDocument;
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/SignedPDFInfo.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/SignedPDFInfo.java
new file mode 100644
index 0000000..a950006
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/SignedPDFInfo.java
@@ -0,0 +1,53 @@
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+public class SignedPDFInfo {
+	
+	public static final int SUCCESS_SIGNATURE = 0;
+	public static final int ERROR_RESPONSE = 1;
+	
+	private String signatureID = null;
+	private byte[] pdfDocument = null;
+	private int responseType = ERROR_RESPONSE;
+	private int errorCode = 0;
+	private String errorInfo = null;
+	
+	public SignedPDFInfo(String signatureID) {
+		this.signatureID = signatureID;
+	}
+	
+	public synchronized void setPdfDocument(byte[] pdfDocument) {
+		this.pdfDocument = pdfDocument;
+	}
+
+	public synchronized String getSignatureID() {
+		return signatureID;
+	}
+
+	public synchronized byte[] getPdfDocument() {
+		return pdfDocument;
+	}
+	
+	public synchronized void setResponseType(int responseType) {
+		this.responseType = responseType;
+	}
+
+	public int getResponseType() {
+		return this.responseType;
+	}
+
+	public synchronized int getErrorCode() {
+		return errorCode;
+	}
+
+	public synchronized void setErrorCode(int errorCode) {
+		this.errorCode = errorCode;
+	}
+
+	public synchronized String getErrorInfo() {
+		return errorInfo;
+	}
+
+	public synchronized void setErrorInfo(String errorInfo) {
+		this.errorInfo = errorInfo;
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFRequest.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFRequest.java
new file mode 100644
index 0000000..c9ca89d
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFRequest.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+import java.util.Date;
+
+public class VerifyPDFRequest {
+	private Date dateTime;
+	private byte[] signedPDF;
+	private String trustProfileID;
+	
+	public VerifyPDFRequest() {
+	}
+
+	public synchronized Date getDateTime() {
+		return dateTime;
+	}
+
+	public synchronized void setDateTime(Date dateTime) {
+		this.dateTime = dateTime;
+	}
+
+	public synchronized byte[] getSignedPDF() {
+		return signedPDF;
+	}
+
+	public synchronized void setSignedPDF(byte[] signedPDF) {
+		this.signedPDF = signedPDF;
+	}
+
+	public synchronized String getTrustProfileID() {
+		return trustProfileID;
+	}
+
+	public synchronized void setTrustProfileID(String trustProfileID) {
+		this.trustProfileID = trustProfileID;
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFRequestParser.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFRequestParser.java
new file mode 100644
index 0000000..7601b31
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFRequestParser.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+import java.io.IOException;
+import java.util.Date;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.xmlbind.RequestParserUtils;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+public class VerifyPDFRequestParser {
+
+	//
+	// XPath expressions for selecting parts of the DOM message
+	//
+	private static final String MOA = Constants.MOA_PREFIX + ":";
+	private static final String DATE_TIME_XPATH = MOA + "DateTime";
+	private static final String PDF_SIGNATURE_XPATH = MOA + "PDFSignature";
+	private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID";
+
+	public VerifyPDFRequest parse(Element requestElem) throws MOAApplicationException {
+
+		VerifyPDFRequest verifyPDFRequest = new VerifyPDFRequest();
+		
+		Date dateTime = RequestParserUtils.parseDateTime(requestElem, DATE_TIME_XPATH);
+		byte[] signedPDF = null;
+		try {
+			signedPDF = parsePDF(requestElem);
+		} catch (IOException e) {
+			throw new MOAApplicationException("Failed to extract signed pdf data", null, e);
+		}
+		String trustProfileID = XPathUtils.getElementValue(requestElem, TRUST_PROFILE_ID_XPATH, null);
+		verifyPDFRequest.setDateTime(dateTime);
+		verifyPDFRequest.setSignedPDF(signedPDF);
+		verifyPDFRequest.setTrustProfileID(trustProfileID);
+
+		return verifyPDFRequest;
+	}
+
+	/**
+	 * Parse the content contained in a <code>CMSContentBaseType</code> kind of
+	 * DOM element.
+	 * 
+	 * @param contentElem
+	 *            The <code>CMSContentBaseType</code> kind of element to parse.
+	 * @return A <code>CMSDataObject</code> API object containing the data from
+	 *         the given DOM element.
+	 * @throws IOException 
+	 */
+	private byte[] parsePDF(Element contentElem) throws IOException {
+		Element base64ContentElem = (Element) XPathUtils.selectSingleNode(contentElem, PDF_SIGNATURE_XPATH);
+
+		String base64Str = DOMUtils.getText(base64ContentElem);
+		return Base64Utils.decode(base64Str, true);
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFResponse.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFResponse.java
new file mode 100644
index 0000000..76746cf
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFResponse.java
@@ -0,0 +1,20 @@
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+import java.util.List;
+
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+
+public class VerifyPDFResponse {
+	private List<VerifyResult> verificationResults = null;
+
+	public VerifyPDFResponse() {
+	}
+
+	public synchronized List<VerifyResult> getVerificationResults() {
+		return verificationResults;
+	}
+
+	public synchronized void setVerificationResults(List<VerifyResult> verificationResults) {
+		this.verificationResults = verificationResults;
+	}
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFResponseBuilder.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFResponseBuilder.java
new file mode 100644
index 0000000..705eff6
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/xmlbind/VerifyPDFResponseBuilder.java
@@ -0,0 +1,110 @@
+package at.gv.egovernment.moa.spss.server.xmlbind;
+
+import java.util.Iterator;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.xmlbind.ResponseBuilderUtils;
+import at.gv.egovernment.moa.spss.server.pdfas.ExtendedVerifyResult;
+import at.gv.egovernment.moa.util.Constants;
+
+public class VerifyPDFResponseBuilder {
+	private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+	//private static final Logger logger = LoggerFactory.getLogger(VerifyPDFResponseBuilder.class);
+
+	/** The XML document containing the response element. */
+	private Document responseDoc;
+	/** The response <code>CreateCMSSignatureResponse</code> DOM element. */
+	private Element responseElem;
+
+	/**
+	 * Create a new <code>CreateCMSSignatureResponseBuilder</code>:
+	 * 
+	 * @throws MOASystemException
+	 *             An error occurred setting up the resulting XML document.
+	 */
+	public VerifyPDFResponseBuilder() throws MOASystemException {
+		responseDoc = ResponseBuilderUtils.createResponse("VerifyPDFSignatureResponse");
+		responseElem = responseDoc.getDocumentElement();
+	}
+
+	/**
+	 * Build a document containing a <code>CreateCMSSignatureResponse</code> DOM
+	 * element being the XML representation of the given
+	 * <code>CreateCMSSignatureResponse</code> API object.
+	 * 
+	 * @param response
+	 *            The <code>CreateCMSSignatureResponse</code> to convert to XML.
+	 * @return A document containing the <code>CreateCMSSignatureResponse</code>
+	 *         DOM element.
+	 */
+	public Document build(VerifyPDFResponse response) throws MOAException {
+		if(response.getVerificationResults() == null) {
+			throw new MOAApplicationException("No verification results available", null);
+		}
+		Iterator<VerifyResult> iter = response.getVerificationResults().iterator();
+
+		while (iter.hasNext()) {
+			VerifyResult verifyResult = iter.next();
+			addVerifyResult(verifyResult);
+		}
+
+		return responseDoc;
+	}
+	
+	private void addVerifyResult(VerifyResult verifyResult) throws MOAApplicationException {
+		Element pdfSignature = responseDoc.createElementNS(MOA_NS_URI, "SignatureResult");
+		
+		
+		String qcSource = null;
+		String publicAuthorityID = null;
+		String sscdSource = null;
+		boolean isPublicAuthority = false;
+		boolean isSSCD = false;
+		String issureCountryCode = null;
+		
+		if(verifyResult instanceof ExtendedVerifyResult) {
+			ExtendedVerifyResult extendedVerifyResult = (ExtendedVerifyResult)verifyResult;
+			
+			qcSource = extendedVerifyResult.getQcSource();
+			publicAuthorityID = extendedVerifyResult.getPublicAuthorityID();
+			sscdSource = extendedVerifyResult.getQcSource();
+			issureCountryCode = extendedVerifyResult.getIssureCountryCode();
+			
+			isPublicAuthority = extendedVerifyResult.isPublicAuthority();
+			isSSCD = extendedVerifyResult.isSSCD();
+		}
+		
+		ResponseBuilderUtils.addSignerInfo(responseDoc, pdfSignature, 
+				verifyResult.getSignerCertificate(), 
+				verifyResult.isQualifiedCertificate(), 
+				qcSource, 
+				isPublicAuthority, 
+				publicAuthorityID, 
+				isSSCD, 
+				sscdSource, 
+				issureCountryCode);
+		
+		ResponseBuilderUtils.addCodeInfoElement(
+			      responseDoc,
+			      pdfSignature,
+			      "SignatureCheck",
+			      verifyResult.getValueCheckCode().getCode(),
+			      (String)null);
+
+			    ResponseBuilderUtils.addCodeInfoElement(
+			      responseDoc,
+			      pdfSignature,
+			      "CertificateCheck",
+			      verifyResult.getCertificateCheck().getCode(),
+			      (String)null);
+
+		responseElem.appendChild(pdfSignature);
+	}
+}
diff --git a/moaSig/moa-sig/src/main/resources/META-INF/services/at.gv.egiz.pdfas.lib.impl.verify.IVerifier b/moaSig/moa-sig/src/main/resources/META-INF/services/at.gv.egiz.pdfas.lib.impl.verify.IVerifier
new file mode 100644
index 0000000..ae55130
--- /dev/null
+++ b/moaSig/moa-sig/src/main/resources/META-INF/services/at.gv.egiz.pdfas.lib.impl.verify.IVerifier
@@ -0,0 +1 @@
+at.gv.egovernment.moa.spss.server.pdfas.InternalMoaVerifier
\ No newline at end of file
diff --git a/moaSig/moa-sig/src/main/resources/META-INF/services/at.gv.egovernment.moa.spss.server.init.ExternalInitializer b/moaSig/moa-sig/src/main/resources/META-INF/services/at.gv.egovernment.moa.spss.server.init.ExternalInitializer
new file mode 100644
index 0000000..5b483c6
--- /dev/null
+++ b/moaSig/moa-sig/src/main/resources/META-INF/services/at.gv.egovernment.moa.spss.server.init.ExternalInitializer
@@ -0,0 +1 @@
+at.gv.egovernment.moa.spss.server.initializer.PDFASInitializer
\ No newline at end of file
diff --git a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl
new file mode 100644
index 0000000..03b14ba
--- /dev/null
+++ b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.wsdl
@@ -0,0 +1,174 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!-- 

+  Web Service Description for MOA SP/SS 1.4

+-->

+<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">

+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../schemas/MOA-SPSS-2.0.0.xsd"/>

+	<message name="CreateCMSSignatureInput">

+		<part name="body" element="moa:CreateCMSSignatureRequest"/>

+	</message>

+	<message name="CreateCMSSignatureOutput">

+		<part name="body" element="moa:CreateCMSSignatureResponse"/>

+	</message>

+	<message name="CreatePDFSignatureInput">

+		<part name="body" element="moa:CreatePDFSignatureRequest"/>

+	</message>

+	<message name="CreatePDFSignatureOutput">

+		<part name="body" element="moa:CreatePDFSignatureResponse"/>

+	</message>

+	<message name="CreateXMLSignatureInput">

+		<part name="body" element="moa:CreateXMLSignatureRequest"/>

+	</message>

+	<message name="CreateXMLSignatureOutput">

+		<part name="body" element="moa:CreateXMLSignatureResponse"/>

+	</message>

+	<message name="VerifyCMSSignatureInput">

+		<part name="body" element="moa:VerifyCMSSignatureRequest"/>

+	</message>

+	<message name="VerifyCMSSignatureOutput">

+		<part name="body" element="moa:VerifyCMSSignatureResponse"/>

+	</message>

+	<message name="VerifyPDFSignatureInput">

+		<part name="body" element="moa:VerifyPDFSignatureRequest"/>

+	</message>

+	<message name="VerifyPDFSignatureOutput">

+		<part name="body" element="moa:VerifyPDFSignatureResponse"/>

+	</message>

+	<message name="VerifyXMLSignatureInput">

+		<part name="body" element="moa:VerifyXMLSignatureRequest"/>

+	</message>

+	<message name="VerifyXMLSignatureOutput">

+		<part name="body" element="moa:VerifyXMLSignatureResponse"/>

+	</message>

+	<message name="MOAFault">

+		<part name="body" element="moa:ErrorResponse"/>

+	</message>

+	<portType name="SignatureCreationPortType">

+		<operation name="createXMLSignature">

+			<input message="tns:CreateXMLSignatureInput"/>

+			<output message="tns:CreateXMLSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+		<operation name="createCMSSignature">

+			<input message="tns:CreateCMSSignatureInput"/>

+			<output message="tns:CreateCMSSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+		<operation name="createPDFSignature">

+			<input message="tns:CreatePDFSignatureInput"/>

+			<output message="tns:CreatePDFSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+	</portType>

+	<portType name="SignatureVerificationPortType">

+		<operation name="verifyCMSSignature">

+			<input message="tns:VerifyCMSSignatureInput"/>

+			<output message="tns:VerifyCMSSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+		<operation name="verifyXMLSignature">

+			<input message="tns:VerifyXMLSignatureInput"/>

+			<output message="tns:VerifyXMLSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+		<operation name="verifyPDFSignature">

+			<input message="tns:VerifyPDFSignatureInput"/>

+			<output message="tns:VerifyPDFSignatureOutput"/>

+			<fault name="MOAFault" message="tns:MOAFault"/>

+		</operation>

+	</portType>

+	<binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">

+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

+		<operation name="createXMLSignature">

+			<soap:operation soapAction="urn:CreateXMLSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<!-- soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/-->

+			</fault>

+		</operation>

+		<operation name="createCMSSignature">

+			<soap:operation soapAction="urn:CreateCMSSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<!-- soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/-->

+			</fault>

+		</operation>

+		<operation name="createPDFSignature">

+			<soap:operation soapAction="urn:CreatePDFSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<!-- soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/-->

+			</fault>

+		</operation>

+	</binding>

+	<binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">

+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

+		<operation name="verifyCMSSignature">

+			<soap:operation soapAction="urn:VerifyCMSSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<!-- soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/-->

+			</fault>

+		</operation>

+		<operation name="verifyXMLSignature">

+			<soap:operation soapAction="urn:VerifyXMLSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<!-- soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/-->

+			</fault>

+		</operation>

+		<operation name="verifyPDFSignature">

+			<soap:operation soapAction="urn:VerifyPDFSignatureAction"/>

+			<input>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</input>

+			<output>

+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>

+			</output>

+			<fault name="MOAFault">

+				<!-- soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/-->

+			</fault>

+		</operation>

+	</binding>

+	<service name="SignatureCreationService">

+		<port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">

+			<!--

+        Please note that the location URL must be adapted to the actual service URL.

+      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>

+      -->

+		</port>

+	</service>

+	<service name="SignatureVerificationService">

+		<port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">

+			<!--

+        Please note that the location URL must be adapted to the actual service URL.

+      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>

+      -->

+		</port>

+	</service>

+</definitions>

diff --git a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
new file mode 100644
index 0000000..3b852ca
--- /dev/null
+++ b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
@@ -0,0 +1,649 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  MOA SP/SS 2.0.0 Schema
+-->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create CMS Signature ###-->
+	<!--### Create CMS Signature Request ###-->
+	<xsd:element name="CreateCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateCMSSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="CMSDataObjectInfoType"/>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create CMS Signature Response ###-->
+	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+	<xsd:complexType name="CreateCMSSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--########## Create XML Signature ###-->
+	<!--### Create XML Signature Request ###-->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ###-->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Create PDF Signature ###-->
+	<!--### Create PDF Signature Request ###-->
+	<xsd:element name="CreatePDFSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreatePDFSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreatePDFSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="PDFDocument" type="xsd:base64Binary"/>
+						<xsd:element name="SignatureProfile" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+						<xsd:element name="SignaturePosition" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+						<xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create PDF Signature Response ###-->
+	<xsd:element name="CreatePDFSignatureResponse" type="CreatePDFSignatureResponseType"/>
+	<xsd:complexType name="CreatePDFSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="PDFSignature" type="PDFSignedRepsonse" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify CMS Signature ###-->
+	<!--### Verifiy CMS Signature Request ###-->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify PDF Signature ###-->
+	<!--### Verifiy PDF Signature Request ###-->
+	<xsd:element name="VerifyPDFSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyPDFSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyPDFSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="PDFSignature" type="xsd:base64Binary"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyPDFSignatureResponse" type="VerifyPDFSignatureResponseType"/>
+	<xsd:complexType name="VerifyPDFSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignatureResult" type="PDFSignatureResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PDFSignatureResultType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ###-->
+	<!--### Verify XML Signature Request ###-->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ###-->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PDFSignedRepsonse">
+		<xsd:sequence>
+			<xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+			<xsd:choice maxOccurs="1">
+				<xsd:element name="PDFSignature" type="xsd:base64Binary">
+					<xsd:annotation>
+						<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element ref="ErrorResponse"/>
+			</xsd:choice>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectRequiredMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ###-->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ###-->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent>
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="SecureSignatureCreationDevice">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="IssuingCountry" type="xsd:token"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
\ No newline at end of file
diff --git a/moaSig/moa-sig/src/main/webapp/META-INF/MANIFEST.MF b/moaSig/moa-sig/src/main/webapp/META-INF/MANIFEST.MF
new file mode 100644
index 0000000..5e94951
--- /dev/null
+++ b/moaSig/moa-sig/src/main/webapp/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0

+Class-Path: 

+

diff --git a/moaSig/moa-sig/src/main/webapp/WEB-INF/server-config.wsdd b/moaSig/moa-sig/src/main/webapp/WEB-INF/server-config.wsdd
new file mode 100644
index 0000000..ef473b1
--- /dev/null
+++ b/moaSig/moa-sig/src/main/webapp/WEB-INF/server-config.wsdd
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<!--

+  Axis Deployment Descriptor for MOA SP/SS 2

+-->

+<deployment name="defaultClientConfig"

+            xmlns="http://xml.apache.org/axis/wsdd/"

+            xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"

+            xmlns:handler="http://xml.apache.org/axis/wsdd/providers/handler">

+

+  <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>

+  <handler name="MsgDispatcher" type="java:org.apache.axis.providers.java.MsgProvider"/>

+  <handler name="HTTPAuthHandler" type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>

+  <handler name="MOAHandler" type="java:at.gv.egovernment.moa.spss.server.service.AxisHandler"/>

+

+  <service name="SignatureCreation" provider="java:MSG">

+    <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>

+    <parameter name="allowedMethods" value="CreateCMSSignatureRequest CreateXMLSignatureRequest CreatePDFSignatureRequest"/>

+    <parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureCreationService"/>

+    <wsdlFile>/resources/schemas/MOA-SPSS-2.0.0.wsdl</wsdlFile>

+    

+    <requestFlow>

+      <handler type="MOAHandler"/>

+    </requestFlow>

+    <responseFlow>

+      <handler type="MOAHandler"/>

+    </responseFlow>

+  </service>

+

+  <service name="SignatureVerification" provider="java:MSG">

+    <namespace>http://reference.e-government.gv.at/namespace/moa/20020822#</namespace>

+    <parameter name="allowedMethods" value="VerifyCMSSignatureRequest VerifyXMLSignatureRequest VerifyPDFSignatureRequest"/>

+    <parameter name="className" value="at.gv.egovernment.moa.spss.server.service.SignatureVerificationService"/>

+        <wsdlFile>/resources/schemas/MOA-SPSS-2.0.0.wsdl</wsdlFile>

+    <requestFlow>

+      <handler type="MOAHandler"/>

+    </requestFlow>

+    <responseFlow>

+      <handler type="MOAHandler"/>

+    </responseFlow>

+  </service>

+

+  <transport name="http">

+    <requestFlow>

+      <handler type="URLMapper"/>

+      <handler type="HTTPAuthHandler"/>

+    </requestFlow>

+  </transport>

+

+</deployment>

diff --git a/moaSig/moa-sig/src/main/webapp/WEB-INF/web.xml b/moaSig/moa-sig/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..5de9f1d
--- /dev/null
+++ b/moaSig/moa-sig/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE web-app
+    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+    "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+  <display-name>MOA SP-SS</display-name>
+  <description>MOA Signature Creation and Verification Services</description>
+  <servlet>
+    <servlet-name>ConfigurationServlet</servlet-name>
+    <display-name>MOA Configuration Servlet</display-name>
+    <servlet-class>at.gv.egovernment.moa.spss.server.service.ConfigurationServlet</servlet-class>
+    <load-on-startup>0</load-on-startup>
+  </servlet>
+  <servlet>
+    <servlet-name>AxisServlet</servlet-name>
+    <display-name>Apache-Axis Servlet</display-name>
+    <servlet-class>
+      org.apache.axis.transport.http.AxisServlet
+    </servlet-class>
+  </servlet>
+  <servlet>
+      <servlet-name>CertificateProviderServlet</servlet-name>
+    <display-name>MOA Certificate Provider Servlet</display-name>
+    <servlet-class>at.gv.egovernment.moa.spss.server.service.CertificateProviderServlet</servlet-class>
+    <load-on-startup>0</load-on-startup>
+  </servlet>
+  <servlet-mapping>
+    <servlet-name>AxisServlet</servlet-name>
+    <url-pattern>/services/*</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>ConfigurationServlet</servlet-name>
+    <url-pattern>/ConfigurationUpdate</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>CertificateProviderServlet</servlet-name>
+    <url-pattern>/Certificate</url-pattern>
+  </servlet-mapping>
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>ConfigurationUpdate</web-resource-name>
+      <url-pattern>/ConfigurationUpdate</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>moa-admin</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>UserDatabase</realm-name>
+  </login-config>
+
+  <security-role>
+    <description>
+      The role that is required to log in to the moa Application
+    </description>
+    <role-name>moa-admin</role-name>
+  </security-role>
+</web-app>
diff --git a/moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-2.0.0.xsd b/moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-2.0.0.xsd
new file mode 100644
index 0000000..3b852ca
--- /dev/null
+++ b/moaSig/moa-sig/src/main/webapp/schemas/MOA-SPSS-2.0.0.xsd
@@ -0,0 +1,649 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  MOA SP/SS 2.0.0 Schema
+-->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create CMS Signature ###-->
+	<!--### Create CMS Signature Request ###-->
+	<xsd:element name="CreateCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateCMSSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="CMSDataObjectInfoType"/>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create CMS Signature Response ###-->
+	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+	<xsd:complexType name="CreateCMSSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--########## Create XML Signature ###-->
+	<!--### Create XML Signature Request ###-->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ###-->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Create PDF Signature ###-->
+	<!--### Create PDF Signature Request ###-->
+	<xsd:element name="CreatePDFSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreatePDFSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreatePDFSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="PDFDocument" type="xsd:base64Binary"/>
+						<xsd:element name="SignatureProfile" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+						<xsd:element name="SignaturePosition" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+						<xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create PDF Signature Response ###-->
+	<xsd:element name="CreatePDFSignatureResponse" type="CreatePDFSignatureResponseType"/>
+	<xsd:complexType name="CreatePDFSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="PDFSignature" type="PDFSignedRepsonse" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify CMS Signature ###-->
+	<!--### Verifiy CMS Signature Request ###-->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify PDF Signature ###-->
+	<!--### Verifiy PDF Signature Request ###-->
+	<xsd:element name="VerifyPDFSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyPDFSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyPDFSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="PDFSignature" type="xsd:base64Binary"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyPDFSignatureResponse" type="VerifyPDFSignatureResponseType"/>
+	<xsd:complexType name="VerifyPDFSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignatureResult" type="PDFSignatureResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PDFSignatureResultType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ###-->
+	<!--### Verify XML Signature Request ###-->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ###-->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PDFSignedRepsonse">
+		<xsd:sequence>
+			<xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+			<xsd:choice maxOccurs="1">
+				<xsd:element name="PDFSignature" type="xsd:base64Binary">
+					<xsd:annotation>
+						<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element ref="ErrorResponse"/>
+			</xsd:choice>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectRequiredMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ###-->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ###-->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent>
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="SecureSignatureCreationDevice">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="IssuingCountry" type="xsd:token"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
\ No newline at end of file
diff --git a/moaSig/settings.gradle b/moaSig/settings.gradle
new file mode 100644
index 0000000..a4a167b
--- /dev/null
+++ b/moaSig/settings.gradle
@@ -0,0 +1,2 @@
+
+include "common", "moa-sig", "moa-sig-lib"