aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2022-09-15 09:16:13 +0200
committerThomas <>2022-09-15 09:16:13 +0200
commitb329b436b99d78dde21ab7a338331faaa2da6f6e (patch)
treeaed1eabc56457f132306d98bf438dd79887ffe15
parenta8f469996d3e0862900588295d991abb61831d47 (diff)
downloadmoa-sig-b329b436b99d78dde21ab7a338331faaa2da6f6e.tar.gz
moa-sig-b329b436b99d78dde21ab7a338331faaa2da6f6e.tar.bz2
moa-sig-b329b436b99d78dde21ab7a338331faaa2da6f6e.zip
test(pkix): add certStore tests
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java4
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java3
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java157
-rw-r--r--moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java2
-rw-r--r--moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java82
-rw-r--r--moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java18
-rw-r--r--moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/CertificateReader.java157
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration.xml1
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_without_TSL.xml114
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/svaconfig.example2
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-05.cerbin0 -> 1586 bytes
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer36
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_1.cer27
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_2.cer27
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-05.cer35
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer35
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_1.cerbin0 -> 1165 bytes
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_2.cerbin0 -> 1165 bytes
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_3.cerbin0 -> 1166 bytes
-rw-r--r--moaSig/moa-sig/src/test/resources/testdata/pkix/chain/672C4FE428C7E1F7DB9416279E271B8671C80E23.cerbin0 -> 1438 bytes
-rw-r--r--moaSig/moa-sig/src/test/resources/testdata/pkix/chain/F86591A6D86718886A0234B8E54E21AAEA63E24B.cerbin0 -> 1586 bytes
21 files changed, 694 insertions, 6 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 533931d..5daf1a6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -1562,10 +1562,12 @@ public class ConfigurationPartsBuilder {
public boolean getAutoEEAddCertificates() {
final String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_EE_CERTIFICATES_XPATH_, null);
- if (autoAdd != null) {
+ if (autoAdd != null) {
return Boolean.valueOf(autoAdd).booleanValue();
+
} else {
return false;
+
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
index 0032dc6..a53bce8 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
@@ -211,12 +211,15 @@ public class PKIProfileImpl implements PKIProfile {
if (config.getAutoAddCertificates()) {
if (config.getAutoAddEECertificates()) {
return PKIProfile.AUTO_ADD_ENABLE;
+
} else {
return PKIProfile.AUTO_ADD_EE_DISABLE;
+
}
} else {
return PKIProfile.AUTO_ADD_DISABLE;
+
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java
new file mode 100644
index 0000000..79a0401
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java
@@ -0,0 +1,157 @@
+package at.gv.egovernment.moa.spss.util;
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pkcs.PKCS7CertList;
+import iaik.pkcs.PKCSParsingException;
+import iaik.security.provider.IAIK;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.EccProviderAdapter;
+
+// Copyright (C) 2011 IAIK
+// http://jce.iaik.at
+//
+// Copyright (C) 2011 Stiftung Secure Information and
+// Communication Technologies SIC
+// http://www.sic.st
+//
+// All rights reserved.
+//
+// This source is provided for inspection purposes and recompilation only,
+// unless specified differently in a contract with IAIK. This source has to
+// be kept in strict confidence and must not be disclosed to any third party
+// under any circumstances. Redistribution in source and binary forms, with
+// or without modification, are <not> permitted in any case!
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+// SUCH DAMAGE.
+//
+//
+
+public class CertificateReader {
+
+ /**
+ * Filter for reading certificate files from a directory.
+ * The filter accepts a file if its name ends with
+ * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot;
+ * or &quot;.pem&quot;.
+ *
+ * @author Harald Bratko
+ * @author Konrad Lanz
+ */
+ static class CertificateFileFilter implements FileFilter {
+
+ /**
+ * Accepts a file if it is not a directory and its name ends with
+ * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot; or &quot;.pem&quot;.
+ *
+ * @see java.io.FileFilter#accept(java.io.File)
+ */
+ public boolean accept(File file) {
+ String name = file.getName();
+ if (name.endsWith(".der") ||
+ name.endsWith(".cer") ||
+ name.endsWith(".crt") ||
+ name.endsWith(".pem"))
+ {
+ return true;
+ } else {
+ return false;
+ }
+ }
+ }
+
+
+
+ /**
+ * Reads the certificates from the given directory and
+ * returns the certificates as sorted list (end user certificate first).
+ * @param directory
+ * @return
+ * @throws IOException
+ * @throws FileNotFoundException
+ * @throws CertificateException
+ * @throws Exception
+ */
+ public static X509Certificate[] readCertificatesIntoArray(String directory) throws CertificateException, FileNotFoundException, IOException{
+
+ File file = new File(directory);
+ File[] certificateFiles = file.listFiles(new CertificateFileFilter());
+ int l = certificateFiles.length;
+ X509Certificate[] certs = new X509Certificate[l];
+ for (int i=0; i<certificateFiles.length; i++) {
+ X509Certificate certificate = new X509Certificate(new FileInputStream(certificateFiles[i]));
+ certs[i] = certificate;
+ }
+ //return certs;
+ return Util.arrangeCertificateChain(certs, false);
+ }
+
+ /**
+ * Reads the certificates from the given directory and
+ * returns the certificates as sorted list (end user certificate first).
+ * @param directory
+ * @return
+ * @throws IOException
+ * @throws FileNotFoundException
+ * @throws CertificateException
+ * @throws Exception
+ */
+ public static List<X509Certificate> readCertificates(String directory) throws CertificateException, FileNotFoundException, IOException{
+
+ return Arrays.asList(readCertificatesIntoArray(directory));
+ }
+
+ public static void main(String[] args) {
+ try {
+
+ IAIK.addAsJDK14Provider();
+ //IAIK.addAsProvider();
+ //Security.addProvider(new IAIK());
+
+ // install ECC provider
+ Security.addProvider(EccProviderAdapter.getEccProvider());
+
+ String dir = "target/classes/spec/examples/EU/AT/certs/on-tsl/chain/";
+ List l = readCertificates(dir);
+ Iterator<X509Certificate> it = l.iterator();
+ while (it.hasNext()) {
+ System.out.println(((X509Certificate)it.next()).getSubjectDN().getName());
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.exit(1);
+ }
+
+ }
+
+ public static X509Certificate[] p7read(File path) throws PKCSParsingException, FileNotFoundException, IOException {
+ PKCS7CertList p7certList = new PKCS7CertList(
+ new BufferedInputStream(
+ new FileInputStream(
+ path
+ )
+ )
+ );
+ return p7certList.getCertificateList();
+ }
+ } \ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java
index dd7890c..315f56e 100644
--- a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java
@@ -24,8 +24,6 @@
package test.at.gv.egovernment.moa.spss;
-import java.security.Security;
-
import test.at.gv.egovernment.moa.MOATestCase;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
index fd5b278..d0e53d3 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
@@ -7,12 +7,18 @@ import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
+import java.io.FileInputStream;
import java.io.IOException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.Date;
import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Before;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.BlockJUnit4ClassRunner;
@@ -23,8 +29,20 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.cmsverify.PDFSignatureVerificationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIModule;
+import iaik.pki.PKIResult;
+import iaik.server.cmspdfverify.CMSVerifyUtils;
+import iaik.x509.X509Certificate;
+import at.gv.egovernment.moa.spss.test.integration.utils.CertificateReader;
@RunWith(BlockJUnit4ClassRunner.class)
public class PadesIntegrationTest extends AbstractIntegrationTest {
@@ -39,6 +57,9 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
final String current = new java.io.File(".").getCanonicalPath();
System.setProperty("moa.spss.server.configuration",
current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
+ System.setProperty("iaik.esi.sva.configuration.location",
+ current + "/src/test/resources/moaspss_config/svaconfig.example");
+
moaSpssCore = SystemInitializer.init();
}
@@ -50,6 +71,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
}
+ @Ignore
@Test
public void missingTrustProfile() throws IOException {
final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
@@ -66,6 +88,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
}
+ @Ignore
@Test
public void basicValidationCadesSignature() throws MOAException, IOException {
final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
@@ -101,6 +124,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
}
+ @Ignore
@Test
public void extendedValidationCadesSignature() throws MOAException, IOException {
final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
@@ -138,12 +162,68 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
}
assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck());
- assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode());
+ assertEquals("ext. val major", 1, cmsResult.getExtendedCertificateCheck().getMajorCode());
assertEquals("ext. val major", 24, cmsResult.getExtendedCertificateCheck().getMinorCode());
assertNotNull("byteRange", cmsResult.getByteRangeOfSignature());
assertEquals("used sig alg", "SHA1withRSA", cmsResult.getSignatureAlgorithm());
}
+
+ @Ignore
+ @Test
+ public void padesLteTest() throws MOAException, IOException {
+ final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
+ IOUtils.toByteArray(new FileInputStream("/home/tlenz/Projekte/signaturprueftool/test_docs/20220623_rtr/Amtsiegel.pdf")),
+ "MOAIDBuergerkarteAuthentisierungsDaten",
+ true,
+ false);
+
+ // perform test
+ final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
+
+ // verify result
+ assertNotNull("verification result", result);
+
+ }
+
+ @Test
+ public void padesOwnTest() throws Exception {
+ final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
+ IOUtils.toByteArray(new FileInputStream("/home/tlenz/Projekte/pdfas4/testdocs/enc_own_signed_neuer.pdf")),
+ "MOAIDBuergerkarteAuthentisierungsDaten",
+ true,
+ false);
+
+ // perform test
+ final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
+
+ // verify result
+ assertNotNull("verification result", result);
+
+
+
+
+ }
+
+ @Ignore
+ @Test
+ public void pkixTest() throws Exception {
+ final String current = new java.io.File(".").getCanonicalPath();
+ X509Certificate[] chain = CertificateReader.readCertificatesIntoArray(current + "/src/test/resources/testdata/pkix/chain/");
+
+ PKIModule pkiModule = PKIFactory.getInstance().getPKIModule(
+ new PKIProfileImpl(ConfigurationProvider.getInstance(), "MOAIDBuergerkarteAuthentisierungsDaten"));
+ PKIResult pkiResult = pkiModule.validateCertificate(
+ new Date(),
+ (X509Certificate) chain[0],
+ (X509Certificate[]) ArrayUtils.subarray(chain, 1, chain.length),
+ (boolean[])null,
+ new TransactionId("aabbccdd"));
+
+ System.out.print("Finished");
+
+ }
+
}
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java
index 20b130a..50ad14e 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java
@@ -6,6 +6,7 @@ import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
+import java.io.FileInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
@@ -40,7 +41,6 @@ import at.gv.egovernment.moa.spss.server.monitoring.ServiceStatusContainer;
import at.gv.egovernment.moa.spss.test.integration.AbstractIntegrationTest;
@RunWith(BlockJUnit4ClassRunner.class)
-@Ignore
public class OfficialEuTslTest extends AbstractIntegrationTest {
CMSSignatureVerificationInvoker cadesInvoker;
@@ -162,4 +162,20 @@ public class OfficialEuTslTest extends AbstractIntegrationTest {
}
+ @Test
+ public void padesLteTest() throws MOAException, IOException {
+ final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
+ IOUtils.toByteArray(new FileInputStream("/home/tlenz/Projekte/signaturprueftool/test_docs/20220623_rtr/Amtsiegel.pdf")),
+ "OnlyTSL",
+ true,
+ true);
+
+ // perform test
+ final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
+
+ // verify result
+ assertNotNull("verification result", result);
+
+ }
+
}
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/CertificateReader.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/CertificateReader.java
new file mode 100644
index 0000000..db5d55f
--- /dev/null
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/CertificateReader.java
@@ -0,0 +1,157 @@
+package at.gv.egovernment.moa.spss.test.integration.utils;
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pkcs.PKCS7CertList;
+import iaik.pkcs.PKCSParsingException;
+import iaik.security.provider.IAIK;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.EccProviderAdapter;
+
+// Copyright (C) 2011 IAIK
+// http://jce.iaik.at
+//
+// Copyright (C) 2011 Stiftung Secure Information and
+// Communication Technologies SIC
+// http://www.sic.st
+//
+// All rights reserved.
+//
+// This source is provided for inspection purposes and recompilation only,
+// unless specified differently in a contract with IAIK. This source has to
+// be kept in strict confidence and must not be disclosed to any third party
+// under any circumstances. Redistribution in source and binary forms, with
+// or without modification, are <not> permitted in any case!
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+// SUCH DAMAGE.
+//
+//
+
+public class CertificateReader {
+
+ /**
+ * Filter for reading certificate files from a directory.
+ * The filter accepts a file if its name ends with
+ * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot;
+ * or &quot;.pem&quot;.
+ *
+ * @author Harald Bratko
+ * @author Konrad Lanz
+ */
+ static class CertificateFileFilter implements FileFilter {
+
+ /**
+ * Accepts a file if it is not a directory and its name ends with
+ * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot; or &quot;.pem&quot;.
+ *
+ * @see java.io.FileFilter#accept(java.io.File)
+ */
+ public boolean accept(File file) {
+ String name = file.getName();
+ if (name.endsWith(".der") ||
+ name.endsWith(".cer") ||
+ name.endsWith(".crt") ||
+ name.endsWith(".pem"))
+ {
+ return true;
+ } else {
+ return false;
+ }
+ }
+ }
+
+
+
+ /**
+ * Reads the certificates from the given directory and
+ * returns the certificates as sorted list (end user certificate first).
+ * @param directory
+ * @return
+ * @throws IOException
+ * @throws FileNotFoundException
+ * @throws CertificateException
+ * @throws Exception
+ */
+ public static X509Certificate[] readCertificatesIntoArray(String directory) throws CertificateException, FileNotFoundException, IOException{
+
+ File file = new File(directory);
+ File[] certificateFiles = file.listFiles(new CertificateFileFilter());
+ int l = certificateFiles.length;
+ X509Certificate[] certs = new X509Certificate[l];
+ for (int i=0; i<certificateFiles.length; i++) {
+ X509Certificate certificate = new X509Certificate(new FileInputStream(certificateFiles[i]));
+ certs[i] = certificate;
+ }
+ //return certs;
+ return Util.arrangeCertificateChain(certs, false);
+ }
+
+ /**
+ * Reads the certificates from the given directory and
+ * returns the certificates as sorted list (end user certificate first).
+ * @param directory
+ * @return
+ * @throws IOException
+ * @throws FileNotFoundException
+ * @throws CertificateException
+ * @throws Exception
+ */
+ public static List<X509Certificate> readCertificates(String directory) throws CertificateException, FileNotFoundException, IOException{
+
+ return Arrays.asList(readCertificatesIntoArray(directory));
+ }
+
+ public static void main(String[] args) {
+ try {
+
+ IAIK.addAsJDK14Provider();
+ //IAIK.addAsProvider();
+ //Security.addProvider(new IAIK());
+
+ // install ECC provider
+ Security.addProvider(EccProviderAdapter.getEccProvider());
+
+ String dir = "target/classes/spec/examples/EU/AT/certs/on-tsl/chain/";
+ List l = readCertificates(dir);
+ Iterator<X509Certificate> it = l.iterator();
+ while (it.hasNext()) {
+ System.out.println(((X509Certificate)it.next()).getSubjectDN().getName());
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.exit(1);
+ }
+
+ }
+
+ public static X509Certificate[] p7read(File path) throws PKCSParsingException, FileNotFoundException, IOException {
+ PKCS7CertList p7certList = new PKCS7CertList(
+ new BufferedInputStream(
+ new FileInputStream(
+ path
+ )
+ )
+ );
+ return p7certList.getCertificateList();
+ }
+ } \ No newline at end of file
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration.xml
index 44a04fa..f6abbb7 100644
--- a/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration.xml
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration.xml
@@ -40,6 +40,7 @@
<cfg:CertificateValidation>
<cfg:PathConstruction>
<cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
+ <cfg:AutoAddEECertificates>false</cfg:AutoAddEECertificates>
<cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
<cfg:CertificateStore>
<cfg:DirectoryStore>
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_without_TSL.xml b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_without_TSL.xml
new file mode 100644
index 0000000..772a327
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_without_TSL.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper-->
+<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<cfg:Common>
+ <cfg:PermitExternalUris>
+ <cfg:BlackListUri>
+ <cfg:IP>192.168</cfg:IP>
+ </cfg:BlackListUri>
+ </cfg:PermitExternalUris>
+ </cfg:Common>
+
+ <cfg:SignatureCreation>
+ <cfg:KeyModules>
+ <cfg:SoftwareKeyModule>
+ <cfg:Id>SKM_junit</cfg:Id>
+ <cfg:FileName>keys/junit_signing.p12</cfg:FileName>
+ <cfg:Password>nichts</cfg:Password>
+ </cfg:SoftwareKeyModule>
+ </cfg:KeyModules>
+ <cfg:KeyGroup>
+ <cfg:Id>KG_junit</cfg:Id>
+ <cfg:Key>
+ <cfg:KeyModuleId>SKM_junit</cfg:KeyModuleId>
+ <cfg:KeyCertIssuerSerial>
+ <dsig:X509IssuerName>CN=MOA-SPSS signing,OU=jUnit Tests,O=EGIZ,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1619541256</dsig:X509SerialNumber>
+ </cfg:KeyCertIssuerSerial>
+ </cfg:Key>
+ </cfg:KeyGroup>
+ <cfg:KeyGroupMapping>
+ <cfg:KeyGroupId>KG_junit</cfg:KeyGroupId>
+ </cfg:KeyGroupMapping>
+ <cfg:XMLDSig>
+ <cfg:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</cfg:CanonicalizationAlgorithm>
+ <cfg:DigestMethodAlgorithm>http://www.w3.org/2000/09/xmldsig#sha256</cfg:DigestMethodAlgorithm>
+ </cfg:XMLDSig>
+ </cfg:SignatureCreation>
+
+ <cfg:SignatureVerification>
+ <cfg:CertificateValidation>
+ <cfg:PathConstruction>
+ <cfg:AutoAddCertificates>false</cfg:AutoAddCertificates>
+ <cfg:AutoAddEECertificates>false</cfg:AutoAddEECertificates>
+ <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
+ <cfg:CertificateStore>
+ <cfg:DirectoryStore>
+ <cfg:Location>certstore</cfg:Location>
+ </cfg:DirectoryStore>
+ </cfg:CertificateStore>
+ </cfg:PathConstruction>
+ <cfg:PathValidation>
+ <cfg:ChainingMode>
+ <cfg:DefaultMode>pkix</cfg:DefaultMode>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ </cfg:ChainingMode>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>jUnitSigning</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/jUnitSigning</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ </cfg:PathValidation>
+ <cfg:RevocationChecking>
+ <cfg:EnableChecking>true</cfg:EnableChecking>
+ <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge>
+ <cfg:ServiceOrder>
+ <cfg:Service>OCSP</cfg:Service>
+ <cfg:Service>CRL</cfg:Service>
+ </cfg:ServiceOrder>
+ <cfg:Archiving>
+ <cfg:EnableArchiving>false</cfg:EnableArchiving>
+ <cfg:ArchiveDuration>365</cfg:ArchiveDuration>
+ <cfg:Archive>
+ <cfg:DatabaseArchive>
+ <cfg:JDBCURL>jdbc:url</cfg:JDBCURL>
+ <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName>
+ </cfg:DatabaseArchive>
+ </cfg:Archive>
+ </cfg:Archiving>
+ </cfg:RevocationChecking>
+ </cfg:CertificateValidation>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0_OWN</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0_own.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ </cfg:SignatureVerification>
+</cfg:MOAConfiguration>
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/svaconfig.example b/moaSig/moa-sig/src/test/resources/moaspss_config/svaconfig.example
index 7be4541..317f1b8 100644
--- a/moaSig/moa-sig/src/test/resources/moaspss_config/svaconfig.example
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/svaconfig.example
@@ -69,7 +69,7 @@ tstkeylenconstraint={rsa, 1024, 2000-08-08}
indicationmapping={FORMAT_FAILURE,INDETERMINATE};{NO_VALID_TIMESTAMPS_FOUND, INDETERMINATE}
# Allows any key usage if set to true, otherwise only dig. signature
-allowanykeyusage=false
+allowanykeyusage=true
# Defines the chaining model for path validation.
# possible values are:
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-05.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-05.cer
new file mode 100644
index 0000000..2bf4ad7
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-05.cer
Binary files differ
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
new file mode 100644
index 0000000..2353127
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGMTCCBBmgAwIBAgIEDoVJaDANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
+QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg
+aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEYMBYGA1UECwwPQS1UcnVzdC1S
+b290LTA3MRgwFgYDVQQDDA9BLVRydXN0LVJvb3QtMDcwHhcNMjAwMzExMTUyMTE0
+WhcNMzYxMTEzMTQyMTE0WjCBnTELMAkGA1UEBhMCQVQxSDBGBgNVBAoMP0EtVHJ1
+c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZl
+cmtlaHIgR21iSDEhMB8GA1UECwwYYS1zaWduLXByZW1pdW0tbW9iaWxlLTA3MSEw
+HwYDVQQDDBhhLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDcwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC6M5Q0eSLBBakFL7I5G2NvbLvzcXR6Uf/rEhg79CQt
+hCQYfL4suddGQz6TySTp2KoJMQqacZKHzLrG/aor75MojcAfdj5nN4mKSzeyhgrq
+AEm60c6nwpkbJsdf+HECi5b8nRJwlmXTy8BcTLLY14gitrprsmQRtRMLDc1Sy47i
+yWG29G5p36RNoC9ErZAHx4dVOrqvW+N0ILI6zPHxMyW/d0RrGmldoIJ3AOYLfkg2
+xeeHisPZBocvdgm7B0F/sXnfCpQWIQygPkOjyLqiCCvuOSnSm4qa357foP4h86Yz
+4iEFbEWawKwCIz4mtex4U4fiqppjekCaTavX093jBUUEyGrSA+5CCM2iBDTxBEmd
+uTbEDKAK40qsIdYMLRx9D1VUNk9DtTT5VkOou1mGMjxZ36QM+3HXmaqZSuVyX1Vm
+3bCc2O+L6VC/5Wp8y5nnzemTCu5f4+JxGNtH7ti4AVtSyp4hzDwwJHklOB2YmnsP
+FJfrWVB8V+QdJ2TdHBmzRcYWSM85345/vfRRpLXKMH2ToNQB2HN3fArlqgblRI1c
+/VrhpONCmpaUIqoDHDeJSZfjEY/ITTIVBZkvaNIPiZkkgF8iKkLFgQU/BPGRm/i5
+HQ+ACC7SVDdN4gLyixiOoIOKBgcC5pFSWNDUPmhs1EwW5dkhYRqvo6vUOKaEGSSS
+DQIDAQABo4GIMIGFMBMGA1UdIwQMMAqACETAEa1TJ4f0MBEGA1UdDgQKBAhH1+x/
+R9ISYjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAx
+MC+gLaArhilodHRwOi8vY3JsLmEtdHJ1c3QuYXQvY3JsL0EtVHJ1c3QtUm9vdC0w
+NzANBgkqhkiG9w0BAQsFAAOCAgEAJH8ljqDtpFFU46zoIkqZmnv9uY1udYnjy3HV
++xE0Q7EeuithsP92A39p6bwtUS9FDokmMS4+XZSj72VBdt5t8tUKkFk2eBO9SMs9
+sM870G77by1hsjVQjEhQjnZVbxsV8jR0n6CiurUix21AQ1qn8LIgbPYL94Rng5i1
+YqXQdY8EcduO4+QJ230s9pUlBldpipXdVvs0mkY5XYj/QBgBT+ubbKTHj4sZiNvj
+fe2MjAP2BSP9aAwf/IcbxXFy3lU+q9YQTO9VlbpuE1EU/8DPZ4tNGpEwPNT6xZ4G
+CALOC83waE9U/NtdNCE4BYDQYRS9E1yxPs6NV/XTa+ywG8vUDli3qtmFu1MOGByy
+i/YDSpTSFAg8bls2ZWeMUzS2/qOtgc2zxlko+Hy/VjCtxE7sIfGPg+UVnK2GtL6w
+4kOCfO9XJ5WwsffVL6+ZUg+Dd9Rxth3JYD72J+EjpQyguAil9+Onq9p9JQCmPEcJ
+L63MFT7UEluQQq4TgwupBtNDnyQ0JwJ/cW6gL35HBD11VmlxwpjnGTmlb801BDpK
+mmbvoBV5mFqQD9S6Vtug30t+9p4py0Y96BIGPqcMvNTV1+vxRxtGRt5KU3BHoNBI
+CJoTMDl7+L4EabQLcMCEOfmYEgyPAxm671xiWHNGUieqyW6whrzT2WDGPfoOIdUa
+IR4ebFU=
+-----END CERTIFICATE-----
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_1.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_1.cer
new file mode 100644
index 0000000..32d8889
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_1.cer
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEgzCCA2ugAwIBAgIDAOSjMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa
+Fw0xNDEyMTMyMzAwMDBaMIGXMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMR4wHAYDVQQLDBVhLXNpZ24tUHJlbWl1bS1TaWctMDIxHjAcBgNV
+BAMMFWEtc2lnbi1QcmVtaXVtLVNpZy0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANZZNjVoS1r6DchywTTX58dkZ4KJRSwt78fipFxGlf0KrniYB+v5
+Vr5wodgwQ6E6AZFtvIzjYUolN3PjlEAnVaeCeZCeadnH32+Tvl+7MGKkfH9D0Xmw
+xkVcSYf4Rld/8H7JNFMyeyzefyCm1HMehpdgbhJ1+bO5P3Mbh2W8ca9qWfisdbj5
+VXu+niGWG0mXTbMtgPeiSsb9YAQ2UlvJjofZvnSaNv39Q3TRmIROXuhIHyD5wjcK
+A6qR2RD6eYpIG+yqZbGqxw65AIYHeD5li4jL0EsWxm6+eNBABA7GTcko4nxgKFv8
+wcqjiFBGKclznmHP0sSbxDxsrPK3gBj7Q8kCAwEAAaOB4TCB3jAPBgNVHRMBAf8E
+BTADAQH/MBEGA1UdDgQKBAhN3+H/S9nJ3zATBgNVHSMEDDAKgAhCPSskpsFFzjAO
+BgNVHQ8BAf8EBAMCAQYwgZIGA1UdHwSBijCBhzCBhKCBgaB/hn1sZGFwOi8vbGRh
+cC5hLXRydXN0LmF0L291PUEtVHJ1c3QtUXVhbC0wMixvPUEtVHJ1c3QsYz1BVD9j
+ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy
+dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEASBVGa0aeSFz3
+77OrRFmMAs7rh8kG+rRue8Ze0JuHR6P9DltPwH4B5oFtninmhImejKLR2CmdNbtk
+ujNlXAY0KONJZIi7bXwotx4E23JUmIx5U2KtOmUzmI6JGcqJw5cu4i73Au6fKgSD
+BM1+XyMH5/EKd51NWhhe2ByfC2BQ3qlgt11j0sNTapdz0OhvAxa6Dd9D5VCumwUy
+8hEn/w9T4ZN1zabqJiD9ERiTLvJsP2zIg+Z0XssnqeRw0tk/Vn7htwCFn0/vFZkU
+qMdbtxducOBa5LfbRkpzwAS5kAOZGcAHUD/3FVlCr59Z86e1WWwq3aSUN+XKOLd+
+ypPntzbNSA==
+-----END CERTIFICATE-----
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_2.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_2.cer
new file mode 100644
index 0000000..29b2127
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_2.cer
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEgzCCA2ugAwIBAgIDFE4QMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0xNDA3MDExMTM3NTVa
+Fw0yNDA3MDEwOTM3NTVaMIGXMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMR4wHAYDVQQLDBVhLXNpZ24tUHJlbWl1bS1TaWctMDIxHjAcBgNV
+BAMMFWEtc2lnbi1QcmVtaXVtLVNpZy0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANZZNjVoS1r6DchywTTX58dkZ4KJRSwt78fipFxGlf0KrniYB+v5
+Vr5wodgwQ6E6AZFtvIzjYUolN3PjlEAnVaeCeZCeadnH32+Tvl+7MGKkfH9D0Xmw
+xkVcSYf4Rld/8H7JNFMyeyzefyCm1HMehpdgbhJ1+bO5P3Mbh2W8ca9qWfisdbj5
+VXu+niGWG0mXTbMtgPeiSsb9YAQ2UlvJjofZvnSaNv39Q3TRmIROXuhIHyD5wjcK
+A6qR2RD6eYpIG+yqZbGqxw65AIYHeD5li4jL0EsWxm6+eNBABA7GTcko4nxgKFv8
+wcqjiFBGKclznmHP0sSbxDxsrPK3gBj7Q8kCAwEAAaOB4TCB3jAPBgNVHRMBAf8E
+BTADAQH/MBEGA1UdDgQKBAhN3+H/S9nJ3zATBgNVHSMEDDAKgAhCPSskpsFFzjAO
+BgNVHQ8BAf8EBAMCAQYwgZIGA1UdHwSBijCBhzCBhKCBgaB/hn1sZGFwOi8vbGRh
+cC5hLXRydXN0LmF0L291PUEtVHJ1c3QtUXVhbC0wMixvPUEtVHJ1c3QsYz1BVD9j
+ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy
+dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAY6wF/ErpGbsM
+CwOkFH3MOvxYuxEAs2hpQOkz2KawDuocMRhZpESubzFSE3RxHxc7zgL60P6mOoT8
+G9IFlk/EOOFerBulJCyD3TR84MalgC3bj5hgC0H3/FJsVNRbbxlecbrroA+4S8DP
+U1F6mu9ImWGfuTWcV2Wa5pleJym5ICjTKL3v6tPLUdDlbcswkmxNf1uBZVsmta81
+BI1W9+33du1cVyymRZ2EfnL5kbAj6hdQ6qGfLjkZbZGXHWNNrfh/oGTzVALpmBwZ
+q6rqYapWYU2T8z1WDz7fTNcpawM8Plxe8dNC6pCVeGQQApqYM4zm/4lC46V3ihjt
+csETorSnVQ==
+-----END CERTIFICATE-----
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-05.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-05.cer
new file mode 100644
index 0000000..7ad406e
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-05.cer
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGKDCCBBCgAwIBAgIDD824MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVJv
+b3QtMDUxGDAWBgNVBAMMD0EtVHJ1c3QtUm9vdC0wNTAeFw0xMzA5MjMxMzI4NTha
+Fw0yMzA5MjAxMTI4NThaMIGXMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMR4wHAYDVQQLDBVhLXNpZ24tUHJlbWl1bS1TaWctMDUxHjAcBgNV
+BAMMFWEtc2lnbi1QcmVtaXVtLVNpZy0wNTCCAiAwDQYJKoZIhvcNAQEBBQADggIN
+ADCCAggCggIBAKWkdHxXUo847W9MqYSOH8H0mulJ11qOPAwHISvZFVJ5jpklQE4Z
+7Eb+NKP/3tyGCE2IJPul0aKSBPjiMOwXlmD6FpDe2yoPxslu8/8nh28mo6Oyxnu/
+9WhnEv7u+P/VDUwI7avTRqj61m6mw39EfRMDrusJwa3MIZ1mmin+W6blUtOuuDUt
+6Oh1cGPTeZyNybZBPYgTibWaiYx8Od+zhQ40t6bC03U+DxxuNfCgOsieGeOc6JzJ
+Rtd7Tye8TAyVn9WDQyllvmO/Lst6oHpb50vKX5Hd5Xo5Ju2K3xWSx5sMrL8BUhAi
+lpm4LM8YLTMKeaz5kaCdO8w0XKUJdFH9i/MEeAgSimZ0hIpvMpLSg25ySvMRS6Z7
+RsllA4xtnEG4Bu9P7FNeoyRm4Nd5UsIbug648wqXrf9PGsqPDjX7/3tSc67iJJ/w
+YgsOUIcrHsykhOIjVbpOeAKYwb1UAiXS2UjgDyVDX6atppHmAut1ig4ouJ27CUB7
+jhSVqoOxmxKpTzu+gHJo+cLb0ihVzvKu5EFI7b50KE8xPQCFHbe9YBdq3oGoq1M7
+OvBTVZ369d1yzwwK3U9lMUeysipVeSJeFCD057oJHJYxYmvv0LHQ1zX4DmW3HNHH
+U+A7+7aJnE1s9XNsCYbmUcY+14+WbTlUiCqMOAdCSzP8LHjRsf8a5DV/AgEDo4GI
+MIGFMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuYS10cnVzdC5hdC9jcmwv
+QS1UcnVzdC1Sb290LTA1MBMGA1UdIwQMMAqACED5uWe+A9IIMA8GA1UdEwEB/wQF
+MAMBAf8wEQYDVR0OBAoECEH4CDkbAegkMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG
+9w0BAQsFAAOCAgEAMqZmZqzadftaf6xB9WNWKnJixLBIVDjNUg3ypbmcwufqjmeA
+ij2Qyer09oxr0n1xpsOwc7dSVp7brDTvSVJg33Ef9TGbCrKo9urJUypQn7HiCp1+
+y6Csvzi3jkx/V1Zvd9U5VF7hIHQrOQv1Id8egB845oestS+zUlqM+SxXO28EYIsp
+iejWKWVi04nl+Ch85o1rZ9HBN6QxaoUU1Oo2+BaCyZqC+lWMv+wbCtM8YYLCME+t
+FiMfZC9WtBitt0TBE5LR7Gf1Wcalsaazgfcwr7gxVvXbS3j5y9IX0LsmUNUfgesd
+TTBPzZhQsryoZ3dpVbpdFj9ktBJkk2gzwYcVhXIGCGvOA96mm3b6uQrSuiWQJ9+N
+awWpiQI6C4GfPxkIt8idUyGbBzu5Nj613ekI/z5ZFYdQ3KGOqNxJRqQLVnjqOjO5
+YD1DY5L6Pjl341wwPFF5ZsEESlTn5qbPIfygf2swqfyuEPbV+jOvaR1HmuPunuda
+D42D5YJkpofIcvG9S4YsDJ6ZO6VvZ9f4cVxUiFDdfWc6tWQE3HEx6LDqZY5bjdie
+BwGqsS/623bdQyHgQOeZqMcC/kyUiKozTFPJwd92yx7oQda1k24U5qDC9xMi/s4c
+yHV2urDTvyVqphxKTw+64sW5z013vSBcQ2kKPxzwFkw/1MQF52upVhQqJ1c=
+-----END CERTIFICATE-----
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
new file mode 100644
index 0000000..54eb44f
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGKzCCBBOgAwIBAgIEDIaM9zANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
+QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg
+aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEYMBYGA1UECwwPQS1UcnVzdC1S
+b290LTA3MRgwFgYDVQQDDA9BLVRydXN0LVJvb3QtMDcwHhcNMjAwMzExMTUxODE1
+WhcNMzYxMTEzMTQxODE1WjCBlzELMAkGA1UEBhMCQVQxSDBGBgNVBAoMP0EtVHJ1
+c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZl
+cmtlaHIgR21iSDEeMBwGA1UECwwVYS1zaWduLVByZW1pdW0tU2lnLTA3MR4wHAYD
+VQQDDBVhLXNpZ24tUHJlbWl1bS1TaWctMDcwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCb+OkeCkr3aNcwvBfmPfLeJDcDovCaWCGSSDMXslj11tKAPWHQ
+A+rb4RVhCe9dPAZ46aR4+6+S8Lc6fvtzF8zwGU32MGvqUtZ8xg44TgzGWVmu3od2
+vr5nbeJINyiqJ0uh0slVSEP5Sh8lNLRrBu7hDS/mgXNZ7BcNoIAg4vadQ03+GbfA
+vyaW7tp1fiAsTBDozehdcfpLvafAV9Qoiw9kAy13nlPzH/cq9vxlBj8USxixjulR
+SCzM2hLKaefxvzmxzaaeZ5pOqhW75K4YS9LdV/AplW64HeUX5MP2lcvj8pt+UdoN
+mEsLBFgScyd0q/MXHnERg4U2od95YOB7GvMzq8tEpF147+krbE6/2WdCsmlcBKZT
++9fxgy/61w9shVvAlHbGEG8tUYNeM6RMcK/g0B/qY4B6LkR03x6b2zv8DYhWWpM4
+CMGlPmds8bA0cMPFBZ7PhsJvHlqrIRtPbLWtm5sXILk9nFurWRxob8+r23JMODn2
+Q2Ulm5Z4CVyJfbYpuRTadUjZs+BNSE0S/6eC153uaCyP5vHplhHED8xXgpjr/GTC
+PyJE6jRzfg+gUWr1WtTQKqyFaQfrTlEMiOD4UerBXTAd3Jz6FNY/FtC5h/t71nZx
+YSXnUu8xQ/8JVY9lkq9ibq+CEzT8Mqn+rHy1mhxpadIa94BLRXX3zOSyowIDAQAB
+o4GIMIGFMBMGA1UdIwQMMAqACETAEa1TJ4f0MBEGA1UdDgQKBAhN9Olivd8arjAO
+BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAxMC+gLaAr
+hilodHRwOi8vY3JsLmEtdHJ1c3QuYXQvY3JsL0EtVHJ1c3QtUm9vdC0wNzANBgkq
+hkiG9w0BAQsFAAOCAgEAZZFh7pWF69RyrGgdc1idFVgQJY5XFR80qBLBZdkOO5wF
+to33OAoQCAfszJ1sR7I0+N8xf6wB8EhZeacArqz2inhgFudGvdmk6jlOIhUUs7ta
+0bhuLUmBbzQwXOthQdTnU8+ZjbE5vsfgydIN0GJfhEj5pggRA5ICrTtekcG74UX/
+LOTPt4ppQ9sgsSGm4pjWSopDKM9Z0SjcfDUjPefIMYPyT6rI7oYgT1SmQqw4Gjud
+l5lC+JhbHxgBcWOWcBVjMk7/5wH9klLqZYDbLmJ6PPcsm1jt8fyOgJBWrQaCnwrT
+U2+KmvHgztiHgo3C0BIAh/on4qq95qCthS00qPwCrYLkNGiwexn/R7dHQu6yp0gG
+uoLbXynoIeueCk7GC59AE0KZBtX6QzgqD/i8IfXNil41Tn3af1KFnL5iwE4yxe30
+w+c7O5eDxvK/NfyxWIrjxWISngIA1F6Ghlv71QM7zdOcvT3FdWPYWf8vRxPyEHm7
+jolmWjvwDwJGvgFggF4fHkH9LIvK5HKuG2SwXZJYkHZ+LKY8s26OLPm+DJKTXFTP
+fVS7bz2p6ym2hig09Avraz31hjd1Gn9hEQfWhGdVM0m3RXLHXKWopI4JiA5XZLXo
+/oeWmzUehZLowF7TvaiwA8//PfONZZus22OIo1QZvxZPjQd9/BVPIsB+YZqFgeI=
+-----END CERTIFICATE-----
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_1.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_1.cer
new file mode 100644
index 0000000..8ddc7d7
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_1.cer
Binary files differ
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_2.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_2.cer
new file mode 100644
index 0000000..8cd2ed4
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_2.cer
Binary files differ
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_3.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_3.cer
new file mode 100644
index 0000000..7c06592
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_3.cer
Binary files differ
diff --git a/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/672C4FE428C7E1F7DB9416279E271B8671C80E23.cer b/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/672C4FE428C7E1F7DB9416279E271B8671C80E23.cer
new file mode 100644
index 0000000..eaa20b6
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/672C4FE428C7E1F7DB9416279E271B8671C80E23.cer
Binary files differ
diff --git a/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/F86591A6D86718886A0234B8E54E21AAEA63E24B.cer b/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/F86591A6D86718886A0234B8E54E21AAEA63E24B.cer
new file mode 100644
index 0000000..2bf4ad7
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/F86591A6D86718886A0234B8E54E21AAEA63E24B.cer
Binary files differ