initial commit

42 files changed, 4722 insertions, 0 deletions

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
new file mode 100644
index 0000000..49e5ecc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.cmssign;
+
+import iaik.server.modules.algorithms.SignatureAlgorithms;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.AlgorithmUnavailableException;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * An object providing auxiliary information for creating a CMS signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureCreationProfileImpl
+  implements CMSSignatureCreationProfile {
+
+  /** The set of keys available to the signing process. */
+  private Set keySet;
+  /** The MIME type of the data to be signed*/
+  private String mimeType;
+  /** Whether the created signature is to be Security Layer conform. */ 
+  private boolean securityLayerConform;
+  /** Properties to be signed during signature creation. */ 
+  private List signedProperties;
+  /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */
+  private boolean includeData;
+  /** Digest Method algorithm  */
+  private String digestMethod;
+  
+  
+  /**
+   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * 
+   * @param createProfileCount Provides external information about the 
+   * number of calls to the signature creation module, using the same request.
+   * @param reservedIDs The set of IDs that must not be used while generating
+   * new IDs.
+   */
+  public CMSSignatureCreationProfileImpl(
+    Set keySet,
+    String digestMethod,
+    List signedProperties,
+    boolean securityLayerConform,
+    boolean includeData,
+    String mimeType) {
+	  this.keySet = keySet;
+	  this.signedProperties = signedProperties;
+	  this.securityLayerConform = securityLayerConform;
+	  this.includeData = includeData;
+	  this.mimeType = mimeType;
+	  this.digestMethod = digestMethod;
+
+  }
+
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
+   */
+  public Set getKeySet() {
+    return keySet;
+  }
+
+  /**
+   * Set the set of <code>KeyEntryID</code>s which may be used for signature
+   * creation.
+   * 
+   * @param keySet The set of <code>KeyEntryID</code>s to set.
+   */
+  public void setKeySet(Set keySet) {
+    this.keySet = keySet;
+  }
+
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
+   */
+  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
+    throws AlgorithmUnavailableException {
+
+	  
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    TransactionId tid = new TransactionId(context.getTransactionID());
+    KeyModule module = KeyModuleFactory.getInstance(tid);
+    Set algorithms;
+
+    try {
+      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
+    } catch (UnknownKeyException e) {
+      throw new AlgorithmUnavailableException(
+        "Unknown key entry: " + selectedKeyID,
+        e,
+        null);
+    }
+    
+      	if (digestMethod.compareTo("SHA-1") == 0) {
+    		Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
+             }
+    		
+    	} else if (digestMethod.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethod,
+         			null,
+         	        null);
+         }
+  
+
+  }
+
+
+ 
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   * 
+   * @param securityLayerConform <code>true</code>, if the created signature
+   * is to be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+ 
+  public void setDigestMethod(String digestMethod) {
+	  this.digestMethod = digestMethod;
+  }
+ 
+
+  public String getMimeType() {
+	  return mimeType;
+  }
+
+  public boolean includeData() {
+	return this.includeData;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
new file mode 100644
index 0000000..972b540
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.cmsverify;
+
+import iaik.pki.PKIProfile;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
+
+/**
+ * An implementation of the <code>CMSSignatureVerificationProfile</code>
+ * interface.
+ * 
+ * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureVerificationProfileImpl
+  implements CMSSignatureVerificationProfile {
+    
+  /** The profile for validating the certificate. */
+  private PKIProfile certificateValidationProfile;
+
+  /**
+   * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile#getCertificateValidationProfile()
+   */
+  public PKIProfile getCertificateValidationProfile() {
+    return certificateValidationProfile;
+  }
+
+  /**
+   * Sets the profile for validating the signer certificate.
+   * 
+   * @param certificateValidationProfile The certificate validation profile to
+   * set.
+   */
+  public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) {
+    this.certificateValidationProfile = certificateValidationProfile;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java
new file mode 100644
index 0000000..90e6793
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.server.modules.keys.KeyModuleConfiguration;
+
+/**
+ * Base implementation class for the <code>KeyModuleConfiguration</code>
+ * interface and the interfaces derived from it.
+ * 
+ * @see iaik.server.modules.keys.KeyModuleConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class AbstractKeyModuleConfigurationImpl
+  implements KeyModuleConfiguration {
+
+  /** The module ID. */    
+  private String moduleID;
+  
+  /**
+   * Creata new <code>AbstractKeyModuleConfigurationImpl</code>.
+   * 
+   * @param moduleID The key module ID of this
+   * <code>KeyModuleConfiguration</code>.
+   */
+  public AbstractKeyModuleConfigurationImpl(String moduleID) {
+    this.moduleID = moduleID;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.KeyModuleConfiguration#getModuleID()
+   */
+  public String getModuleID() {
+    return moduleID;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java
new file mode 100644
index 0000000..e2d828b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pki.store.observer.NotificationData;
+import iaik.pki.store.observer.Observable;
+import iaik.pki.store.observer.Observer;
+
+/**
+ * A base class for observable configuration data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class AbstractObservableConfiguration implements Observable {
+
+  /** The observers registered with this <code>Observable</code>. */
+  private List observers = new ArrayList();
+
+  /**
+   * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
+   */
+  public void addObserver(Observer observer) {
+    observers.add(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
+   */
+  public boolean removeObserver(Observer observer) {
+    return observers.remove(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
+   */
+  public void notify(NotificationData data) {
+    Iterator iter = observers.iterator();
+
+    for (iter = observers.iterator(); iter.hasNext();) {
+      Observer observer = (Observer) iter.next();
+      observer.notify(data);
+    }
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java
new file mode 100644
index 0000000..4a300a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveParameters;
+import iaik.pki.store.revocation.archive.ArchiveTypes;
+
+import java.sql.Driver;
+import java.sql.DriverManager;
+import java.util.Enumeration;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>ArchiveConfiguration</code> interface
+ * using configuration data provided by the MOA configuration file.
+ * 
+ * @see iaik.pki.store.revocation.archive.ArchiveConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ArchiveConfigurationImpl
+  extends AbstractObservableConfiguration
+  implements ArchiveConfiguration {
+    
+  /** The configuration parameters of the archive. */
+  private ArchiveParameters archiveParameters;
+
+  /**
+   * Create a new <code>ArchiveConfigurationImpl</code>.
+   * 
+   * @param config The MOA configuration from which the configuration data is being read.
+   */
+  public ArchiveConfigurationImpl(ConfigurationProvider config) 
+  {
+    String jdbcUrl = config.getRevocationArchiveJDBCURL();
+    this.archiveParameters = new DataBaseArchiveParameterImpl(jdbcUrl);
+    
+    // Register JDBC driver class 
+    if (jdbcUrl != null)
+    {
+      String jdbcDriverClass = config.getRevocationArchiveJDBCDriverClass();
+      try
+      {
+        Class.forName(jdbcDriverClass);
+      }
+      catch (ClassNotFoundException e)
+      {
+        // TODO 20030709 GK Improve exception handling
+        throw new RuntimeException("JDBC driver class \"" + jdbcDriverClass + " could not be found.");       
+      }
+      
+      Enumeration regDrivers = DriverManager.getDrivers();
+      boolean isRegistered = false;
+      while (regDrivers.hasMoreElements())
+      {
+        Object currentDriver = regDrivers.nextElement();
+        if (jdbcDriverClass.equals(currentDriver.getClass().getName())) isRegistered = true;
+      }
+      if (!isRegistered)
+      {
+        // Workaround for a driver which does not register itselve at invocation of Class.forName(drvname)
+        try
+        {
+          DriverManager.registerDriver((Driver)Class.forName(jdbcDriverClass).newInstance()); 
+        }
+        catch (Exception e)
+        {
+          // TODO 20030709 GK Improve exception handling
+          throw new RuntimeException("Registering JDBC driver \"" + jdbcDriverClass + " failed.");       
+        }
+      }
+    }
+  }
+
+  /**
+   * Return the type of archive.
+   * 
+   * This will always return <code>ArchiveTypes.DATABASE</code>.
+   * @return <code>ArchiveTypes.DATABASE</code>.
+   * @see iaik.pki.store.revocation.archive.ArchiveConfiguration#getType()
+   */
+  public String getType() {
+    return ArchiveTypes.DATABASE;
+  }
+
+  /**
+   * Return the <code>ArchiveParameters</code> describing this
+   * <code>ArchiveConfiguration</code>.
+   * 
+   * @return The archive parameters.
+   * @see iaik.pki.store.revocation.archive.ArchiveConfiguration#getArchiveParameters()
+   */
+  public ArchiveParameters getArchiveParameters() {
+    return archiveParameters;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
new file mode 100644
index 0000000..981ea05
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.logging.TransactionId;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.revocation.RevocationInfoRetriever;
+import iaik.pki.store.revocation.RevocationSource;
+import iaik.pki.store.revocation.RevocationStoreException;
+import iaik.pki.ldap.Handler;
+
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLStreamHandler;
+import java.util.Collection;
+import java.util.Date;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * A customized implementation of
+ * {@link iaik.pki.store.revocation.RevocationInfoRetriever}. Will be used
+ * instead of the default implementation
+ * {@link iaik.pki.store.revocation.CRLRetriever} to overcome a classloader
+ * problem in connection with the {@link java.net.URL} class in a Tomcat
+ * deployment environment.
+ * 
+ * @author Gregor Karlinger
+ * @version $$
+ */
+public class CRLRetriever implements RevocationInfoRetriever {
+	public void update(RevocationSource source, Collection supplementalRequestData, TransactionId tid)
+			throws RevocationStoreException {
+		if (source == null) {
+			throw new NullPointerException("RevocationSource parameter mustn't be null.");
+		}
+		Logger.info("Downloading crl from " + source.getUri());
+		if (!source.getType().equals(RevocationSourceTypes.CRL)) {
+			throw new RevocationStoreException(source.getType() + " not supported", null, getClass().getName() + ":1");
+		}
+		try {
+			URL crlUrl;
+			try {
+				crlUrl = new URL(source.getUri());
+			} catch (MalformedURLException e) {
+				// Workaround for classloader problem with deployment in Tomcat
+				// 4.1
+				URLStreamHandler handler = new Handler();
+				crlUrl = new URL(null, source.getUri(), handler);
+			}
+
+			InputStream crlInputStream = crlUrl.openStream();
+			source.readFrom(crlInputStream, tid);
+			source.setDownloadTime(new Date());
+			crlInputStream.close();
+		} catch (Exception iox) {
+			Logger.warn("Cannot retrieve crl", iox);
+			throw new RevocationStoreException("Cannot retrieve CRL", iox, getClass().getName() + ":1");
+		}
+	}
+
+	@Override
+	public void setConnectTimeout(int arg0) {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+	}
+
+	@Override
+	public void setReadTimeout(int arg0) {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+	}
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
new file mode 100644
index 0000000..a4f7660
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.commons.io.FileUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import iaik.logging.Log;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+import iaik.pki.store.certstore.directory.DirectoryStoreException;
+import iaik.pki.store.certstore.utils.DirectoryCertStoreConverter;
+
+/**
+ * An implementation of the <code>CertStoreConfiguration</code> interface based
+ * on MOA configuration data.
+ * 
+ * @see iaik.pki.store.certstore.CertStoreConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CertStoreConfigurationImpl extends AbstractObservableConfiguration implements CertStoreConfiguration {
+
+	private static final Logger logger = LoggerFactory.getLogger(CertStoreConfigurationImpl.class);
+
+	/** The configuration parameters of the <code>CertStore</code>. */
+	private CertStoreParameters[] parameters;
+
+	/**
+	 * Create a new <code>CertStoreConfigurationImpl</code>.
+	 * 
+	 * @param config
+	 *            The MOA configuration from which the configuration data is
+	 *            being read.
+	 */
+	public CertStoreConfigurationImpl(ConfigurationProvider config) {
+		String certStoreRoot = config.getCertStoreLocation();
+
+		DirectoryCertStoreParameters dirParameters = new DirectoryCertStoreParametersImpl("MOA Directory CertStore",
+				certStoreRoot, true, false);
+
+		parameters = new CertStoreParameters[] { dirParameters };
+	}
+
+	/**
+	 * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
+	 */
+	public CertStoreParameters[] getParameters() {
+		return parameters;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java
new file mode 100644
index 0000000..dff78d6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.logging.LoggerConfig;
+import iaik.pki.PKIConfiguration;
+import iaik.server.ConfigurationData;
+
+import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule;
+import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule;
+
+/**
+ * An implementation of the <code>ConfigurationData</code> interface using
+ * MOA configuration data.
+ * 
+ * @see iaik.server.ConfigurationData
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationDataImpl implements ConfigurationData {
+  /** PKI configuration data. */
+  private PKIConfiguration pkiConfiguration;
+  /** Crypto modules configuration data. */
+  private List cryptoModuleConfigurations;
+  /** Key modules configuration data. */
+  private List keyModuleConfigurations;
+  /** Logging configuration data. */
+  private LoggerConfig loggerConfig;
+
+  /**
+   * Create a new <code>ConfigurationDataImpl</code>.
+   * 
+   * @param config The underlying MOA configuration data.
+   */
+  public ConfigurationDataImpl(ConfigurationProvider config) {
+    this.pkiConfiguration = new PKIConfigurationImpl(config);
+    this.cryptoModuleConfigurations = buildCryptoModuleConfigurations(config);
+    this.keyModuleConfigurations = buildKeyModuleConfigurations(config);
+    this.loggerConfig = new LoggerConfigImpl();
+  }
+
+  /**
+   * Build the list of <code>CryptoModuleConfiguration</code>s.
+   * 
+   * @param config The underlying MOA configuration data.
+   * @return The list of <code>CryptoModuleConfiguration</code>s configured in
+   * the MOA configuration.
+   */
+  private List buildCryptoModuleConfigurations(ConfigurationProvider config) {
+    List modules = new ArrayList();
+    Iterator iter = config.getHardwareCryptoModules().iterator();
+    
+    while (iter.hasNext()) {
+      HardwareCryptoModule module = (HardwareCryptoModule) iter.next();
+      modules.add(new HardwareCryptoModuleConfigurationImpl(module));
+    }
+    
+    return modules;
+  }
+  
+  /**
+   * Build the list of <code>KeyModuleConfiguration</code>s.
+   * 
+   * @param config The underlying MOA configuration data.
+   * @return The list of <code>KeyModuleConfiguration</code>s configured in the
+   * MOA configuration.
+   */
+  private List buildKeyModuleConfigurations(ConfigurationProvider config) {
+    List keys = new ArrayList();
+    Iterator iter;
+    
+    // add the hardware keys
+    iter = config.getHardwareKeyModules().iterator();
+    while (iter.hasNext()) {
+      HardwareKeyModule key = (HardwareKeyModule) iter.next();
+      keys.add(new HardwareKeyModuleConfigurationImpl(key));
+    }
+    
+    // add the software keys
+    iter = config.getSoftwareKeyModules().iterator();
+    while (iter.hasNext()) {
+      SoftwareKeyModule key = (SoftwareKeyModule) iter.next();
+      keys.add(new SoftwareKeyModuleConfigurationImpl(key));
+    }
+    
+    return keys;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getPKIConfiguration()
+   */
+  public PKIConfiguration getPKIConfiguration() {
+    return pkiConfiguration;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getCryptoModuleConfigurations()
+   */
+  public List getCryptoModuleConfigurations() {
+    return cryptoModuleConfigurations;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getKeyModuleConfigurations()
+   */
+  public List getKeyModuleConfigurations() {
+    return keyModuleConfigurations;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getLoggerConfig()
+   */
+  public LoggerConfig getLoggerConfig() {
+    return loggerConfig;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
new file mode 100644
index 0000000..f4658a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.store.revocation.archive.DataBaseArchiveParameters;
+
+/**
+ * An implementation of the <code>DataBaseArchiveParameter</code> interface.
+ * 
+ * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DataBaseArchiveParameterImpl implements DataBaseArchiveParameters {
+
+  /** The JDBC URL for accessing the archive. */
+  private String jDBCUrl;
+
+  /**
+   * Create a new <code>DataBaseArchiveParameterImpl</code>.
+   * 
+   * @param jDBCUrl The JDBC URL of the archive.
+   */
+  public DataBaseArchiveParameterImpl(String jDBCUrl) {
+    this.jDBCUrl = jDBCUrl;
+  }
+
+  /**
+   * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter#getJDBCUrl()
+   */
+  public String getJDBCUrl() {
+    return jDBCUrl;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java
new file mode 100644
index 0000000..9dd0ffe
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.Collections;
+import java.util.Set;
+
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.CertStoreTypes;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+
+/**
+ * An implementation of the <code>DirectoryCertStoreParameters</code> interface.
+ * 
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DirectoryCertStoreParametersImpl
+  implements DirectoryCertStoreParameters {
+
+  /** The root directory of the <code>CertStore</code>. */
+  private String rootDirectory;
+  /** Whether a new directory may be created. */
+  private boolean createNew;
+  /** The <code>CertStore</code> ID. */
+  private String id;
+  /** Whether the <code>CertStore</code> is read-only. */
+  private boolean readOnly;
+
+  /**
+   * Create a new <code>DirectoryCertStoreParameterImpl</code>.
+   * 
+   * @param id The <code>CertStore</code> ID.
+   * @param rootDirectory The root directory of the <code>CertStore</code>.
+   * @param createNew Whether a new directory may be created.
+   * @param readOnly Whether the <code>CertStore</code> is read-only.
+   */
+  public DirectoryCertStoreParametersImpl(
+    String id,
+    String rootDirectory,
+    boolean createNew,
+    boolean readOnly) {
+    
+    this.id = id;  
+    this.rootDirectory = rootDirectory;
+    this.createNew = createNew;
+    this.readOnly = readOnly;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+   */
+  public String getRootDirectory() {
+    return rootDirectory;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+   */
+  public boolean createNew() {
+    return createNew;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+   */
+  public String getId() {
+    return id;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+   */
+  public boolean isReadOnly() {
+    return readOnly;
+  }
+
+  /**
+   * @return <code>CertStoreTypes.DIRECTORY</code>
+   * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+   */
+  public String getType() {
+    return CertStoreTypes.DIRECTORY;
+  }
+
+@Override
+public Set getVirtualStores() {
+	// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+	return Collections.EMPTY_SET;
+}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java
new file mode 100644
index 0000000..c9904c5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.server.modules.crypto.HardwareCryptoModuleConfiguration;
+
+import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule;
+
+/**
+ * An implementation of the <code>HardwareCryptoModuleConfiguration</code>
+ * wrapping a <code>HardwareCryptoModule</code> from the MOA configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareCryptoModuleConfigurationImpl
+  implements HardwareCryptoModuleConfiguration {
+  
+  /** The wrapped <code>HardwareCryptoModule</code>. */  
+  private HardwareCryptoModule module;
+  
+  /**
+   * Create a new <code>HardwareCryptoModuleConfigurationImpl</code>.
+   * 
+   * @param module The <code>HardwareCryptoModule</code> from the underlying MOA
+   * configuration.
+   */  
+  public HardwareCryptoModuleConfigurationImpl(HardwareCryptoModule module) {
+    this.module = module;
+  }
+
+  /**
+   * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getModuleName()
+   */
+  public String getModuleName() {
+    return module.getName();
+  }
+
+  /**
+   * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getSlotID()
+   */
+  public String getSlotID() {
+    return module.getSlotID();
+  }
+
+  /**
+   * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getUserPIN()
+   */
+  public char[] getUserPIN() {
+    return module.getUserPIN().toCharArray();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java
new file mode 100644
index 0000000..05f5633
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.server.modules.keys.HardwareKeyModuleConfiguration;
+
+import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule;
+
+/**
+ * An implementation of the <code>HardwareKeyModuleConfiguration</code>
+ * interface wrapping a <code>HardwareKeyModule</code> from the MOA
+ * configuration.
+ * 
+ * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareKeyModuleConfigurationImpl
+  extends AbstractKeyModuleConfigurationImpl
+  implements HardwareKeyModuleConfiguration {
+
+  /** The wrapped <code>HardwareKeyModule</code>. */
+  private HardwareKeyModule keyModule;
+
+  /**
+   * Create a new <code>HardwareKeyModuleConfigurationImpl</code>.
+   * 
+   * @param keyModule The <code>HardwareKeyModule</code> from the underlying
+   * MOA configuration.
+   */
+  public HardwareKeyModuleConfigurationImpl(HardwareKeyModule keyModule) {
+    super(keyModule.getId());
+    this.keyModule = keyModule;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getModuleName()
+   */
+  public String getModuleName() {
+    return keyModule.getName();
+  }
+
+  /**
+   * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getSlotID()
+   */
+  public String getSlotID() {
+    return keyModule.getSlotID();
+  }
+
+  /**
+   * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getUserPIN()
+   */
+  public char[] getUserPIN() {
+    return keyModule.getUserPIN().toCharArray();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
new file mode 100644
index 0000000..87dd572
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.store.revocation.RevocationFactory;
+import iaik.pki.store.revocation.RevocationSourceStore;
+import iaik.pki.store.truststore.TrustStoreFactory;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.server.ConfigurationData;
+import iaik.server.Configurator;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroup;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.util.CertStoreConverter;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.SecProviderUtils;
+
+/**
+ * A class responsible for configuring the IAIK MOA modules.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikConfigurator {
+
+  /** The warnings encountered during configuration. */
+  private List warnings = new ArrayList();
+
+  /**
+   * Configure the IAIK MOA subsystem.
+   * 
+   * 
+   * @param moaConfig The underlying MOA configuration.
+   * @return Returns the config data of the underlying MOA subsystem
+   * @throws ConfigurationException An error occurred configuring the IAIK
+   * MOA subsystem.
+   */
+  public ConfigurationData configure(ConfigurationProvider moaConfig)
+    throws ConfigurationException {
+    ConfigurationData configData = new ConfigurationDataImpl(moaConfig);
+    
+    warnings = new ArrayList();
+
+    try {
+      TransactionId transId = new TransactionId("IaikConfigurator");
+      
+      //SecProviderUtils.dumpSecProviders("Starting configuration");
+      
+      try {
+    	  iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), 
+    			  transId);
+    	  //SecProviderUtils.dumpSecProviders("initCommon");
+    	  String certStoreRoot = moaConfig.getCertStoreLocation();
+    	  CertStoreConverter.convert(certStoreRoot, transId);
+      } finally {
+    	  //Security.removeProvider(ECCelerate.getInstance().getName());
+      }
+      
+      Configurator.init(configData, transId);
+      
+      SecProviderUtils.dumpSecProviders("Fully configured!");
+      
+      // Set customized CRL retriever to overcome a classloader problem when MOA is deployed in Tomcat
+      RevocationSourceStore rss = RevocationFactory.getInstance(transId).getRevocationSourceStore();
+      //rss.setRetriever(new CRLRetriever(), RevocationSourceTypes.CRL);
+      if ((moaConfig.getSoftwareKeyModules().size() > 0) || (moaConfig.getHardwareKeyModules().size() > 0)) {
+        dumpKeyEntryIDs();
+      }
+      checkKeyGroupConfig(moaConfig);
+      TrustStoreFactory.reset();
+      
+      return configData;
+    } catch (iaik.server.ConfigurationException e) {
+      throw new ConfigurationException("config.08", null, e);
+    } catch (Throwable t) {
+      throw new ConfigurationException("config.08", null, t);
+    }
+  }
+
+  /**
+   * Return the warnings encountered during configuration.
+   * 
+   * @return The warnings.
+   */  
+  public List getWarnings() {
+    return warnings;
+  }
+
+  /**
+   * Dump all <code>KeyEntryID</code>s contained in the configured
+   * <code>KeyModule</code>s to the log file.
+   */
+  private void dumpKeyEntryIDs() {
+    MessageProvider msg = MessageProvider.getInstance();
+    KeyModule module = KeyModuleFactory.getInstance(new TransactionId("dump"));
+    Set keyEntryIds = module.getPrivateKeyEntryIDs();
+    Iterator iter;
+
+    for (iter = keyEntryIds.iterator(); iter.hasNext();) {
+      KeyEntryID keyEntryId = (KeyEntryID) iter.next();
+      Logger.info(
+        new LogMsg(msg.getMessage("config.19", new Object[] { keyEntryId })));
+    }
+  }
+
+  /**
+   * Check that each key group entry in each key group can be resolved to a 
+   * KeyEntryID.
+   * 
+   * Logs a warning for each key group entry that cannot be resolved.
+   * 
+   * @param moaConfig The MOA configuration to check.
+   */
+  private void checkKeyGroupConfig(ConfigurationProvider moaConfig) {
+    Map keyGroups = moaConfig.getKeyGroups();
+    Iterator iter;
+
+    for (iter = keyGroups.values().iterator(); iter.hasNext();) {
+      KeyGroup keyGroup = (KeyGroup) iter.next();
+      Set keyGroupEntries = keyGroup.getKeyGroupEntries();
+      Iterator kgIter;
+
+      for (kgIter = keyGroupEntries.iterator(); kgIter.hasNext();) {
+        KeyGroupEntry entry = (KeyGroupEntry) kgIter.next();
+
+        if (!findKeyEntryID(entry)) {
+          warn(
+            "config.31",
+            new Object[] {
+              keyGroup.getId(),
+              entry.getModuleID(),
+              entry.getIssuerDN(),
+              entry.getSerialNumber()});
+        }
+      }
+    }
+  }
+
+  /**
+   * Find out that a certain KeyGroupEntry could be resolved to a KeyEntryID
+   * by the Configurator.
+   *
+   * @param keyGroupEntry The key group entry to find.
+   * @return <code>true</code>, if the <code>keyGroupEntry</code> could be
+   * resolved to a <code>KeyEntryID</code>; otherwise <code>false</code>.
+   */
+  private boolean findKeyEntryID(KeyGroupEntry keyGroupEntry) {
+    KeyModule module = KeyModuleFactory.getInstance(new TransactionId("check"));
+    Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+    Iterator iter;
+
+    for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+      KeyEntryID entry = (KeyEntryID) iter.next();
+
+      if (entry.getCertificateIssuer().equals(keyGroupEntry.getIssuerDN())
+        && entry.getCertificateSerialNumber().equals(
+          keyGroupEntry.getSerialNumber())
+        && entry.getModuleID().equals(keyGroupEntry.getModuleID())) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void warn(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt));
+    warnings.add(txt);
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java
new file mode 100644
index 0000000..3fb842f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.Properties;
+
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LoggerConfig;
+
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+/**
+ * Default implementation of the <code>LoggerConfig</code> interface.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class LoggerConfigImpl implements LoggerConfig {
+  
+  /** The implementation of iaik.logging.LogFactory. */
+  private static final String DEFAULT_IMPLEMENTATION = 
+    "at.gv.egovernment.moa.spss.server.logging.IaikLogFactory";
+
+  public String getFactory() {
+    return DEFAULT_IMPLEMENTATION;
+  }
+
+  public Properties getProperties() throws LogConfigurationException {
+    return new Properties();
+  }
+
+  public String getNodeId() {
+    return LoggingContextManager.getInstance().getLoggingContext().getNodeID();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java
new file mode 100644
index 0000000..5e29b5c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.pathvalidation.ValidationConfiguration;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>PKIConfiguration</code> interface using data
+ * from the MOA configuration.
+ * 
+ * @see iaik.pki.PKIConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class PKIConfigurationImpl implements PKIConfiguration {
+	/** The <code>CertStore</code> configuration. */
+	private CertStoreConfiguration certStoreConfiguration;
+	/** The revocation checking configuration. */
+	private RevocationConfiguration revocationConfiguration;
+	/** The revocation archive configuration. */
+	private ArchiveConfiguration archiveConfiguration;
+	/** The certificate validation configuration. */
+	private ValidationConfiguration validationConfiguration;
+
+	/**
+	 * Create a new <code>PKIConfigurationImpl</code>.
+	 * 
+	 * @param config
+	 *            The underlying MOA configuration which will be used to build
+	 *            the configuration data contained in this object.
+	 */
+	public PKIConfigurationImpl(ConfigurationProvider config) {
+
+		this.certStoreConfiguration = new CertStoreConfigurationImpl(config);
+		this.revocationConfiguration = new RevocationConfigurationImpl(config);
+
+		boolean archiveInfo = config.getEnableRevocationArchiving();
+		if (archiveInfo) {
+			this.archiveConfiguration = new ArchiveConfigurationImpl(config);
+		} else {
+			this.archiveConfiguration = null;
+		}
+
+		this.validationConfiguration = new ValidationConfigurationImpl(config);
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
+	 */
+	public CertStoreConfiguration getCertStoreConfiguration() {
+		return certStoreConfiguration;
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
+	 */
+	public RevocationConfiguration getRevocationConfiguration() {
+		return revocationConfiguration;
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
+	 */
+	public ArchiveConfiguration getArchiveConfiguration() {
+		return archiveConfiguration;
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
+	 */
+	public ValidationConfiguration getValidationConfiguration() {
+		return validationConfiguration;
+	}
+
+	@Override
+	public int getConnectTimeout() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return 0;
+	}
+
+	@Override
+	public int getReadTimeout() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return 0;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java
new file mode 100644
index 0000000..b03c4a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
+
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>RevocationConfiguration</code> interface using
+ * MOA configuration data.
+ * 
+ * @see iaik.pki.revocation.RevocationConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RevocationConfigurationImpl extends AbstractObservableConfiguration implements RevocationConfiguration {
+
+	/**
+	 * The <code>ConfigurationProvider</code> to read the configuration data
+	 * from.
+	 */
+	private ConfigurationProvider config;
+
+	/**
+	 * Create a new <code>RevocationConfigurationImpl</code>.
+	 * 
+	 * @param config
+	 *            The underlying MOA configuration containing the configuration
+	 *            data.
+	 */
+	public RevocationConfigurationImpl(ConfigurationProvider config) {
+		this.config = config;
+	}
+
+	/**
+	 * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints
+	 */
+	public Set getAlternativeDistributionPoints(X509Certificate cert, X509Certificate issuer, Date date) {
+		return config.getDistributionPoints(cert);
+	}
+
+	/**
+	 * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String,
+	 *      java.lang.String)
+	 */
+	public boolean archiveRevocationInfo(String type, String uri) {
+		return config.getEnableRevocationArchiving();
+	}
+
+	/**
+	 * @see iaik.pki.revocation.RevocationConfiguration#getCrlRetentionInterval(java.lang.String)
+	 */
+	public Integer getCrlRetentionInterval(String issuername) {
+		Map map = config.getCrlRetentionIntervals();
+		Integer interval = (Integer) map.get(issuername);
+
+		return interval;
+	}
+
+	@Override
+	public DBCrlConfig getDataBaseCRLConfig() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return null;
+	}
+
+	@Override
+	public boolean getKeepRevocationInfo() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return false;
+	}
+
+	@Override
+	public Set getPositiveOCSPResponders() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return null;
+	}
+
+	@Override
+	public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return false;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java
new file mode 100644
index 0000000..937f32f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import iaik.server.modules.keys.ConfigurationException;
+import iaik.server.modules.keys.SoftwareKeyModuleConfiguration;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+
+import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * An implementation of the <code>SoftwareKeyModuleConfiguration</code> wrapping
+ * a <code>SoftwareKeyModule</code> from the MOA configuration.
+ * 
+ * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SoftwareKeyModuleConfigurationImpl
+  extends AbstractKeyModuleConfigurationImpl
+  implements SoftwareKeyModuleConfiguration {
+
+  /** The wrapped <code>SoftwareKeyModule</code>. */
+  private SoftwareKeyModule keyModule;
+
+  /**
+   * Create a new <code>SoftwareKeyModuleConfigurationImpl</code>.
+   * 
+   * @param keyModule The <code>SoftwareKeyModule</code> from the underlying MOA
+   * configuration.
+   */
+  public SoftwareKeyModuleConfigurationImpl(SoftwareKeyModule keyModule) {
+    super(keyModule.getId());
+    this.keyModule = keyModule;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreTypeName()
+   */
+  public String getKeyStoreTypeName() {
+    return KEY_STORE_TYPE_NAME_PKCS12;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreAsStream()
+   */
+  public InputStream getKeyStoreAsStream() {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    try {
+      String message = 
+        msg.getMessage("config.18", new Object[] { keyModule.getFileName()});
+      Logger.info(new LogMsg(message));
+      return new FileInputStream(keyModule.getFileName());
+    } catch (FileNotFoundException e) {
+      String message =
+        msg.getMessage("config.09", new Object[] { keyModule.getFileName()});
+
+      throw new ConfigurationException(message, e, null);
+    }
+  }
+
+  /**
+   * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreAuthenticationData()
+   */
+  public char[] getKeyStoreAuthenticationData() {
+    return keyModule.getPassWord().toCharArray();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java
new file mode 100644
index 0000000..9e26fb8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+import iaik.pki.pathvalidation.ValidationConfiguration;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>ValidationConfiguration</code> interface using
+ * MOA configuration data.
+ * 
+ * @see iaik.pki.pathvalidation.ValidationConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ValidationConfigurationImpl
+  extends AbstractObservableConfiguration
+  implements ValidationConfiguration {
+
+  /** The <code>ConfigurationProvider</code> to read the configuration data
+   * from. */
+  private ConfigurationProvider config;
+
+  /**
+   * Create a new <code>ValidationConfigurationImpl</code>.
+   * 
+   * @param config The underlying MOA configuration data.
+   */
+  public ValidationConfigurationImpl(ConfigurationProvider config) {
+    this.config = config;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
+   */
+  public String getChainingMode(X509Certificate cert) {
+    return config.getChainingMode(cert);
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
+   */
+  public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate cert) {
+    return null;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
+   */
+  public X509Certificate getPublicKeyParamsAsCert(X509Certificate cert) {
+    return null;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
new file mode 100644
index 0000000..491986b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.pki;
+
+import iaik.pki.PKIProfile;
+import iaik.pki.pathvalidation.ValidationProfile;
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+
+/**
+ * Implementation of the <code>PKIProfile</code> interface containing
+ * information needed for certificate path validation. It uses configuration
+ * data from the MOA configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class PKIProfileImpl implements PKIProfile {
+
+	/** Profile information for revocation checking. */
+	private RevocationProfile revocationProfile;
+	/** Profile information about the trust profile to use. */
+	private TrustStoreProfile trustStoreProfile;
+	/** Profile information about the certificate validation. */
+	private ValidationProfile validationProfile;
+	/**
+	 * The <code>ConfigurationProvider</code> to read the MOA configuration data
+	 * from.
+	 */
+	private ConfigurationProvider config;
+
+	/**
+	 * Create a new <code>PKIProfileImpl</code>.
+	 * 
+	 * @param config
+	 *            The MOA configuration providing configuration data about
+	 *            certificate path validation.
+	 * @param trustProfileID
+	 *            The trust profile ID denoting the location of the trust store.
+	 * @throws MOAApplicationException
+	 *             An error occurred building the profile.
+	 */
+	public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException {
+
+		this.config = config;
+		setRevocationProfile(new RevocationProfileImpl(config));
+		setTrustStoreProfile(new TrustStoreProfileImpl(config, trustProfileID));
+		setValidationProfile(new ValidationProfileImpl(config));
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#autoAddCertificates()
+	 */
+	/*public boolean autoAddCertificates() {
+		return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates();
+	}*/
+
+	/**
+	 * @see iaik.pki.PKIProfile#getRevocationProfile()
+	 */
+	public RevocationProfile getRevocationProfile() {
+		return revocationProfile;
+	}
+
+	/**
+	 * Sets the <code>RevocationProfile</code>.
+	 * 
+	 * @param revocationProfile
+	 *            The <code>RevocationProfile</code> used for revocation
+	 *            checking.
+	 */
+	protected void setRevocationProfile(RevocationProfile revocationProfile) {
+		this.revocationProfile = revocationProfile;
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#getTrustStoreProfile()
+	 */
+	public TrustStoreProfile getTrustStoreProfile() {
+		return trustStoreProfile;
+	}
+
+	/**
+	 * Sets the <code>TrustStoreProfile</code>.
+	 * 
+	 * @param trustStoreProfile
+	 *            The <code>TrustStoreProfile</code>.
+	 */
+	protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) {
+		this.trustStoreProfile = trustStoreProfile;
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#getValidationProfile()
+	 */
+	public ValidationProfile getValidationProfile() {
+		return validationProfile;
+	}
+
+	/**
+	 * Sets the <code>ValidationProfile</code>.
+	 * 
+	 * @param validationProfile
+	 *            The <code>ValidationProfile</code> to set.
+	 */
+	protected void setValidationProfile(ValidationProfile validationProfile) {
+		this.validationProfile = validationProfile;
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
+	 */
+	public boolean useAuthorityInfoAccess() {
+		return config.getUseAuthorityInfoAccess();
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#autoAddCertificates()
+	 */
+	@Override
+	public int autoAddCertificates() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return 0;
+	}
+
+	@Override
+	public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return null;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java
new file mode 100644
index 0000000..7e62d60
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation;
+
+import iaik.pki.pathvalidation.ValidationProfile;
+
+import java.util.Collections;
+import java.util.Set;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>ValidationProfile</code> interface providing
+ * information about certificat path validation. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ValidationProfileImpl implements ValidationProfile {
+
+  /** The <code>ConfigurationProvider</code> to read the configuration data
+   * from. */
+  private ConfigurationProvider config;
+  private boolean initialAnyPolicyInhibit;
+  private boolean initialExplicitPolicy;
+  private boolean initialPolicyMappingInhibit;
+  private Set initialPolicySet;
+  private boolean nameConstraintsProcessing;
+  private boolean policyProcessing;
+
+  /**
+   * Create a new <code>ValidationProfileImpl</code> object.
+   * 
+   * This objects's fields are preset to the following values:
+   * 
+   * <ul>
+   * <li><code>initialAnyPolicyInhibit = true</code></li>
+   * <li><code>initialExplicitPoliy = true</code></li>
+   * <li><code>initialPolicyMappingInhibit = true</code></li>
+   * <li><code>initialPolicySet = empty</code></li>
+   * <li><code>policyProcessing = false</code></li>
+   * <li><code>nameConstraintsProcessing = false</code></li>
+   * <li><code>revocationChecking = false</code></li>
+   * </ul>
+   * 
+   * @param config MOA configuration data for additional configuration
+   * information (currently unused). 
+   */
+  public ValidationProfileImpl(ConfigurationProvider config) {
+    this.config = config;
+    initialAnyPolicyInhibit = true;
+    initialExplicitPolicy = true;
+    initialPolicyMappingInhibit = true;
+    initialPolicySet = Collections.EMPTY_SET;
+    policyProcessing = false;
+    nameConstraintsProcessing = false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
+   */
+  public boolean getInitialAnyPolicyInhibit() {
+    return initialAnyPolicyInhibit;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
+   */
+  public boolean getInitialExplicitPolicy() {
+    return initialExplicitPolicy;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
+   */
+  public boolean getInitialPolicyMappingInhibit() {
+    return initialPolicyMappingInhibit;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
+   */
+  public Set getInitialPolicySet() {
+    return initialPolicySet;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
+   */
+  public boolean getPolicyProcessing() {
+    return policyProcessing;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
+   */
+  public boolean getNameConstraintsProcessing() {
+    return nameConstraintsProcessing;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
+   */
+  public boolean getRevocationChecking() 
+  {
+    return config.getEnableRevocationChecking();
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java
new file mode 100644
index 0000000..14627b2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.pki.revocation;
+
+import java.security.cert.X509Certificate;
+
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.revocation.RevocationSourceTypes;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>RevocationProfile</code> interface providing
+ * information about revocation status checking, based on MOA configuration
+ * data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RevocationProfileImpl implements RevocationProfile {
+  /** The default service order. */
+  private static final String[] DEFAULT_SERVICE_ORDER =
+    { RevocationSourceTypes.CRL, RevocationSourceTypes.OCSP };
+  /** The <code>ConfigurationProvider</code> to read the MOA configuration data
+   * from. */
+  private ConfigurationProvider config;
+  /** The OCSP request hash algorithm. Currently only "SHA" is supported. */
+  private static final String oCSPRequestHashAlgorithm = "SHA";
+
+  /**
+   * Create a new <code>RevocationProfileImpl</code>.
+   * 
+   * @param config The MOA configuration data.
+   */
+  public RevocationProfileImpl(ConfigurationProvider config) {
+    this.config = config;
+    // currently only "SHA" is supported
+//    this.oCSPRequestHashAlgorithm = "";
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(String)
+   */
+  public long getMaxRevocationAge(String distributionPointUri) 
+  {
+    return config.getMaxRevocationAge();
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
+   */
+  public String getOCSPRequestHashAlgorithm() {
+    return oCSPRequestHashAlgorithm;
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
+   */
+  public String[] getPreferredServiceOrder(X509Certificate cert) 
+  {
+    String[] serviceOrder = config.getServiceOrder();
+    if (serviceOrder == null || serviceOrder.length == 0) return DEFAULT_SERVICE_ORDER; 
+    return serviceOrder;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
new file mode 100644
index 0000000..50f237a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+import iaik.pki.store.observer.NotificationData;
+import iaik.pki.store.observer.Observer;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+
+/**
+ * An implementation of the <code>TrustStoreProfile</code> interface, using data
+ * from the MOA configuration.
+ * 
+ * @see iaik.pki.store.truststore.TrustStoreProfile 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TrustStoreProfileImpl implements TrustStoreProfile {
+
+  /** The observers of this profile. */
+  private List observers = new ArrayList();
+  
+  /**
+   * The trust profile identifier. 
+   */
+  private String id_;
+  
+  /** The type of the trust profile. */
+  private String type;
+  /** The URI of the trust profile.*/
+  private String URI;
+
+  /**
+   * Create a new <code>TrustStoreProfileImpl</code>.
+   * 
+   * @param config The MOA configuration data, from which trust store
+   * configuration data is read.
+   * @param trustProfileId The trust profile id on which this
+   * <code>TrustStoreProfile</code> is based.
+   * @throws MOAApplicationException The <code>trustProfileId</code> could not
+   * be found in the MOA configuration.
+   */
+  public TrustStoreProfileImpl(
+    ConfigurationProvider config,
+    String trustProfileId)
+    throws MOAApplicationException {
+
+    TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId);
+    if (tp != null) 
+    {
+      id_ = trustProfileId;
+      setURI(tp.getUri());
+      setType(TrustStoreTypes.DIRECTORY);
+    } 
+    else 
+    {
+      throw new MOAApplicationException("2203", new Object[] { trustProfileId });
+    }
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
+   */
+  public String getType() {
+    return type;
+  }
+
+  /**
+   * Sets the the trust store type.
+   * 
+   * @param type The trust store type to set. 
+   */
+  protected void setType(String type) {
+    this.type = type;
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
+   */
+  public String getURI() {
+    return URI;
+  }
+
+  /**
+   * Sets the trust store URI.
+   * 
+   * @param URI The trust store URI to set.
+   */
+  protected void setURI(String URI) {
+    this.URI = URI;
+  }
+
+  //
+  // Methods of iaik.pki.store.observer.Observable interface
+  //
+
+  /**
+   * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
+   */
+  public void addObserver(Observer observer) {
+    observers.add(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
+   */
+  public boolean removeObserver(Observer observer) {
+    return observers.remove(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
+   */
+  public void notify(NotificationData notificationData) {
+    for (Iterator iter = observers.iterator(); iter.hasNext();) {
+      Observer observer = (Observer) iter.next();
+      observer.notify(notificationData);
+    }
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
+   */
+  public String getId()
+  {
+    return id_;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java
new file mode 100644
index 0000000..cc12861
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.Base64Transformation;
+
+/**
+ * An implementation of the <code>Base64Transformation</code>
+ * <code>Transformation</code> type.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class Base64TransformationImpl
+  extends TransformationImpl
+  implements Base64Transformation {
+  
+  /**
+   * Create a new <code>Base64TransformationImpl</code>.
+   * 
+   * @see java.lang.Object#Object()
+   */  
+  public Base64TransformationImpl() {
+    setAlgorithmURI(Base64Transformation.BASE64_DECODING);
+  }
+
+  /**
+   * Compare this <code>Base64Transformation</code> to another.
+   * 
+   * @param other The object to compare this<code>Base64Transformation</code> 
+   * to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>Base64Transformation</code> and the algorithm URIs match, otherwise
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */  
+  public boolean equals(Object other) {
+    if (other instanceof Base64Transformation) {
+      Base64Transformation transform = (Base64Transformation) other;
+      return getAlgorithmURI().equals(transform.getAlgorithmURI());
+    }
+    return false;
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java
new file mode 100644
index 0000000..4d627d7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import iaik.server.modules.xml.BinaryDataObject;
+
+/**
+ * A <code>BinaryDataObject</code> encapsulating Base64 data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ByteArrayDataObjectImpl
+  extends DataObjectImpl
+  implements BinaryDataObject {
+
+  /** The binary data contained in this <code>BinaryDataObject</code>. */
+  private byte[] bytes;
+
+  /**
+   * Create a new <code>ByteArrayDataObjectImpl</code>.
+   * 
+   * @param bytes The binary data contained in this 
+   * <code>BinaryDataObject</code>.
+   */
+  public ByteArrayDataObjectImpl(byte[] bytes) {
+    setBytes(bytes);
+  }
+
+  /**
+   * Set the Base64 data.
+   * 
+   * @param bytes The binary data contained in this 
+   * <code>BinaryDataObject</code>.
+   */
+  public void setBytes(byte[] bytes) {
+    this.bytes = bytes;
+  }
+
+  /**
+   * Return the binary data encoded in the Base64 <code>String</code> as a
+   * stream.
+   * 
+   * @return The binary data contained in this object, as a
+   * <code>InputStream</code>. Repeated calls to this function will return a
+   * new stream to the Base64 data.
+   * @see iaik.server.modules.xml.BinaryDataObject#getInputStream()
+   */
+  public InputStream getInputStream() {
+    return new ByteArrayInputStream(bytes);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java
new file mode 100644
index 0000000..b982c8e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.io.InputStream;
+
+import iaik.server.modules.xml.BinaryDataObject;
+
+/**
+ * A <code>BinaryDataObject</code> encapsulating binary data from a stream. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ByteStreamDataObjectImpl
+  extends DataObjectImpl
+  implements BinaryDataObject {
+
+  /** The <code>InputStream</code> containing the binary data. */
+  private InputStream inputStream;
+
+  /**
+   * Create a new <code>ByteStreamDataObjectImpl</code>.
+   * 
+   * @param inputStream The stream from which to read the binary data.
+   */
+  public ByteStreamDataObjectImpl(InputStream inputStream) {
+    setInputStream(inputStream);
+  }
+
+  /**
+   * Set the input stream from which to read the binary data.
+   * 
+   * @param inputStream The input stream from which to read the binary data.
+   */
+  public void setInputStream(InputStream inputStream) {
+    this.inputStream = inputStream;
+  }
+
+  /**
+   * Return the binary data from this object as a stream.
+   * 
+   * @return The stream containing the binary data. Calling this function
+   * repeatedly will always return the same <code>InputStream</code>.
+   * @see iaik.server.modules.xml.BinaryDataObject#getInputStream()
+   */
+  public InputStream getInputStream() {
+    return inputStream;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java
new file mode 100644
index 0000000..0c3a8da
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.Canonicalization;
+
+/**
+ * An implementation of the <code>CanonicalizationTransform</code>
+ * <code>Transformation</code> type.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CanonicalizationImpl
+  extends TransformationImpl
+  implements Canonicalization {
+   
+  /**
+   * Create a new <code>CanonicalizationTransformImpl</code> object.
+   * 
+   * @param algorithmURI The canonicalization algorithm URI.
+   */ 
+  public CanonicalizationImpl(String algorithmURI) {
+    setAlgorithmURI(algorithmURI);
+  }
+    
+  /**
+   * Compare this object to another <code>Canonicalization</code>.
+   * 
+   * @param other The object to compare this 
+   * <code>Canonicalization</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>Canonicalization</code> and the algorithm URIs match, otherwise
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof Canonicalization) {
+      Canonicalization c14n = (Canonicalization) other;
+      return getAlgorithmURI().equals(c14n.getAlgorithmURI());
+    }
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java
new file mode 100644
index 0000000..702caaf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.DataObject;
+
+/**
+ * Abstract base implementation for the classes derived from
+ * <code>DataObject</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class DataObjectImpl implements DataObject {
+  
+  /** The MIME type of the data object. */
+  private String mimeType;
+  /** The refernce ID. */
+  private String referenceID;
+  /** The URI of the type. */
+  private String typeURI;
+  /** The URI identifying the data. */
+  private String URI;
+  
+  /**
+   * @see iaik.server.modules.xml.DataObject#getMimeType()
+   */
+  public String getMimeType() {
+    return mimeType;
+  }
+
+  /**
+   * Set the mime type.
+   * 
+   * @param mimeType The mime type to set.
+   */
+  public void setMimeType(String mimeType) {
+    this.mimeType = mimeType;
+  }
+  
+  /**
+   * @see iaik.server.modules.xml.DataObject#getReferenceID()
+   */
+  public String getReferenceID() {
+    return referenceID;
+  }
+  
+  /**
+   * Set the reference ID.
+   * 
+   * @param referenceID The reference ID.
+   */
+  public void setReferenceID(String referenceID) {
+    this.referenceID = referenceID;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.DataObject#getTypeURI()
+   */
+  public String getTypeURI() {
+    return typeURI;
+  }
+
+  /**
+   * Set the type URI.
+   * 
+   * @param typeURI The type URI.
+   */
+  public void setTypeURI(String typeURI) {
+    this.typeURI = typeURI;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.DataObject#getURI()
+   */
+  public String getURI() {
+    return URI;
+  }
+  
+  /**
+   * Set the URI.
+   * 
+   * @param URI The URI.
+   */
+  public void setURI(String URI) {
+    this.URI = URI;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java
new file mode 100644
index 0000000..d582594
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.EnvelopedSignatureTransformation;
+
+/**
+ * An implementation of the <code>EnvelopedSignatureTransformation</code>
+ * <code>Transformation</code> type.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class EnvelopedSignatureTransformationImpl
+  extends TransformationImpl
+  implements EnvelopedSignatureTransformation {
+
+  /**
+   * Create a new <code>EnvelopedSignatureTransformationImpl</code>.
+   */
+  public EnvelopedSignatureTransformationImpl() {
+    setAlgorithmURI(EnvelopedSignatureTransformation.ENVELOPED_SIGNATURE);
+  }
+
+  /**
+   * Compare this object to another <code>EnvelopedSignatureTransformation</code>.
+   * 
+   * @param other The object to compare this 
+   * <code>EnvelopedSignatureTransformation</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>EnvelopedSignatureTransformation</code>, otherwise 
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof EnvelopedSignatureTransformation) {
+      EnvelopedSignatureTransformation transform =
+        (EnvelopedSignatureTransformation) other;
+      return getAlgorithmURI().equals(transform.getAlgorithmURI());
+    }
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java
new file mode 100644
index 0000000..dfadf0c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.List;
+
+import iaik.server.modules.xml.ExclusiveCanonicalization;
+
+/**
+ * An implementation of the <code>ExclusiveCanonicalization</code> type
+ * of <code>Transformation</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ExclusiveCanonicalizationImpl
+  extends TransformationImpl
+  implements ExclusiveCanonicalization {
+
+  /** The prefixes of the namespaces to treat according to canonical XML. */
+  private List inclusiveNamespacePrefixes;
+
+  /**
+   * Create a new <code>ExclusiveCanonicalizationImpl</code> object.
+   * 
+   * @param algorithmURI The exclusive canonicalization algorithm URI.
+   * @param inclusiveNamespacePrefixes The namespace prefixes to be processed
+   * according to canonical XML.
+   */
+  public ExclusiveCanonicalizationImpl(
+    String algorithmURI,
+    List inclusiveNamespacePrefixes) {
+    setAlgorithmURI(algorithmURI);
+    setInclusiveNamespacePrefixes(inclusiveNamespacePrefixes);
+  }
+
+  /**
+   * Sets the namespace prefixes to be processed according to canonical XML.
+   * 
+   * @param inclusiveNamespacePrefixes The prefixes of the namespaces to treat
+   * according to canonical XML.
+   */
+  protected void setInclusiveNamespacePrefixes(List inclusiveNamespacePrefixes) {
+    this.inclusiveNamespacePrefixes = inclusiveNamespacePrefixes;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.ExclusiveCanonicalization#getInclusiveNamespacePrefixes()
+   */
+  public List getInclusiveNamespacePrefixes() {
+    return inclusiveNamespacePrefixes;
+  }
+
+  /**
+   * Compare this object to another <code>CanonicalizationTransform</code>.
+   * 
+   * @param other The object to compare this 
+   * <code>ExclusiveCanonicalization</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>ExclusiveCanonicalization</code> and the algorithm URIs match, 
+   * otherwise <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof ExclusiveCanonicalization) {
+      ExclusiveCanonicalization eC14n =
+        (ExclusiveCanonicalization) other;
+      boolean algURIEquals = getAlgorithmURI().equals(eC14n.getAlgorithmURI());
+      boolean inclNSPrefs = 
+        (getInclusiveNamespacePrefixes() == null || getInclusiveNamespacePrefixes().isEmpty())
+        ? eC14n.getInclusiveNamespacePrefixes() == null || eC14n.getInclusiveNamespacePrefixes().isEmpty()
+        : getInclusiveNamespacePrefixes().equals(eC14n.getInclusiveNamespacePrefixes());
+      return algURIEquals && inclNSPrefs;
+    }
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java
new file mode 100644
index 0000000..9026d33
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.Date;
+
+import iaik.server.modules.xml.SigningTime;
+
+/**
+ * An implementation of the <code>SigningTime</code> <code>Property</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SigningTimeImpl implements SigningTime {
+  
+  /** The signing time. */
+  private Date signingTime;
+  
+  /**
+   * Create a new <code>SigningTimeImpl</code>.
+   * 
+   * @param signingTime The signing time.
+   */
+  public SigningTimeImpl(Date signingTime) {
+    this.signingTime = signingTime;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.SigningTime#getSigningTime()
+   */
+  public Date getSigningTime() {
+    return signingTime;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java
new file mode 100644
index 0000000..1595446
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.Transformation;
+
+/**
+ * Base implementation class for <code>Transformation</code> derived classes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class TransformationImpl implements Transformation {
+
+  /** The algorithm URI identifying the transformation algorithm. */
+  private String algorithmURI;
+  
+  /**
+   * @see iaik.server.modules.xml.Transformation#getAlgorithmURI()
+   */
+  public String getAlgorithmURI() {
+    return algorithmURI;
+  }
+
+  /**
+   * Sets the algorithm URI.
+   * 
+   * @param algorithmURI The algorithm URI to set.
+   */
+  protected void setAlgorithmURI(String algorithmURI) {
+    this.algorithmURI = algorithmURI;
+  }
+  
+  /**
+   * Returns the hash code of the algorithm URI. Should be overridden if a
+   * transformation distinguishes itself from others by more than just the
+   * algorithm URI.
+   * 
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getAlgorithmURI().hashCode();
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java
new file mode 100644
index 0000000..e8444b9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import org.w3c.dom.Element;
+
+import iaik.server.modules.xml.XMLDataObject;
+
+/**
+ * A <code>DataObject</code> containing a single DOM element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLDataObjectImpl
+  extends DataObjectImpl
+  implements XMLDataObject {
+  
+  /** The XML data contained in this <code>XMLDataObject</code>. */  
+  private Element element;
+  
+  /**
+   * Create a new <code>XMLDataObjectImpl</code>.
+   * 
+   * @param element The DOM element contained in this
+   * <code>XMLDataObject</code>.
+   */
+  public XMLDataObjectImpl(Element element) {
+    setElement(element);
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XMLDataObject#getElement()
+   */
+  public Element getElement() {
+    return element;
+  }
+
+  /**
+   * Set the DOM element contained in this <code>XMLDataObject</code>.
+   * 
+   * @param element The DOM element to set.
+   */
+  public void setElement(Element element) {
+    this.element = element;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java
new file mode 100644
index 0000000..2fb9df9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import org.w3c.dom.NodeList;
+
+import iaik.server.modules.xml.XMLNodeListDataObject;
+
+/**
+ * A <code>DataObject</code> containing a list of DOM nodes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLNodeListDataObjectImpl
+  extends DataObjectImpl
+  implements XMLNodeListDataObject {
+
+  /** The nodes contained in this <code>XMLNodeListDataObject</code>. */
+  private NodeList nodeList;
+
+  /**
+   * Create a new <code>XMLNodeListDataObjectImpl</code>.
+   * 
+   * @param nodeList The list of DOM nodes contained in this
+   * <code>XMLNodeListDataObject</code>.
+   */
+  public XMLNodeListDataObjectImpl(NodeList nodeList) {
+    setNodeList(nodeList);
+  }
+
+  /**
+   * Set the list of DOM nodes contained in this
+   * <code>XMLNodeListDataObject</code>.
+   * 
+   * @param nodeList The list of DOM nodes to set.
+   */
+  public void setNodeList(NodeList nodeList) {
+    this.nodeList = nodeList;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XMLNodeListDataObject#getNodeList()
+   */
+  public NodeList getNodeList() {
+    return nodeList;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java
new file mode 100644
index 0000000..0774726
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import org.w3c.dom.Element;
+
+import iaik.server.modules.xml.XMLSignature;
+
+/**
+ * An object containing an XMLDsig signature in the form of a 
+ * <code>dsig:Signature</code> DOM element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureImpl implements XMLSignature {
+  /** The signature DOM element. */
+  private Element element;
+  
+  /**
+   * Create a new <code>XMLSignatureImpl</code>.
+   * 
+   * @param element The <code>dsig:Signature</code> DOM element.
+   */
+  public XMLSignatureImpl(Element element) {
+    setElement(element);
+  }
+  
+  /**
+   * Set the <code>dsig:Signature</code> DOM element.
+   * 
+   * @param element The <code>dsig:Signature</code> element to set.
+   */
+  public void setElement(Element element) {
+    this.element = element;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XMLSignature#getElement()
+   */
+  public Element getElement() {
+    return element;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java
new file mode 100644
index 0000000..d309302
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.Map;
+
+import iaik.server.modules.xml.XPath2Transformation;
+import iaik.server.modules.xml.XPath2Transformation.XPath2Filter;
+
+/**
+ * An object encapsulating an XPath-Filter2 expression.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPath2FilterImpl implements XPath2Filter {
+
+  /** The type of this filter. */
+  private String filterType;
+  /** The XPath expression of this filter. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to use for evaluating the XPath. */
+  private Map namespaceDeclarations;
+
+  /**
+   * Create a new <code>XPath2FilterImpl</code> object.
+   * 
+   * @param filterType The type of filter. Must be one of the filter type
+   * constants declared in <code>iaik.server.modules.xml.XPath2Transformation.XPath2Filter</code>
+   * @param xPathExpression The XPath expression belonging to this filter.
+   * @param namespaceDeclarations The namespace declarations visible for this
+   * XPath2Filter.
+   */
+  public XPath2FilterImpl(
+    String filterType,
+    String xPathExpression,
+    Map namespaceDeclarations) {
+
+    setFilterType(filterType);
+    setXPathExpression(xPathExpression);
+    setNamespaceDeclarations(namespaceDeclarations);
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getFilterType()
+   */
+  public String getFilterType() {
+    return filterType;
+  }
+
+  /**
+   * Set the filter type.
+   * 
+   * @param filterType The filter type to set.
+   */
+  protected void setFilterType(String filterType) {
+    this.filterType = filterType;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getXPathExpression()
+   */
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * Set the XPath expression.
+   * 
+   * @param xPathExpression The XPath expression to set.
+   */
+  protected void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getNamespaceDeclarations()
+   */
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+  /**
+   * Set the namespace declarations.
+   * 
+   * @param namespaceDeclarations The mapping between namespace prefixes and
+   * their associated URI.
+   */
+  protected void setNamespaceDeclarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  /**
+   * Compare this object to another.
+   * 
+   * @param other The object to compare this <code>XPath2Filter</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>XPath2Filter</code> and the filter types match and the XPath
+   * expressions match. Otherwise <code>false</code> is returned.
+   * @see java.lang.Object#equals(java.lang.Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof XPath2Transformation.XPath2Filter) {
+      XPath2Filter filter = (XPath2Transformation.XPath2Filter) other;
+      return getFilterType().equals(filter.getFilterType())
+        && getXPathExpression().equals(filter.getXPathExpression());
+    }
+    return false;
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getXPathExpression().hashCode() * 31 + getFilterType().hashCode();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java
new file mode 100644
index 0000000..f483b18
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.server.modules.xml.XPath2Transformation;
+
+/**
+ * An object encapsulating a <code>Transformation</code> containing several
+ * XPath-Filter2 expressions.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPath2TransformationImpl
+  extends TransformationImpl
+  implements XPath2Transformation {
+
+  /** The filters contained in this <code>XPath2Transformation</code> */
+  private List xPathFilters = new ArrayList();
+
+  /**
+   * Create a new <code>XPath2TransformationImpl</code>.
+   * 
+   * The list of XPath-Filter2 expression is initially empty.
+   */
+  public XPath2TransformationImpl() {
+    setAlgorithmURI(XPath2Transformation.XPATH2);
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation#getXPathFilters()
+   */
+  public List getXPathFilters() {
+    return xPathFilters;
+  }
+
+  /**
+   * Add an XPath-Filter2 expression to the list of filters.
+   * 
+   * @param filter The filter to add.
+   */
+  public void addXPathFilter(XPath2Filter filter) {
+    xPathFilters.add(filter);
+  }
+
+  /**
+   * Compare this <code>XPath2Transformation</code> to another.
+   * 
+   * @param other The object to compare this 
+   * <code>XPath2Transformation</code> to.
+   * @return <code>true</code>, if <code>other</code> is an
+   * <code>XPath2Transformation</code> and <code>getXPathFilters()</code> equals
+   * <code>other.getXPathFilters()</code>. Otherwise <code>false</code> is
+   * returned.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof XPath2Transformation) {
+      XPath2Transformation transform = (XPath2Transformation) other;
+
+      return getXPathFilters().equals(transform.getXPathFilters());
+    }
+    return false;
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    Iterator iter = getXPathFilters().iterator();
+    int hashCode = 0;
+
+    while (iter.hasNext()) {
+      hashCode ^= iter.next().hashCode();
+    }
+
+    return hashCode;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java
new file mode 100644
index 0000000..06cc319
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.Map;
+
+import iaik.server.modules.xml.XPathTransformation;
+
+/**
+ * A <code>Transformation</code> containing an XPath expression.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPathTransformationImpl
+  extends TransformationImpl
+  implements XPathTransformation {
+
+  /** The XPath expression. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to use for XPath evaluation. */
+  private Map namespaceDeclarations;
+
+  /**
+   * Create a new <code>XPathTransformationImpl</code>.
+   * 
+   * The namespace declarations are initialized empty.
+   * 
+   * @param xPathExpression The XPath expression this object will contain.
+   * @param namespaceDeclarations The namespace declarations visible for this
+   * XPath.
+   */
+  public XPathTransformationImpl(
+    String xPathExpression,
+    Map namespaceDeclarations) {
+
+    setAlgorithmURI(XPathTransformation.XPATH);
+    setXPathExpression(xPathExpression);
+    setNamespaceDeclarations(namespaceDeclarations);
+  }
+
+  /**
+   * Set the XPath expression.
+   * 
+   * @param xPathExpression The XPath expression.
+   */
+  protected void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPathTransformation#getXPathExpression()
+   */
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPathTransformation#getNamespaceDeclarations()
+   */
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+  /**
+   * Set the namespace declarations.
+   * 
+   * @param namespaceDeclarations The mapping between namespace prefixes and
+   * their associated URI.
+   */
+  protected void setNamespaceDeclarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  /**
+   * Compare this <code>XPathTransformation</code> to another.
+   * 
+   * @param other The object to compare this 
+   * <code>XPathTransformation</code> to.
+   * @return <code>true</code>, if <code>other</code> is an
+   * <code>XPathTransformation</code> and if this object contains the same XPath
+   * expression as <code>other</code>. Otherwise <code>false</code> is returned.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof XPathTransformation) {
+      XPathTransformation transform = (XPathTransformation) other;
+      return getXPathExpression().equals(transform.getXPathExpression());
+    }
+    return false;
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getXPathExpression().hashCode();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java
new file mode 100644
index 0000000..1c5d26a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Collections;
+
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.TransformException;
+import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.util.NodeListToNodeSetDataAdapter;
+import at.gv.egovernment.moa.util.NodeListAdapter;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.XPathException;
+import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.server.modules.xml.XSLTTransformation;
+import iaik.xml.crypto.dsig.XMLSignatureFactory;
+
+/**
+ * A <code>Transformation</code> containing an XSLT transformation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XSLTTransformationImpl extends TransformationImpl implements XSLTTransformation {
+
+	/** The XSLT stylesheet. */
+	private Element styleSheetElement;
+	/**
+	 * The hash code of the canonicalized stylesheet. If calculated, this value
+	 * should be != 0.
+	 */
+	private int hashCode;
+
+	/**
+	 * Create a new <code>XSLTTransformationImpl</code> object.
+	 * 
+	 * @param styleSheetElement
+	 *            The XSLT stylesheet element.
+	 */
+	public XSLTTransformationImpl(Element styleSheetElement) {
+		setAlgorithmURI(XSLTTransformation.XSLT);
+		setStyleSheetElement(styleSheetElement);
+	}
+
+	/**
+	 * Set the XSLT stylesheet element.
+	 * 
+	 * @param styleSheetElement
+	 *            The XSLT stylesheet element to set.
+	 */
+	protected void setStyleSheetElement(Element styleSheetElement) {
+		this.styleSheetElement = styleSheetElement;
+		this.hashCode = 0;
+	}
+
+	/**
+	 * @see iaik.server.modules.xml.XSLTTransformation#getStylesheetElement()
+	 */
+	public Element getStylesheetElement() {
+		return styleSheetElement;
+	}
+
+	/**
+	 * Compare this <code>XSLTTransformation</code> to another.
+	 * 
+	 * @param other
+	 *            The object to compare this <code>XSLTTransformation</code> to.
+	 * @return <code>true</code>, if <code>other</code> is an
+	 *         <code>XSLTTransformation</code> and if the canonicalized
+	 *         representations of the stylesheets contained in <code>this</code>
+	 *         and <code>other</code> match. Otherwise, <code>false</code> is
+	 *         returned.
+	 * @see java.lang.Object#equals(Object)
+	 */
+	public boolean equals(Object other) {
+		if (other instanceof XSLTTransformation) {
+			XSLTTransformation xslt = (XSLTTransformation) other;
+
+			return compareElements(getStylesheetElement(), xslt.getStylesheetElement());
+		}
+		return false;
+	}
+
+	/**
+	 * @see java.lang.Object#hashCode()
+	 */
+	public int hashCode() {
+		if (hashCode == 0) {
+			hashCode = calculateHashCode(getStylesheetElement());
+		}
+		return hashCode;
+	}
+
+	/**
+	 * Calculate the hash code for a DOM element by canonicalizing it.
+	 * 
+	 * @param element
+	 *            The DOM element for which the hash code is to be calculated.
+	 * @return int The hash code, or <code>0</code>, if it could not be
+	 *         calculated.
+	 */
+	private static int calculateHashCode(Element element) {
+		try {
+			InputStream is = canonicalize(element);
+			byte[] buf = new byte[256];
+			int hashCode = 1;
+			int length;
+			int i;
+
+			while ((length = is.read(buf)) > 0) {
+				for (i = 0; i < length; i++) {
+					hashCode += buf[i] * 31 + i;
+				}
+			}
+			is.close();
+			return hashCode;
+		} catch (IOException e) {
+			return 0;
+		} catch (NoSuchAlgorithmException e) {
+			return 0;
+		} catch (InvalidAlgorithmParameterException e) {
+			return 0;
+		} catch (TransformException e) {
+			return 0;
+		}
+	}
+
+	/**
+	 * Compare two DOM elements by canonicalizing their contents and comparing
+	 * the resulting byte stream.
+	 * 
+	 * @param elem1
+	 *            The 1st element to compare.
+	 * @param elem2
+	 *            The 2nd element to compare.
+	 * @return boolean <code>true</code>, if the elements are considered equal
+	 *         after canonicalization. Otherwise <code>false</code> is returned.
+	 */
+	private static boolean compareElements(Element elem1, Element elem2) {
+		try {
+			InputStream is1 = canonicalize(elem1);
+			InputStream is2 = canonicalize(elem2);
+			return StreamUtils.compareStreams(is1, is2);
+		} catch (IOException e) {
+			return false;
+		} catch (NoSuchAlgorithmException e) {
+			return false;
+		} catch (InvalidAlgorithmParameterException e) {
+			return false;
+		} catch (TransformException e) {
+			return false;
+		}
+	}
+
+	/**
+   * Canonicalize a DOM element.
+   * 
+   * @param element The element to canonicalize.
+   * @return InputStream A stream with the canonicalized data.
+	 * @throws InvalidAlgorithmParameterException 
+	 * @throws IOException 
+	 * @throws TransformException 
+   * @throws AlgorithmException An error occurred canonicalizing the element.
+   */
+  private static InputStream canonicalize(Element element)
+    throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, TransformException {
+	  CanonicalizationMethod canonicalizationMethod = XMLSignatureFactory.getInstance().newCanonicalizationMethod(
+			  CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec());
+	  
+    //CanonicalizationAlgorithm c14n =
+     // new CanonicalizationAlgorithmImplExclusiveCanonicalXML();
+    NodeList nodeList;
+  
+    try {
+      nodeList = XPathUtils.selectNodeList(element, XPathUtils.ALL_NODES_XPATH);
+    } catch (XPathException e) {
+      nodeList = new NodeListAdapter(Collections.EMPTY_LIST);
+    }
+    //c14n.setInput(nodeList);
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    canonicalizationMethod.transform(new NodeListToNodeSetDataAdapter(nodeList), null, baos);
+    baos.close();
+    return new ByteArrayInputStream(baos.toByteArray());
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java
new file mode 100644
index 0000000..310f2dd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+
+import java.util.List;
+
+import iaik.server.modules.xmlsign.DataObjectTreatment;
+
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+
+/**
+ * An object encapsulating how to treat an associated <code>DataObject</code>
+ * when creating a signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DataObjectTreatmentImpl implements DataObjectTreatment {
+  /** The final content MIME type. */
+  private String finalContentType;
+  /** The name of the hash algorithm. */
+  private String hashAlgorithmName;
+  /** This transformations to apply to the associated data object. */
+  private List transformationList;
+  /** Supplemental information for the transformations. */
+  private List transformationSupplements;
+  /** Whether to include the associated data object in the signature. */
+  private boolean includedInSignature;
+  /** Whether to include the associated data object in the manifest. */
+  private boolean referenceInManifest;
+  /** The object ID generator. */
+  private IdGenerator objIdGen;
+  
+  /**
+   * Create a new <code>DataObjectTreatmentImpl</code>.
+   * 
+   * @param objIdGen The <code>IdGenerator</code> for unique object IDs.
+   */
+  public DataObjectTreatmentImpl(IdGenerator objIdGen) {
+    this.objIdGen = objIdGen;
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getFinalContentType()
+   */
+  public String getFinalContentType() {
+    return finalContentType;
+  }
+
+  /**
+   * Sets the final content type.
+   * 
+   * @param finalContentType The final content type to set (a MIME-type type of
+   * <code>String</code>).
+   */
+  public void setFinalContentType(String finalContentType) {
+    this.finalContentType = finalContentType;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getHashAlgorithmName()
+   */
+  public String getHashAlgorithmName() {
+    return hashAlgorithmName;
+  }
+
+  /**
+   * Sets the hash algorithm name.
+   * 
+   * @param hashAlgorithmName The hash algorithm name to set.
+   */
+  public void setHashAlgorithmName(String hashAlgorithmName) {
+    this.hashAlgorithmName = hashAlgorithmName;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#isIncludedInSignature()
+   */
+  public boolean isIncludedInSignature() {
+    return includedInSignature;
+  }
+
+  /**
+   * Sets whether the associated <code>DataObject</code> is to be included in
+   * the signature.
+   * 
+   * @param includedInSignature If <code>true</code>, the associated
+   * <code>DataObject</code> will be included in the signature, otherwise not.
+   */
+  public void setIncludedInSignature(boolean includedInSignature) {
+    this.includedInSignature = includedInSignature;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#isReferenceInManifest()
+   */
+  public boolean isReferenceInManifest() {
+    return referenceInManifest;
+  }
+
+  /**
+   * Sets whether the associated <code>DataObject</code> is
+   * to be included in the <code>dsig:Manifest</code>.
+   * 
+   * @param referenceInManifest If <code>true</code>, the associated
+   * <code>DataObject</code> will be included in the manifest, otherwise not.
+   */
+  public void setReferenceInManifest(boolean referenceInManifest) {
+    this.referenceInManifest = referenceInManifest;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getTransformationList()
+   */
+  public List getTransformationList() {
+    return transformationList;
+  }
+
+  /**
+   * Set the list of transformations for the associated <code>DataObject</code>.
+   * 
+   * @param transformationList The transformations to set.
+   */
+  public void setTransformationList(List transformationList) {
+    this.transformationList = transformationList;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getTransformationSupplements()
+   */
+  public List getTransformationSupplements() {
+    return transformationSupplements;
+  }
+
+  /**
+   * Sets the transformation supplements for the associated
+   * <code>DataObject</code>.
+   * 
+   * @param transformationSupplements The transformation supplements to set.
+   */
+  public void setTransformationSupplements(List transformationSupplements) {
+    this.transformationSupplements = transformationSupplements;
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getDsigDataObjectID()
+   */
+  public String getDsigDataObjectID() {
+    return objIdGen.uniqueId();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
new file mode 100644
index 0000000..7d0c5a0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -0,0 +1,399 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+
+import iaik.server.modules.algorithms.SignatureAlgorithms;
+import iaik.server.modules.keys.AlgorithmUnavailableException;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+import iaik.server.modules.xml.Canonicalization;
+import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
+import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
+
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+
+/**
+ * An object providing auxiliary information for creating an XML signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureCreationProfileImpl
+  implements XMLSignatureCreationProfile {
+
+  /** The transformations to apply to a data object. */
+  private List dataObjectTreatmentList;
+  /** The set of keys available to the signing process. */
+  private Set keySet;
+  /** The type URI of the signature manifest. */
+  private String securityLayerManifestTypeURI;
+  /** Whether the created signature is to be Security Layer conform. */ 
+  private boolean securityLayerConform;
+  /** Where to insert the signature into the signature environment. */
+  private XMLSignatureInsertionLocation signatureInsertionLocation;
+  /** The signature structur type. */
+  private String signatureStructureType;
+  /** The type of <code>Canonicalization</code> to use for the signed info. */
+  private Canonicalization signedInfoCanonicalization;
+  /** Properties to be signed during signature creation. */ 
+  private List signedProperties;
+  /** The ID generator for signature IDs. */
+  private IdGenerator signatureIDGenerator;
+  /** The ID generator for manifst IDs. */
+  private IdGenerator manifestIDGenerator;
+  /** The ID generator for XMLDsig manifest IDs. */
+  private IdGenerator dsigManifestIDGenerator;
+  /** The ID generator for signed property IDs. */
+  private IdGenerator propertyIDGenerator;
+  /** The selected digest method algorithm if XAdES 1.4.2 is used   */
+  private String digestMethodXAdES142;
+  
+  
+  /**
+   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * 
+   * @param createProfileCount Provides external information about the 
+   * number of calls to the signature creation module, using the same request.
+   * @param reservedIDs The set of IDs that must not be used while generating
+   * new IDs.
+   */
+  public XMLSignatureCreationProfileImpl(
+    int createProfileCount,
+    Set reservedIDs,
+    String digestMethodXAdES142) {
+    signatureIDGenerator =
+      new IdGenerator("signature-" + createProfileCount, reservedIDs);
+    manifestIDGenerator =
+      new IdGenerator("manifest-" + createProfileCount, reservedIDs);
+    dsigManifestIDGenerator =
+      new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs);
+    propertyIDGenerator =
+      new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
+    this.digestMethodXAdES142 = digestMethodXAdES142;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDataObjectTreatmentList()
+   */
+  public List getDataObjectTreatmentList() {
+    return dataObjectTreatmentList;
+  }
+
+  /**
+   * Sets the list of <code>DataObjectTreatment</code>s.
+   * 
+   * @param dataObjectTreatmentList The <code>DataObjectTreatment</code>s to
+   * set.
+   */
+  public void setDataObjectTreatmentList(List dataObjectTreatmentList) {
+    this.dataObjectTreatmentList = dataObjectTreatmentList;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
+   */
+  public Set getKeySet() {
+    return keySet;
+  }
+
+  /**
+   * Set the set of <code>KeyEntryID</code>s which may be used for signature
+   * creation.
+   * 
+   * @param keySet The set of <code>KeyEntryID</code>s to set.
+   */
+  public void setKeySet(Set keySet) {
+    this.keySet = keySet;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestTypeURI()
+   */
+  public String getSecurityLayerManifestTypeURI() {
+    return securityLayerManifestTypeURI;
+  }
+
+  /**
+   * Set the SecurityLayerManifestTypeURI.
+   * 
+   * @param securityLayerManifestTypeURI The SecurityLayerManifestTypeURI to
+   * set.
+   */
+  public void setSecurityLayerManifestTypeURI(String securityLayerManifestTypeURI) {
+    this.securityLayerManifestTypeURI = securityLayerManifestTypeURI;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
+   */
+  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
+    throws AlgorithmUnavailableException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    TransactionId tid = new TransactionId(context.getTransactionID());
+    KeyModule module = KeyModuleFactory.getInstance(tid);
+    Set algorithms;
+
+    try {
+      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
+    } catch (UnknownKeyException e) {
+      throw new AlgorithmUnavailableException(
+        "Unknown key entry: " + selectedKeyID,
+        e,
+        null);
+    }
+    
+    if (digestMethodXAdES142 == null) {
+    	// XAdES 1.4.2 not enabled - legacy MOA
+        if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)  
+        		|| algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+
+        	return SignatureAlgorithms.SHA1_WITH_RSA;
+        } else if (
+        		algorithms.contains(SignatureAlgorithms.ECDSA)) {
+        	return SignatureAlgorithms.ECDSA;
+        } else if (
+        		algorithms.contains(SignatureAlgorithms.DSA)) {
+        	return SignatureAlgorithms.DSA; 
+        } else {
+        	throw new AlgorithmUnavailableException(
+        			"No algorithm for key entry: " + selectedKeyID,
+        			null,
+        	        null);
+        }
+    }
+    else {
+    	// XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method
+    	if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
+    		Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
+             }
+    		
+    	} else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethodXAdES142,
+         			null,
+         	        null);
+         }
+    	
+    }
+    
+
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureInsertionLocation()
+   */
+  public XMLSignatureInsertionLocation getSignatureInsertionLocation() {
+    return signatureInsertionLocation;
+  }
+
+  /**
+   * Set the location where the signature is to be inserted into the signature
+   * parent.
+   * 
+   * @param signatureInsertionLocation The location to set.
+   */
+  public void setSignatureInsertionLocation(XMLSignatureInsertionLocation signatureInsertionLocation) {
+    this.signatureInsertionLocation = signatureInsertionLocation;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureStructureType()
+   */
+  public String getSignatureStructureType() {
+    return signatureStructureType;
+  }
+
+  /**
+   * Set the signature structure type.
+   * @param signatureStructureType The signature structure type to set.
+   */
+  public void setSignatureStructureType(String signatureStructureType) {
+    this.signatureStructureType = signatureStructureType;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedInfoCanonicalization()
+   */
+  public Canonicalization getSignedInfoCanonicalization() {
+    return signedInfoCanonicalization;
+  }
+
+  /**
+   * Sets the canonicalization method to use for the SignedInfo object.
+   * 
+   * @param signedInfoCanonicalization The canonicalization method to set.
+   */
+  public void setSignedInfoCanonicalization(Canonicalization signedInfoCanonicalization) {
+    this.signedInfoCanonicalization = signedInfoCanonicalization;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * Set the signed properties.
+   * 
+   * @param signedProperties The signed properties to set.
+   */
+  public void setSignedProperties(List signedProperties) {
+    this.signedProperties = signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   * 
+   * @param securityLayerConform <code>true</code>, if the created signature
+   * is to be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureID()
+   */
+  public String getSignatureID() {
+    return signatureIDGenerator.uniqueId();
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestID()
+   */
+  public String getSecurityLayerManifestID() {
+    return manifestIDGenerator.uniqueId();
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDsigManifestID()
+   */
+  public String getDsigManifestID() {
+    return dsigManifestIDGenerator.uniqueId();
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedPropertiesID()
+   */
+  public String getSignedPropertiesID() {
+    return propertyIDGenerator.uniqueId();
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs()
+   */
+  public boolean getPermitFileURIs() {
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java
new file mode 100644
index 0000000..90c1f49
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+
+import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
+
+/**
+ * An object giving the location of where the signature will be
+ * inserted into the parent element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureInsertionLocationImpl
+  implements XMLSignatureInsertionLocation {
+
+  /** Where to put the signature into the signature parent element. */
+  private int signatureChildIndex;
+  
+  /**
+   * Create a new <code>XMLSignatureInsertLocationImpl</code>.
+   * 
+   * @param signatureChildIndex The position index at which to append the
+   * signature to the parent element.
+   */
+  public XMLSignatureInsertionLocationImpl(int signatureChildIndex) {
+    setSignatureChildIndex(signatureChildIndex);
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureInsertionLocation#getSignatureChildIndex()
+   */
+  public int getSignatureChildIndex() {
+    return signatureChildIndex;
+  }
+
+  /**
+   * Sets the position index at which to append the signature to the parent
+   * element.
+   * 
+   * @param signatureChildIndex The position index to set.
+   */
+  public void setSignatureChildIndex(int signatureChildIndex) {
+    this.signatureChildIndex = signatureChildIndex;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
new file mode 100644
index 0000000..f4c9126
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlverify;
+
+import java.util.List;
+
+import iaik.pki.PKIProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+
+/**
+ * An object providing auxiliary information for verifying an XML signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureVerificationProfileImpl
+  implements XMLSignatureVerificationProfile {
+
+  /** Whether to check the Security Layer manifest. */
+  private boolean checkSecurityLayerManifest;
+  /** Whether to check the XMLDsig manifest. */
+  private boolean checkXMLDsigManifests;
+  /** The profile for validating the signer certificate. */
+  private PKIProfile certificateValidationProfile;
+  /** Supplements for the transformations. */
+  private List transformationSupplements;
+  /** Whether to include hash input data in the response. */
+  private boolean includeHashInputData;
+  /** Whether to include reference input data in the response. */
+  private boolean includeReferenceInputData;
+  /** Whether the file URIs are permitted */
+  private boolean permitFileURIs;
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest()
+   */
+  public boolean checkSecurityLayerManifest() {
+    return checkSecurityLayerManifest;
+  }
+
+  /**
+   * Set whether to check the references in the Security Layer manifest.
+   * 
+   * @param checkSecurityLayerManifest <code>true</code>, if the references
+   * in the Security Layer manifest must be checked.
+   */
+  public void setCheckSecurityLayerManifest(boolean checkSecurityLayerManifest) {
+    this.checkSecurityLayerManifest = checkSecurityLayerManifest;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkXMLDsigManifests()
+   */
+  public boolean checkXMLDsigManifests() {
+    return checkXMLDsigManifests;
+  }
+
+  /**
+   * Sets whether to check the references of all XML Dsig manifests.
+   * 
+   * @param checkXMLDSigManifests <code>true</code>, if the references in the
+   * XML Dsig manifest must be checked.
+   */
+  public void setCheckXMLDsigManifests(boolean checkXMLDSigManifests) {
+    this.checkXMLDsigManifests = checkXMLDSigManifests;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getCertificateValidationProfile()
+   */
+  public PKIProfile getCertificateValidationProfile() {
+    return certificateValidationProfile;
+  }
+
+  /**
+   * Sets the profile for validating the signer certificate.
+   * 
+   * @param certificateValidationProfile The certificate validation profile to
+   * set.
+   */
+  public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) {
+    this.certificateValidationProfile = certificateValidationProfile;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getTransformationSupplements()
+   */
+  public List getTransformationSupplements() {
+    return transformationSupplements;
+  }
+
+  /**
+   * Sets the transformation supplements.
+   * 
+   * @param transformationSupplements The transformation supplements to set.
+   */
+  public void setTransformationSupplements(List transformationSupplements) {
+    this.transformationSupplements = transformationSupplements;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#includeHashInputData()
+   */
+  public boolean includeHashInputData() {
+    return includeHashInputData;
+  }
+
+  /**
+   * Set whether to include the hash input data in the result.
+   * 
+   * @param includeHashInputData If <code>true</code>, the hash input data
+   * will be returned in the result.
+   */
+  public void setIncludeHashInputData(boolean includeHashInputData) {
+    this.includeHashInputData = includeHashInputData;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#includeReferenceInputData()
+   */
+  public boolean includeReferenceInputData() {
+    return includeReferenceInputData;
+  }
+
+  /**
+   * Set whether to include the reference input data in the result.
+   * 
+   * @param includeReferenceInputData If <code>true</code>, the reference
+   * input data will be included in the result.
+   */
+  public void setIncludeReferenceInputData(boolean includeReferenceInputData) {
+    this.includeReferenceInputData = includeReferenceInputData;
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs() 
+   */
+  public boolean getPermitFileURIs() {
+    return permitFileURIs;
+  }
+  
+  /**
+   * Set whether the file URIs are permitted or not
+   * 
+   * @param permitFileURIs whether the file URIs are permitted or not
+   */
+  public void setPermitFileURIs(boolean permitFileURIs)
+  {
+    this.permitFileURIs = permitFileURIs;
+  }
+
+  @Override
+  public String getTargetLevel() {
+	return XMLSignatureVerificationProfile.LEVEL_B;
+  }
+}