initial commit

265 files changed, 33838 insertions, 0 deletions

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAApplicationException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAApplicationException.java
new file mode 100644
index 0000000..305c227
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAApplicationException.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss;
+/**
+ * Base class of application specific MOA exceptions.
+ * 
+ * Application exceptions are exceptions that originate from application
+ * code (e.g. inconsistent data provided by the user, no permission to access
+ * certain resources, etc.)
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOAApplicationException extends MOAException {
+  
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 1042877795934327684L;
+
+/**
+   * Create a new <code>MOAApplicationException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * exception.
+   * @param parameters Additional message parameters.
+   */
+  public MOAApplicationException(String messageId, Object[] parameters) {
+    super(messageId, parameters);
+  }
+
+  /**
+   * Create a new <code>MOAApplicationException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * <code>MOAApplicationException</code>.
+   * @param parameters Additional message parameters.
+   * @param wrapped The exception wrapped by this
+   * <code>MOAApplicationException</code>.
+   */
+  public MOAApplicationException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+    super(messageId, parameters, wrapped);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java
new file mode 100644
index 0000000..803f3fd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOAException.java
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.util.Constants;
+
+
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * Base class of MOA specific exceptions.
+ * 
+ * This class has the ability to wrap other exceptions which may be seen
+ * as the root cause for this exception. A similar mechanism is in place
+ * since JDK1.4 (see the <code>getClause()</code> method) but will not be used
+ * because of required compatibility with JDK1.3.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class MOAException extends Exception {
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 7115301799538771949L;
+/** The message ID. */
+  private String messageId;
+  /** The wrapped <code>Throwable</code>. */
+  private Throwable wrapped;
+
+  /**
+   * Create a <code>MOAException</code>.
+   * 
+   * @param messageId The message ID of the message contained in the created
+   * <code>MOAException</code>.
+   * @param parameters The parameters needed to fill in the message arguments.
+   */
+  public MOAException(String messageId, Object[] parameters) {
+    super(MessageProvider.getInstance().getMessage(messageId, parameters));
+    this.messageId = messageId;
+  }
+
+  /**
+   * Create a <code>MOAException</code>.
+   * 
+   * @param messageId The message ID of the message contained in the created
+   * <code>MOAException</code>.
+   * @param parameters The parameters needed to fill in the message arguments.
+   * @param wrapped The exception wrapped by the created
+   * <code>MOAException</code>.
+   */
+  public MOAException(String messageId, Object[] parameters, Throwable wrapped) {
+	  // TODO: remove wrapped again from super constructor
+    super(MessageProvider.getInstance().getMessage(messageId, parameters), wrapped);
+    this.messageId = messageId;
+    this.wrapped = wrapped;
+  }
+
+  /**
+   * Returns the message ID of this exception.
+   * 
+   * @return The message ID as provided in the constructor.
+   */
+  public String getMessageId() {
+    return messageId;
+  }
+
+  /**
+   * Returns the exception wrapped by this <code>MOAException</code>.
+   * 
+   * @return The exception wrapped by this exception. Possibly
+   * <code>null</code>, if none was provided at construction time.
+   */
+  public Throwable getWrapped() {
+    return wrapped;
+  }
+
+  /**
+   * Convert this <code>MOAException</code> to an <code>ErrorResponse</code>
+   * element from the MOA namespace.
+   * 
+   * @return An <code>ErrorResponse</code> element, containing the subelements
+   * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
+   */
+  public Element toErrorResponse() {
+    DocumentBuilder builder;
+    DOMImplementation impl;
+    Document doc;
+    Element errorResponse;
+    Element errorCode;
+    Element info;
+
+    // create a new document
+    try {
+      builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+      impl = builder.getDOMImplementation();
+    } catch (ParserConfigurationException e) {
+      return null;
+    }
+
+    // build the ErrorResponse element
+    doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
+    errorResponse = doc.getDocumentElement();
+
+    // add MOA namespace declaration
+    errorResponse.setAttributeNS(
+      Constants.XMLNS_NS_URI,
+      "xmlns",
+      Constants.MOA_NS_URI);
+
+    // build the child elements    
+    errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
+    errorCode.appendChild(doc.createTextNode(messageId));
+    info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
+    info.appendChild(doc.createTextNode(getMessage()));
+    errorResponse.appendChild(errorCode);
+    errorResponse.appendChild(info);
+    return errorResponse;
+  }
+  
+  /**
+   * Print a stack trace of this exception to <code>System.err</code>.
+   * 
+   * @see java.lang.Throwable#printStackTrace()
+   */
+  public void printStackTrace() {
+    printStackTrace(System.err);
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stack trace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
+   */
+  public void printStackTrace(PrintStream s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stacktrace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
+   */
+  public void printStackTrace(PrintWriter s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java
new file mode 100644
index 0000000..a3c8565
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOARuntimeException.java
@@ -0,0 +1,191 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Base class of MOA specific runtime exceptions.
+ * 
+ * This class has the ability to wrap other exceptions which may be seen
+ * as the root cause for this exception. A similar mechanism is in place
+ * since JDK1.4 (see the <code>getClause()</code> method) but will not be used
+ * because of required compatibility with JDK1.3.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOARuntimeException extends RuntimeException {
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 8516197293435621864L;
+/** The message ID. */
+  private String messageId;
+  /** The wrapped <code>Throwable</code>. */
+  private Throwable wrapped;
+
+  /**
+   * Create a <code>MOAException</code>.
+   * 
+   * @param messageId The message ID of the message contained in the created
+   * <code>MOAException</code>.
+   * @param parameters The parameters needed to fill in the message arguments.
+   */
+  public MOARuntimeException(String messageId, Object[] parameters) {
+    super(MessageProvider.getInstance().getMessage(messageId, parameters));
+    this.messageId = messageId;
+  }
+
+  /**
+   * Create a <code>MOAException</code>.
+   * 
+   * @param messageId The message ID of the message contained in the created
+   * <code>MOAException</code>.
+   * @param parameters The parameters needed to fill in the message arguments.
+   * @param wrapped The exception wrapped by the created
+   * <code>MOAException</code>.
+   */
+  public MOARuntimeException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+
+    super(MessageProvider.getInstance().getMessage(messageId, parameters));
+    this.messageId = messageId;
+    this.wrapped = wrapped;
+  }
+
+  /**
+   * Returns the message ID of this exception.
+   * 
+   * @return The message ID as provided in the constructor.
+   */
+  public String getMessageId() {
+    return messageId;
+  }
+
+  /**
+   * Returns the exception wrapped by this <code>MOARuntimeException</code>.
+   * 
+   * @return The exception wrapped by this exception. Possibly
+   * <code>null</code>, if none was provided at construction time.
+   */
+  public Throwable getWrapped() {
+    return wrapped;
+  }
+
+  /**
+   * Convert this <code>MOARuntimeException</code> to an <code>ErrorResponse</code>
+   * element from the MOA namespace.
+   * 
+   * @return An <code>ErrorResponse</code> element, containing the subelements
+   * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
+   */
+  public Element toErrorResponse() {
+    DocumentBuilder builder;
+    DOMImplementation impl;
+    Document doc;
+    Element errorResponse;
+    Element errorCode;
+    Element info;
+
+    // create a new document
+    try {
+      builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+      impl = builder.getDOMImplementation();
+    } catch (ParserConfigurationException e) {
+      return null;
+    }
+
+    // build the ErrorResponse element
+    doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
+    errorResponse = doc.getDocumentElement();
+
+    // add MOA namespace declaration
+    errorResponse.setAttributeNS(
+      Constants.XMLNS_NS_URI,
+      "xmlns",
+      Constants.MOA_NS_URI);
+
+    // build the child elements    
+    errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
+    errorCode.appendChild(doc.createTextNode(messageId));
+    info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
+    info.appendChild(doc.createTextNode(getMessage()));
+    errorResponse.appendChild(errorCode);
+    errorResponse.appendChild(info);
+    return errorResponse;
+  }
+  
+  /**
+   * Print a stack trace of this exception to <code>System.err</code>.
+   * 
+   * @see java.lang.Throwable#printStackTrace()
+   */
+  public void printStackTrace() {
+    printStackTrace(System.err);
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stack trace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
+   */
+  public void printStackTrace(PrintStream s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stacktrace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
+   */
+  public void printStackTrace(PrintWriter s) {
+    super.printStackTrace(s);
+    if (getWrapped() != null) {
+      s.print("Caused by: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOASystemException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOASystemException.java
new file mode 100644
index 0000000..67c1908
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/MOASystemException.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss;
+/**
+ * Base class of technical MOA exceptions.
+ * 
+ * Technical exceptions are exceptions that originate from system failure (e.g.,
+ * a database connection fails, a component is not available, etc.)
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOASystemException extends MOAException {
+
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = 655642019638205185L;
+
+/**
+   * Create a new <code>MOASystemException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * exception.
+   * @param parameters Additional message parameters.
+   */
+  public MOASystemException(String messageId, Object[] parameters) {
+    super(messageId, parameters);
+  }
+
+  /**
+   * Create a new <code>MOASystemException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * <code>MOASystemException</code>.
+   * @param parameters Additional message parameters.
+   * @param wrapped The exception wrapped by this
+   * <code>MOASystemException</code>.
+   */
+  public MOASystemException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+    super(messageId, parameters, wrapped);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java
new file mode 100644
index 0000000..6cbdf7d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/Configurator.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.server.init.ConfiguratorImpl;
+
+/**
+ * Configures the SP/SS API.
+ * 
+ * Also handles dynamic configuration updates. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class Configurator {
+
+  /** The default implementation class. */
+  private static final String DEFAULT_IMPLEMENTATION =
+    "at.gv.egovernment.moa.spss.server.init.ConfiguratorImpl";
+
+  /** The single instance of this class. */
+  private static Configurator instance = null;
+
+  public static synchronized Configurator getInstance() {
+    if (instance == null) {
+      try {
+        /*DiscoverClass discover = new DiscoverClass();
+        instance =
+          (Configurator) discover.newInstance(
+            Configurator.class,
+            DEFAULT_IMPLEMENTATION);*/
+        return new ConfiguratorImpl();
+      } catch (Exception e) {
+        // this can not happen since we provide a valid default 
+        // implementation
+      }
+    }
+    return instance;
+  }
+
+  /**
+   * Initialize the SP/SS configuration.
+   * 
+   * Only a single call to this method will have an effect. Use 
+   * <code>update()</code> for reflecting changes in the configuration instead. 
+   * 
+   * @throws MOAException An error occurred updating the SP/SS configuration.
+   */  
+  public abstract void init() throws MOAException;
+  
+  /**
+   * Update the SP/SS configuration.
+   * 
+   * This will only have an effect after the system has been initialized once
+   * using <code>init()</code>.
+   * 
+   * @throws MOAException An error occurred updating the SP/SS configuration.
+   */
+  public abstract void update() throws MOAException;
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
new file mode 100644
index 0000000..4c57b13
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -0,0 +1,1139 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api;
+
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.common.X509IssuerSerial;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+import at.gv.egovernment.moa.spss.api.impl.SPSSFactoryImpl;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * An abstract factory for creating MOA SP/SS API objects.
+ * 
+ * Use <code>getInstance()</code> to get a concrete factory instance. Using
+ * this instance, concrete MOA SP/SS API object can be created.
+ * 
+ * @author Patrick Peck
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public abstract class SPSSFactory {
+
+  /** The default implementation of this class. */
+  private static final String DEFAULT_IMPLEMENTATION =
+    "at.gv.egovernment.moa.spss.api.impl.SPSSFactoryImpl";
+
+  /** The single instance of this class. */
+  private static SPSSFactory instance = null;
+
+  /**
+   * Returns the single instance of this class.
+   * 
+   * @return The single instance of this class.
+   */
+  public static synchronized SPSSFactory getInstance() {
+    if (instance == null) {
+      try {
+        /*DiscoverClass discover = new DiscoverClass();
+        instance =
+          (SPSSFactory) discover.newInstance(
+            SPSSFactory.class,
+            DEFAULT_IMPLEMENTATION);*/
+        return new SPSSFactoryImpl();
+      } catch (Exception e) {
+        // this can not happen since we provide a valid default 
+        // implementation
+      }
+    }
+    return instance;
+  }
+
+  //
+  // Factory methods for creating XML signatures
+  //
+
+  /**
+   * Create a new <code>CreateXMLSignatureRequest</code> object.
+   * 
+   * @param keyIdentifier The identifier for the key group to use for signing.
+   * @param singleSignatureInfos A <code>List</code> of 
+   * <code>SingleSignatureInfo</code> objects containing information about a
+   * single signature to be created.
+   * @return The <code>CreateXMLSignatureRequest</code> containing the above
+   * data.
+   * 
+   * @pre keyIdentifier != null && keyIdentifier.length() > 0
+   * @pre singleSignatureInfos != null
+   * @pre forall Object o in singleSignatureInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.SingleSignatureInfo 
+   * @post return != null
+   */
+  public abstract CreateXMLSignatureRequest createCreateXMLSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos);
+
+  /**
+   * Create a new <code>CreateCMSSignatureRequest</code> object.
+   * 
+   * @param keyIdentifier The identifier for the key group to use for signing.
+   * @param singleSignatureInfos A <code>List</code> of 
+   * <code>SingleSignatureInfo</code> objects containing information about a
+   * single signature to be created.
+   * @return The <code>CreateCMSSignatureRequest</code> containing the above
+   * data.
+   * 
+   * @pre keyIdentifier != null && keyIdentifier.length() > 0
+   * @pre singleSignatureInfos != null
+   * @pre forall Object o in singleSignatureInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.SingleSignatureInfo 
+   * @post return != null
+   */
+  public abstract CreateCMSSignatureRequest createCreateCMSSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos);
+  
+  /**
+   * Create a new <code>SingleSignatureInfo</code> object.
+   * 
+   * @param dataObjectInfos The data objects that will be signed (including
+   * transformations).
+   * @param createSignatureInfo Information about the signature environment. May
+   * be <code>null</code>.
+   * @param securityLayerConform If <code>true</code>, a Security Layer conform
+   * signature manifest is created, otherwise not.
+   * @return The <code>SingleSignatureInfo</code> containing the above data.
+   * 
+   * @pre dataObjectInfos != null && dataObjectInfos.size() > 0
+   * @pre forall Object o in dataObjectInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo
+   * @post return != null
+   */
+  public abstract SingleSignatureInfo createSingleSignatureInfo(
+    List dataObjectInfos,
+    CreateSignatureInfo createSignatureInfo, boolean securityLayerConform);
+  
+  /**
+   * Create a new <code>SingleSignatureInfo</code> object.
+   * 
+   * @param dataObjectInfo The data object that will be signed.
+   * @param securityLayerConform If <code>true</code>, a Security Layer conform
+   * signature manifest is created, otherwise not.
+   * @return The <code>SingleSignatureInfo</code> containing the above data.
+   * 
+   * @post return != null
+   */
+  public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(	
+    at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,
+    boolean securityLayerConform);
+  
+
+  
+
+  /**
+   * Create a new <code>DataObjectInfo</code> object.
+   * 
+   * @param structure The type of signature to create.
+   * @param childOfManifest If <code>true</code>, references will be returned
+   * as children of an XMLDsig manifest. Otherwise, they will be returned as 
+   * children of the signature itself.
+   * @param dataObject The data object that will be signed.
+   * @param createTransformsInfoProfile Additional transformations to apply
+   * to the data object.
+   * @return The <code>DataObjectInfo</code> containing the above data.
+   * 
+   * @pre DataObjectInfo.STRUCTURE_DETACHED.equals(structure) ||
+   *      DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)
+   * @pre dataObject != null
+   * @pre createTransformsInfoProfile != null
+   * @post return != null
+   */
+  public abstract DataObjectInfo createDataObjectInfo(
+    String structure,
+    boolean childOfManifest,
+    Content dataObject,
+    CreateTransformsInfoProfile createTransformsInfoProfile);
+
+  /**
+   * Create a new <code>DataObjectInfo</code> object.
+   * 
+   * @param structure The type of signature to create.
+   * @param dataObject The data object that will be signed.
+   * @return The <code>DataObjectInfo</code> containing the above data.
+   * 
+   * @pre DataObjectInfo.STRUCTURE_DETACHED.equals(structure) ||
+   *      DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)
+   * @pre dataObject != null
+   * @post return != null
+   */
+  public abstract at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo(
+    String structure,
+    CMSDataObject dataObject);
+  
+  /**
+   * Create a new <code>CreateTransformsInfoProfile</code> object containing a
+   * reference to a locally stored profile.
+   * 
+   * @param profileID The profile ID to resolve during signature creation. 
+   * @return The <code>CreateTransformsInfoProfile</code> containing the given
+   * profile ID.
+   * 
+   * @pre profileID != null && profileID.length() > 0
+   * @post return != null
+   */
+  public abstract CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID);
+
+  /**
+   * Create a new <code>CreateTransformsInfoProfile</code> object by providing 
+   * the profile data explicitly.
+   * 
+   * @param transformsInfo The transformations to apply to the associated 
+   * data object.
+   * @param supplements Supplemental information for the transformation. May be
+   * <code>null</code>.
+   * @return The <code>CreateTransformsInfoProfile</code> containing the above
+   * data.
+   * 
+   * @pre transformsInfo != null
+   * @pre supplements != null implies 
+   *        forall Object o in supplements | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation
+   * @post return != null
+   */
+  public abstract CreateTransformsInfoProfile createCreateTransformsInfoProfile(
+    CreateTransformsInfo transformsInfo,
+    List supplements);
+
+  /**
+   * Create a new <code>CreateTransformsInfo</code> object.
+   * 
+   * @param transforms The <code>Transform</code>s to apply to the associated
+   * data object. May be <code>null</code>.
+   * @param finalDataMetaInfo Information about the type of the transformed
+   * data.
+   * @return The <code>CreateTransformsInfo</code> containing the above data.
+   * 
+   * @pre transforms != null implies transforms.size > 0
+   * @pre transforms != null implies 
+   *        forall Object o in transforms | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.common.Transform
+   * @pre finalDataMetaInfo != null
+   * @post return != null
+   */
+  public abstract CreateTransformsInfo createCreateTransformsInfo(
+    List transforms,
+    MetaInfo finalDataMetaInfo);
+
+  /**
+   * Create a new <code>CreateSignatureInfo</code> object.
+   * 
+   * @param createSignatureEnvironment The signature environment that will
+   * contain the signature.
+   * @param createSignatureEnvironmentProfile Additional information about
+   * the signture environment.
+   * @return The <code>CreateSignatureInfo</code> containing the above data.
+   * 
+   * @pre createSignatureEnvironment != null
+   * @pre createSignatureEnvironmentProfile != null
+   * @post return != null
+   */
+  public abstract CreateSignatureInfo createCreateSignatureInfo(
+    Content createSignatureEnvironment,
+    CreateSignatureEnvironmentProfile createSignatureEnvironmentProfile);
+
+  /**
+   * Create a new <code>CreateSignatureEnvironmentProfile</code> object 
+   * containing a reference to a locally stored profile.
+   * 
+   * @param profileID The profile ID to resolve during signature creation.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> containing
+   * the given profile ID.
+   *  
+   * @pre profileID != null && profileID.length() > 0
+   * @post return != null
+   */
+  public abstract CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(String profileID);
+
+  /**
+   * Create a new <code>CreateSignatureEnvironmentProfile</code> object by 
+   * providing the profile data explicitly. 
+   * 
+   * @param createSignatureLocation The location where the signature will be
+   * inserted.
+   * @param supplements Additional information about the signature environment.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> containing the
+   * above data.
+   * 
+   * @pre createSignatureLocation != null
+   * @pre supplements != null 
+   * @pre forall Object o in supplements | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation
+   * @post return != null
+   */
+  public abstract CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(
+    CreateSignatureLocation createSignatureLocation,
+    List supplements);
+
+  /**
+   * Create a new <code>CreateSignatureLocation</code> object.
+   * 
+   * @param xPathExpression The XPath expression to select the signature
+   * parent element within the signature environment.
+   * @param index The index of the node, after which the signature will be
+   * inserted.
+   * @param namespaceDeclarations The namespace prefix to URI mapping to apply
+   * while evaluating the XPath expression. 
+   * @return The <code>CreateSignatureLocation</code> containing the above data.
+   * 
+   * @pre xPathExpression != null
+   * @pre index >= 0
+   * @pre namespaceDeclarations != null
+   */
+  public abstract CreateSignatureLocation createCreateSignatureLocation(
+    String xPathExpression,
+    int index,
+    Map namespaceDeclarations);
+
+  /**
+   * Create a new <code>CreateXMLSignatureResponse</code> object.
+   * 
+   * @param responseElements The elements of the response, either 
+   * <code>SignatureEnvironmentResponse</code> objects, or 
+   * <code>ErrorResponse</code> objects.
+   * @return The new <code>CreateXMLSignatureResponse</code> containing the
+   * above data.
+   * 
+   * @pre responseElements != null && responseElements.size() > 0
+   * @pre forall Object o in responseElements | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureResponseElement
+   * @post return != null
+   */
+  public abstract CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements);
+
+  
+  /**
+   * Create a new <code>CreateCMSSignatureResponse</code> object.
+   * 
+   * @param responseElements The elements of the response, either 
+   * <code>CMSSignatureResponse</code> objects, or 
+   * <code>ErrorResponse</code> objects.
+   * @return The new <code>CreateCMSSignatureResponse</code> containing the
+   * above data.
+   * 
+   * @pre responseElements != null && responseElements.size() > 0
+   * @pre forall Object o in responseElements | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse
+   * @post return != null
+   */
+  public abstract CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements);
+  
+  
+  /**
+   * Create a new <code>SignatureEnvironmentResponse</code> object.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * signature.
+   * @return The <code>SignatureEnvironmentResponse</code> containing the
+   * <code>signatureEnvironment</code>.
+   * 
+   * @pre signatureEnvironment != null
+   * @post return != null
+   */
+  public abstract CMSSignatureResponse createCMSSignatureResponse(String base64value);
+  
+  /**
+   * Create a new <code>SignatureEnvironmentResponse</code> object.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * signature.
+   * @return The <code>SignatureEnvironmentResponse</code> containing the
+   * <code>signatureEnvironment</code>.
+   * 
+   * @pre signatureEnvironment != null
+   * @post return != null
+   */
+  public abstract SignatureEnvironmentResponse createSignatureEnvironmentResponse(Element signatureEnvironment);
+
+  /**
+   * Create a new <code>ErrorResponse</code> object.
+   * 
+   * @param code The numerical error code.
+   * @param info Verbose error information.
+   * @return The new <code>ErrorResponse</code> containing the above data.
+   * 
+   * @pre code > 0
+   * @pre info != null
+   * @post return != null
+   */
+  public abstract ErrorResponse createErrorResponse(int code, String info);
+
+  //
+  // Factory methods for verifying CMS signatures
+  //
+
+  /**
+   * Create a new <code>VerifyCMSSignatureRequest</code> object.
+   * 
+   * @param signatories The indexes of the signatories whose signature is to
+   * be verified.
+   * @param dateTime The date for which the verification is to be performed.
+   * May be <code>null</code>.
+   * @param cmsSignature The CMS signature.
+   * @param dataObject The signed data. May be <code>null</code>.
+   * @param trustProfileID The ID of the trust profile containing the trusted
+   * root certificates.
+   * @return The <code>VerifyCMSSignatureRequest</code> containing the above
+   * data.
+   * 
+   * @pre signatories != null && signatories.length > 0
+   * @pre signaturies != VerifyCMSSignatureRequest.ALL_SIGNATORIES implies
+   *        for (int i = 0;  i < signatories.length; i++)
+   *          signatories[i] >= 1
+   * @pre cmsSignature != null
+   * @pre trustProfileID != null && trustProfileID.length() > 0
+   * @post return != null
+   */
+  public abstract VerifyCMSSignatureRequest createVerifyCMSSignatureRequest(
+    int[] signatories,
+    Date dateTime,
+    InputStream cmsSignature,
+    CMSDataObject dataObject,
+    String trustProfileID);
+
+  /**
+   * Create a new <code>CMSDataObject</code> object from data at a given URI.
+   * 
+   * @param metaInfo Type information about the <code>CMSDataObject</code>.
+   * May be <code>null</code>.
+   * @param content The CMS content containing the data.
+   * @return The new <code>CMSDataObject</code> containing the data.
+   * 
+   * @pre referenceURI != null
+   * @pre content != null
+   * @post return != null
+   */
+  public abstract CMSDataObject createCMSDataObject(
+    MetaInfo metaInfo,
+    CMSContent content,
+    BigDecimal excludeByteRangeFrom,
+    BigDecimal excludeByteRangeTo);
+
+  /**
+   * Create a new <code>CMSContent</code> object from the data contained at the
+   * given URI.
+   * 
+   * @param referenceURI The URI identifying the data. Must be resolvable.
+   * @return The <code>CMSContent</code> containing a reference to the signed
+   * data.
+   * 
+   * @pre referenceURI != null
+   * @post return != null
+   */
+  public abstract CMSContent createCMSContent(String referenceURI);
+
+  /**
+   * Create a new <code>CMSContent</code> object from a byte stream.
+   * 
+   * @param binaryContent The byte stream containing the signed data.
+   * @return The new <code>CMSContent</code> containing the data from the
+   * byte stream.
+   * 
+   * @pre binaryContent != null
+   * @post return != null
+   */
+  public abstract CMSContent createCMSContent(InputStream binaryContent);
+
+  /**
+   * Create a new <code>VerifyCMSSignatureResponse</code> object.
+   * 
+   * @param responseElements Verification information about each signature.
+   * @return The new <code>VerifyCMSSignatureResponse</code> containing the
+   * status of signature verification for each signature contained in the
+   * request.
+   * 
+   * @pre responseElements != null && responseElements.size() > 0 
+   * @pre forall Object o in responseElements |
+   *        o instanceof at.gv.egovernment.moa.spss.api.cmssign.VerifyCMSSignatureResponseElement
+   * @post return != null
+   */
+  public abstract VerifyCMSSignatureResponse createVerifyCMSSignatureResponse(List responseElements);
+
+  /**
+   * Create a new <code>VerifyCMSSignatureResponseElement</code> object.
+   * 
+   * @param signerInfo Information about the signer certificate.
+   * @param signatureCheck Result of the singature value check.
+   * @param certificateCheck Result of the certificate status check.
+    * @return The new <code>VerifyCMSSignatureResponseElement</code> containing
+   * the above data.
+   * 
+   * @pre signerInfo != null && signatureCheck != null && 
+   *      certificateCheck != null
+   * @post return != null
+   */
+  public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
+    SignerInfo signerInfo,
+    CheckResult signatureCheck,
+    CheckResult certificateCheck);
+
+  //
+  // Factory methods for verifying XML signatures
+  //
+
+  /**
+   * Create a new <code>VerifyXMLSignatureRequest</code> object.
+   * 
+   * @param dateTime The date for which the verification is to be performed.
+   * May be <code>null</code>.
+   * @param verifySignatureInfo Information about the signature environment and
+   * the location of the signature.
+   * @param supplementProfiles Supplemental information for the signature 
+   * environment. May be <code>null</code>.
+   * @param signatureManifestParams Additional information for checking the
+   * signature manifest. May be <code>null</code>.
+   * @param returnHashInputData If <code>true</code>, hash input data will
+   * be returned in the response, otherwise not.
+   * @param trustProfileID The ID of the trust profile containing the trusted
+   * root certificates.
+   * @return The new <code>VerifyXMLSignatureRequest</code> containing the
+   * above data.
+   * 
+   * @pre verifySignatureInfo != null
+   * @pre supplementProfiles != null implies
+   *        forall Object o in supplementProfiles | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile
+   * @pre trustProfileID != null && trustProfileID.length() > 0
+   * @post return != null
+   */
+  public abstract VerifyXMLSignatureRequest createVerifyXMLSignatureRequest(
+    Date dateTime,
+    VerifySignatureInfo verifySignatureInfo,
+    List supplementProfiles,
+    SignatureManifestCheckParams signatureManifestParams,
+    boolean returnHashInputData,
+    String trustProfileID);
+
+  /**
+   * Create a new <code>VerifySignatureInfo</code> object.
+   * 
+   * @param verifySignatureEnvironment The signature environment containing
+   * the signature to be verified.
+   * @param verifySignatureLocation The location of the signature within the
+   * signature environment.
+   * @return The new <code>VerifySignatureInfo</code> containing the above data.
+   * 
+   * @pre verifySignatureEnvironment != null
+   * @pre verifySignatureLocation != null
+   * @post return != null
+   */
+  public abstract VerifySignatureInfo createVerifySignatureInfo(
+    Content verifySignatureEnvironment,
+    VerifySignatureLocation verifySignatureLocation);
+
+  /**
+   * Create a new <code>VerifySignatureLocation</code> object.
+   * 
+   * @param xPathExpression The XPath expression to select the signature 
+   * element within the signature environment.
+   * @param namespaceDeclarations The namespace prefix to URI mapping to apply
+   * while evaluating the XPath expression. 
+   * @return The new <code>VerifySignatureLocation</code> containing the above
+   * data.
+   * 
+   * @pre xPathExpression != null
+   * @pre namespaceDeclarations != null
+   * @post return != null
+   */
+  public abstract VerifySignatureLocation createVerifySignatureLocation(
+    String xPathExpression,
+    Map namespaceDeclarations);
+
+  /**
+   * Create a new <code>SupplementProfile</code> object containing a reference 
+   * to a locally stored profile.
+   * 
+   * @param profileID The profile ID to resolve during signature verification.
+   * @return The <code>SupplementProfile</code> containing the profile ID.
+   * 
+   * @pre profileID != null && profileID.length() > 0
+   * @post return != null
+   */
+  public abstract SupplementProfile createSupplementProfile(String profileID);
+
+  /**
+   * Create a new <code>SupplementProfile</code> object by providing the profile
+   * data explicitly.
+   * 
+   * @param supplementProfile The profile data.
+   * @return The <code>SupplementProfile</code> containing the profile data.
+   */
+  public abstract SupplementProfile createSupplementProfile(XMLDataObjectAssociation supplementProfile);
+
+  /**
+   * Create a new <code>SignatureManifestCheckParams</code> object.
+   * 
+   * @param referenceInfos Information for checking the validity of a 
+   * a reference. 
+   * @param returnReferenceInputData If <code>true</code>, the input data to
+   * the calculation of reference digest values will be returned in the 
+   * response, otherwise not.
+   * @return The <code>SignatureManifestCheckParams</code> containing the
+   * above data.
+   * 
+   * @pre referenceInfos != null && referenceInfos.size() > 0
+   * @pre forall Object o in referenceInfos | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo
+   * @post return != null
+   */
+  public abstract SignatureManifestCheckParams createSignatureManifestCheckParams(
+    List referenceInfos,
+    boolean returnReferenceInputData);
+
+  /**
+   * Create a new <code>ReferenceInfo</code> object.
+   * 
+   * @param verifyTransformsInfoProfiles The transformation profiles valid for
+   * the associated reference.
+   * @return The <code>ReferenceInfo</code> containing the transformation 
+   * profiles.
+   * 
+   * @pre verifyTransformsInfoProfiles != null && 
+   *        verifyTransformsInfoProfiles.size() > 0
+   * @pre forall Object o in verifyTransformsInfoProfiles |
+   *        o instanceof at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile
+   * @post return != null
+   */
+  public abstract ReferenceInfo createReferenceInfo(List verifyTransformsInfoProfiles);
+
+  /**
+   * Create a new <code>VerifyTransformsInfoProfile</code> object containing
+   * a reference to a locally stored profile.
+   * 
+   * @param profileID The profile ID to resolve during signature verification.
+   * @return The <code>VerifyTransformsInfoProfile</code> containing the
+   * given profile ID.
+   * 
+   * @pre profileID != null && profileID.length() > 0
+   * @post return != null
+   */
+  public abstract VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(String profileID);
+
+  /**
+   * Create a new <code>VerifyTransformsInfoProfile</code> object by providing
+   * the profile data explicitly.
+   * 
+   * @param transforms A valid chain of transformations for the reference.
+   * May be <code>null</code>.
+   * @param transformParameters Additional transformation information.
+   * @return The <code>VerifyTransformsInfoProfile</code> containing the above
+   * data.
+   * 
+   * @pre transforms != null implies 
+   *        (transforms.size() > 0 && 
+   *           forall Object o in transforms | o instanceof Transform)
+   * @pre transformParameters != null implies 
+   *        forall Object o in transformParameters | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter
+   * @post return != null
+   */
+  public abstract VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(
+    List transforms,
+    List transformParameters);
+
+  /**
+   * Create a new <code>TransformParameter</code> object with the data
+   * contained at the given URI.
+   * 
+   * @param URI The URI identifying the data. The URI will be resolved during
+   * signature verification.
+   * @return The <code>TransformParameter</code> containing the URI of the
+   * data.
+   * 
+   * @pre URI != null
+   * @post return != null
+   */
+  public abstract TransformParameter createTransformParameter(String URI);
+
+  /**
+   * Creata a new <code>TransformParameter</code> object containing the
+   * binary data.
+   * 
+   * @param URI The URI identifying the data.
+   * @param binaryData The binary data. 
+   * @return The <code>TransformParameter</code> containig the binary data.
+   * 
+   * @pre URI != null
+   * @pre binary != null
+   * @post return != null
+   */
+  public abstract TransformParameter createTransformParameter(
+    String URI,
+    InputStream binaryData);
+
+  /**
+   * Create a new <code>TransformParameter</code> object containing the hash
+   * value of the transformation data.
+   * 
+   * @param URI The URI identifying the data. It will be resolved during
+   * signature verification.
+   * @param digestMethod The digest method used for calculating the digest
+   * value.
+   * @param digestValue The hash value of the transformation data.
+   * @return The <code>TransformParameter</code> containing the above data.
+   * 
+   * @pre URI != null
+   * @pre digestMethod != null
+   * @pre digestValue != null
+   */
+  public abstract TransformParameter createTransformParameter(
+    String URI,
+    String digestMethod,
+    byte[] digestValue);
+
+  /**
+   * Create a new <code>VerifyXMLSignatureResponse</code> object.
+   * 
+   * @param signerInfo Information about the signer certificate.
+   * @param hashInputDatas The signed data objects. May be <code>null</code>.
+   * @param referenceInputDatas The reference input data objects. 
+   * May be <code>null</code>.
+   * @param signatureCheck Status information about the signature check.
+   * @param signatureManifestCheck Status information about the signature
+   * manifest check.
+   * @param xmlDsigManifestChecks Status information about each XMLDsig manifest
+   * check.
+   * @param certificateCheck Status information about the signer certificate
+   * check.
+   * @return The <code>VerifyXMLSignatureResponse</code> containing the above
+   * data.
+   * 
+   * @pre signerInfo != null
+   * @pre hashInputDatas != null implies 
+   *        forall Object o in hashInputDatas | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.common.Content
+   * @pre referenceInputDatas != null implies
+   *        forall Object o in referenceInputDatas | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.common.Content
+   * @pre signatureCheck != null
+   * @pre xmlDsigManifestChecks != null implies
+   *        forall Object o in xmlDsigManifestChecks | 
+   *          o instanceof at.gv.egovernment.moa.spss.api.xmlverifyManifestRefsCheckResult
+   * @pre certificateCheck != null
+   * @post return != null
+   */
+  public abstract VerifyXMLSignatureResponse createVerifyXMLSignatureResponse(
+    SignerInfo signerInfo,
+    List hashInputDatas,
+    List referenceInputDatas,
+    ReferencesCheckResult signatureCheck,
+    ReferencesCheckResult signatureManifestCheck,
+    List xmlDsigManifestChecks,
+    CheckResult certificateCheck);
+
+  /**
+   * Create a new <code>ReferencesCheckResult</code> object.
+   * 
+   * @param code The status code.
+   * @param info Additional information about the reference check.
+   * @return The <code>ReferencesCheckResult</code> containing the above data.
+   * 
+   * @pre code >= 0
+   * @post return != null
+   */
+  public abstract ReferencesCheckResult createReferencesCheckResult(
+    int code,
+    ReferencesCheckResultInfo info);
+
+  /**
+   * Create a new <code>ReferencesCheckResultInfo</code> object.
+   * 
+   * @param anyOtherInfo Arbitrary XML content describing the check result.
+   * May be <code>null</code>.
+   * @param failedReferences The indexes of the failed references. May be 
+   * <code>null</code>.
+   * @return The <code>ReferencesCheckResultInfo</code> containing the above
+   * data.
+   * 
+   * @post return != null
+   */
+  public abstract ReferencesCheckResultInfo createReferencesCheckResultInfo(
+    NodeList anyOtherInfo,
+    int[] failedReferences);
+
+  /**
+   * Create a new <code>ManifestRefsCheckResult</code> object.
+   * 
+   * @param code The status code.
+   * @param info Additional information about the manifest check. May be
+   * <code>null</code>.
+   * @return The <code>ManifestRefsCheckResult</code> containing the above
+   * data.
+   * 
+   * @pre code >= 0
+   * @post return != null
+   */
+  public abstract ManifestRefsCheckResult createManifestRefsCheckResult(
+    int code,
+    ManifestRefsCheckResultInfo info);
+
+  /**
+   * Create a new <code>ManifestRefsCheckResultInfo</code> object.
+   * 
+   * @param anyOtherInfo Arbitrary XML content describing the check result.
+   * May be <code>null</code>.
+   * @param failedReferences The indexes of the failed references. May be 
+   * <code>null</code>.
+   * @param referringSigReference The index of the reference in the signature.
+   * @return The <code>ManifestRefsCheckResultInfo</code> containing the 
+   * above data.
+   * 
+   * @pre referringSigReference > 0
+   * @post return != null
+   */
+  public abstract ManifestRefsCheckResultInfo createManifestRefsCheckResultInfo(
+    NodeList anyOtherInfo,
+    int[] failedReferences,
+    int referringSigReference);
+
+  //
+  // Factory methods for common objects
+  //
+
+  /**
+   * Create a new <code>Content</code> object referencing data via a URI.
+   * 
+   * @param referenceURI The URI pointing to the content.
+   * @return The <code>Content</code> object containing the reference.
+   * 
+   * @pre referenceURI != null && referenceURI.length() > 0
+   * @post return != null
+   */
+  public abstract Content createContent(String referenceURI);
+
+  /**
+   * Create a new <code>Content</code> object containing binary data.
+   * 
+   * @param binaryData An <code>InputStream</code> containing the binary data.
+   * @param referenceURI An URI identifying the data. May be <code>null</code>.
+   * @return The <code>Content</code> object containing the data.
+   * 
+   * @pre binaryData != null
+   * @post return != null
+   */
+  public abstract Content createContent(
+    InputStream binaryData,
+    String referenceURI);
+
+  /**
+    * Create a new <code>Content</code> object containing location reference data.
+    * 
+    * @param locationReferenceURI a URI pointing to the actual remote location of the content.
+    * 
+    * @param referenceURI An URI identifying the data. May be <code>null</code>.
+    * 
+    * @return The <code>Content</code> object containing the data.
+    * 
+    * @pre locationReferenceURI != null
+    * @post return != null
+    */
+   public abstract Content createContent(
+     String locationReferenceURI,
+     String referenceURI);
+
+  /**
+   * Create a new <code>Content</code> object containing XML data.
+   * 
+   * @param xmlData The XML data contained in the new <code>Content</code>.
+   * @param referenceURI An URI identifying the data. May be <code>null</code>.
+   * @return The <code>Content</code> object containing the data.
+   * 
+   * @pre xmlData != null
+   * @post return != null
+   */
+  public abstract Content createContent(NodeList xmlData, String referenceURI);
+
+  /**
+   * Create a new <code>XMLDataObjectAssociation</code> object.
+   * 
+   * @param metaInfo Information about the content type. May be 
+   * <code>null</code>.
+   * @param content The <code>Content</code> object containing the data.
+   * @return The <code>XMLDataObjectAssociation</code> containing the above
+   * data.
+   * 
+   * @pre content != null
+   * @pre content.getContentType() == Content.CONTENT_XML ||
+   *      content.getContentType() == Contetn.CONTENT_BINARY
+   * @pre content.getReference() != null
+   * @post return != null
+   */
+  public abstract XMLDataObjectAssociation createXMLDataObjectAssociation(
+    MetaInfo metaInfo,
+    Content content);
+
+  /**
+   * Create a new <code>MetaInfo</code> object.
+   * 
+   * @param mimeType The MIME type part of the meta information.
+   * @param description Descriptive meta information. May be <code>null</code>.
+   * @param otherInfo XML meta information. May be <code>null</code>.
+   * @param type Type information for XML signature creation. May be <code>null</code>.
+   * @return The <code>MetaInfo</code> object containing the above data.
+   * 
+   * @pre mimeType != null && mimeType.length() > 0
+   * @pre otherInfo != null implies 
+   *        forall Node n in otherInfo | n.getNodeType() == Node.ELEMENT  
+   */
+  public abstract MetaInfo createMetaInfo(
+    String mimeType,
+    String description,
+    NodeList otherInfo,
+    String type);
+
+  /**
+   * Create a <code>CanonicalizationTransform</code> type of <code>Transform</code>.
+   * 
+   * @param algorithmURI The algorithm URI of the canonicalization.
+   * @return The created <code>CanonicalizationTransform</code> object.
+   * 
+   * @pre CanonicalizationTransform.CANONICAL_XML.equals(algorithmURI) ||
+   *      CanonicalizationTransform.CANONICAL_XML_WITH_COMMENTS.equals(algorithmURI)
+   * @post return != null
+   */
+  public abstract Transform createCanonicalizationTransform(String algorithmURI);
+
+  /**
+   * Create an <code>ExclusiveCanonicalizationTransform</code> type of
+   * <code>Transform</code>.
+   * 
+   * @param algorithmURI The algorithm URI of the exclusive canonicalization.
+   * @param inclusiveNamespacePrefixes The prefixes of the namespaces to
+   * treat according to canonical XML.
+   * @return The new <code>ExclusiveCanonicalizationTransform</code>
+   * 
+   * @pre ExclusiveCanonicalizationTransform.EXCLUSIVE_CANONICAL_XML.equals(algorithmURI) ||
+   *      ExclusiveCanonicalizationTransform.EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS.equals(algorithmURI)
+   * @pre inclusiveNamespacePrefixes != null
+   * @pre forall Object o in inclusiveNamespacePrefixes | o instanceof String 
+   * @post return != null
+   */
+  public abstract Transform createExclusiveCanonicalizationTransform(
+    String algorithmURI,
+    List inclusiveNamespacePrefixes);
+
+  /**
+   * Create a <code>Base64Transform</code> type of <code>Transform</code>.
+   * 
+   * @return A <code>Transform</code> denoting a Base64 decoding.
+   * 
+   * @post return != null
+   */
+  public abstract Transform createBase64Transform();
+
+  /**
+   * Create a <code>EnvelopedSignatureTransform</code> type of 
+   * <code>Transform</code>.
+   * 
+   * @return A <code>Transform</code> denoting an enveloped signature.
+   * 
+   * @post return != null
+   */
+  public abstract Transform createEnvelopedSignatureTransform();
+
+  /**
+   * Create an <code>XSLTTransform</code> type of <code>Transform</code>.
+   * 
+   * @param styleSheet The XSLT stylesheet contained in the 
+   * <code>Transform</code>.
+   * @return A <code>Transform</code> containing the XSLT stylesheet.
+   * 
+   * @post return != null
+   */
+  public abstract Transform createXSLTTransform(Element styleSheet);
+
+  /**
+   * Create an <code>XPathTransform</code> type of <code>Transform</code>.
+   * 
+   * @param xPathExpression The XPath expression to use in the created
+   * <code>Transform</code>. 
+   * @param namespaceDeclarations The namespace prefix to URI mapping to
+   * apply on evaluation of the XPath expression.
+   * @return The <code>XPathTransform</code> containing the above data.
+   * 
+   * @pre xPathExpression != null
+   * @pre namespaceDeclarations != null
+   * @post return != null
+   */
+  public abstract Transform createXPathTransform(
+    String xPathExpression,
+    Map namespaceDeclarations);
+
+  /**
+   * Create a new <code>XPathFilter2Transform</code> type of 
+   * <code>Transform</code>. 
+   * 
+   * @param xPathFilters The filters contained in the newly created
+   * <code>XPathFilter2Transform</code>.
+   * @return The <code>XPathFilter2Transform</code> containing the given 
+   * filters.
+   * 
+   * @pre xPathFilters != null && 
+   *      forall Object o in xPathFilters | 
+   *        o instanceof at.gv.egovernment.moa.spss.api.common.XPathFilter 
+   * @post return != null
+   */
+  public abstract Transform createXPathFilter2Transform(List xPathFilters);
+
+  /**
+   * Create a new <code>XPathFilter</code> object.
+   * 
+   * @param filterType The type of filter.
+   * @param xPathExpression The XPath expression contained in this filter.
+   * @param namespaceDeclarations The namespace prefix to URI mapping to apply
+   * on evaluation of the XPath expression.
+   * @return The <code>XPathFilter</code> containing the above data.
+   * 
+   * @pre XPathFilter.SUBTRACT_TYPE.equals(filterType)  ||
+   *      XPathFilter.INTERSECT_TYPE.equals(filterType) ||
+   *      XPathFilter.UNION_TYPE.equals(filterType)
+   * @pre xPathExpression != null
+   * @pre namespaceDeclarations != null
+   * @post return != null
+   */
+  public abstract XPathFilter createXPathFilter(
+    String filterType,
+    String xPathExpression,
+    Map namespaceDeclarations);
+
+  /**
+   * Create a new <code>CheckResult</code> object.
+   * 
+   * @param code The check code.
+   * @param info Verbose information about the check. May be <code>null</code>.
+   * @return The <code>CheckResult</code> containing the above data.
+   * 
+   * @pre code >= 0
+   * @post return != null
+   */
+  public abstract CheckResult createCheckResult(int code, NodeList info);
+
+  
+  
+  /**
+   * Create a new <code>SignerInfo</code> object.
+   * 
+   * @param signerCertificate The signer certificate in binary form.
+   * @param qualifiedCertificate <code>true</code>, if the signer certificate is
+   * a qualified certificate, otherwise <code>false</code>.
+   * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+   * @param publicAuthority <code>true</code>, if the signer certificate is a
+   * public authority certificate, otherwise <code>false</code>.
+   * @param publicAuthorityID The identification of the public authority
+   * (if <code>publicAuthority</code> is <code>true</code>). May be 
+   * <code>null</code>.
+   * @param sscd <code>true</code>, if the TSL check verifies the 
+   * 		signature based on a SSDC, otherwise <code>false</code>.
+   * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+   * @param issuerCountryCode contains the signer certificate issuer country code.
+   * @return The <code>SignerInfo</code> containing the above data.
+   * 
+   * @pre signerCertSubjectName != null
+   * @pre signerCertIssuerSerial != null
+   * @pre signerCertificate != null
+   */
+  public abstract SignerInfo createSignerInfo(
+    X509Certificate signerCertificate,
+    boolean qualifiedCertificate,
+    boolean qcSourceTSL,
+    boolean publicAuthority,
+    String publicAuthorityID,
+    boolean sscd,
+    boolean sscdSourceTSL,
+    String issuerCountryCode);
+  
+  /**
+   * Create a new <code>X509IssuerSerial</code> object.
+   * 
+   * @param issuerName The distinguished name of the issuer.
+   * @param issuerSerial The certificate serial number.
+   * @return The <code>X509IssuerSerial</code> containing the above data.
+   * 
+   * @pre issuerName != null
+   * @pre issuerSerial != null
+   */
+  public abstract X509IssuerSerial createX509IssuerSerial(
+    String issuerName,
+    BigInteger issuerSerial);
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java
new file mode 100644
index 0000000..dfdd13d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureCreationService.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api;
+
+import at.gv.egovernment.moa.spss.MOAException;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.SignatureCreationServiceImpl;
+
+/**
+ * Interface providing functions for signature creation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class SignatureCreationService {
+
+  /** The default implementation class. */
+  private static final String DEFAULT_IMPLEMENTATION =
+    "at.gv.egovernment.moa.spss.server.invoke.SignatureCreationServiceImpl";
+  
+  /** The single instance of this class. */  
+  private static SignatureCreationService instance = null;
+
+  /**
+   * Get an instance of the <code>SignatureCreationService</code>.
+   * 
+   * @return A concrete instance of the <code>SignatureCreationService</code>.
+   */
+  public static synchronized SignatureCreationService getInstance() {
+    if (instance == null) {
+      try {
+    	  /*
+        DiscoverClass discover = new DiscoverClass();
+        instance =
+          (SignatureCreationService) discover.newInstance(
+            SignatureCreationService.class,
+            DEFAULT_IMPLEMENTATION);*/
+        return new SignatureCreationServiceImpl();
+      } catch (Exception e) {
+        // this can not happen since we provide a valid default 
+        // implementation
+      }
+    }
+    return instance;
+  }
+  
+  /**
+   * Create an XML signature.
+   * 
+   * @param request Information on how to create the signature.
+   * @return A <code>CreateXMLSignatureResponse</code> containing the 
+   * signature.
+   * @throws MOAException Error in server side MOA module.
+   */
+  public abstract CreateXMLSignatureResponse createXMLSignature(CreateXMLSignatureRequest request)
+    throws MOAException;
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java
new file mode 100644
index 0000000..85e2a97
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SignatureVerificationService.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.invoke.SignatureVerificationServiceImpl;
+
+/**
+ * Interface providing functions for verifying signatures.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class SignatureVerificationService {
+
+  /** The default implementation class. */
+  private static final String DEFAULT_IMPLEMENTATION =
+    "at.gv.egovernment.moa.spss.server.invoke.SignatureVerificationServiceImpl";
+
+  /** The single instance of this class. */
+  private static SignatureVerificationService instance = null;
+
+  /**
+   * Get an instance of the <code>SignatureVerificationService</code>.
+   * 
+   * @return A concrete instance of the 
+   * <code>SignatureVerificationService</code>.
+   */
+  public static synchronized SignatureVerificationService getInstance() {
+    if (instance == null) {
+      try {
+        /*DiscoverClass discover = new DiscoverClass();
+        instance =
+          (SignatureVerificationService) discover.newInstance(
+            SignatureVerificationService.class,
+            DEFAULT_IMPLEMENTATION);*/
+        return new SignatureVerificationServiceImpl();
+      } catch (Exception e) {
+        // this can not happen since we provide a valid default 
+        // implementation
+      }
+    }
+    return instance;
+  }
+
+  /**
+   * Verify a CMS signature.
+   * 
+   * @param request Detailed information on the verification that should be
+   * performed.
+   * @return A <code>VerifyCMSSignatureResponse</code> object that contains
+   * information about the performed verification.
+   * @throws MOAException Error in server side MOA module.
+   */
+  public abstract VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request)
+    throws MOAException;
+  /**
+   * Verfiy an XML Signature.
+   * 
+   * @param request  information on the verification that should be performed.
+   * @return A <code>VerifyXMLSignatureResponse</code> object that contains
+   * information about the performed verification.
+   * @throws MOAException Error in server side MOA module.
+   */
+  public abstract VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
+    throws MOAException;
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java
new file mode 100644
index 0000000..10db676
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CMSSignatureResponse.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+
+/**
+ * Contains the signature if the signature creation was successful.
+ *  
+ * @version $Id$
+ */
+public interface CMSSignatureResponse
+  extends CreateCMSSignatureResponseElement {
+  /** 
+   * Gets the CMS signature (Base64 encoded).
+   * 
+   * @return The CMS signature
+   */
+  public String getCMSSignature();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java
new file mode 100644
index 0000000..9d5cd7a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureRequest.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import java.util.List;
+
+
+/**
+ * Object that encapsulates a request to create a CMS Signature.
+ * 
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureRequest {
+  /**
+   * Gets the identifier for the keys to be used for the signature.
+   * 
+   * @return The identifier for the keys to be used.
+   */
+  public String getKeyIdentifier();
+  /**
+   * Gets the information of the singleSignatureInfo elements. 
+   * 
+   * @return The information of singleSignatureInfo elements.
+   */
+  public List getSingleSignatureInfos();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java
new file mode 100644
index 0000000..6062a11
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponse.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import java.util.List;
+
+/**
+ * Object that encapsulates the response on to a 
+ * <code>CreateCMSSignatureRequest</code> to create an XML signature.
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureResponse {
+  /**
+   * Gets the response elements.
+   * 
+   * @return The response elements.
+   */
+  public List getResponseElements();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java
new file mode 100644
index 0000000..8e4e611
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/CreateCMSSignatureResponseElement.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+/**
+ * Base class for <code>CMSSignature</code> and 
+ * <code>ErrorResponse</code> elements in a 
+ * <code>CreateXMLSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public interface CreateCMSSignatureResponseElement {
+  /**
+   * Indicates that this object contains a <code>CMSSignature</code>.
+   */
+  public static final int CMS_SIGNATURE = 0;
+  /**
+   * Indicates that this objet contains an <code>ErrorResponse</code>.
+   */
+  public static final int ERROR_RESPONSE = 1;
+  
+  /**
+   * Gets the type of response object.
+   * 
+   * @return The type of response object, either 
+   * <code>CMS_SIGNATURE</code> or <code>ERROR_RESPONSE</code>.
+   */
+  public int getResponseType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java
new file mode 100644
index 0000000..b9f3630
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/DataObjectInfo.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+
+/**
+ * Encapsulates information required to create a single signature.
+ * 
+ * @version $Id$
+ */
+public interface DataObjectInfo {
+  /**
+   * Indicates that a detached signature will be created.
+   */
+  public static final String STRUCTURE_DETACHED = "detached"; 
+  /**
+   * Indicates that an enveloping signature will be created.
+   */
+  public static final String STRUCTURE_ENVELOPING = "enveloping";
+
+  /**
+   * Gets the structure of the signature.
+   * 
+   * @return The structure of the signature.
+   */
+  public String getStructure();
+
+  /**
+   * Gets information related to a single data object.
+   * 
+   * @return Information related to a single data object.
+   */
+  public CMSDataObject getDataObject();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
new file mode 100644
index 0000000..1f87a50
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmssign;
+
+
+
+/**
+ * Encapsulates data to create a single signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SingleSignatureInfo {
+  /**
+   * Gets the dataObjectInfo information.
+   * 
+   * @return The dataObjectInfo information.
+   */
+  public DataObjectInfo getDataObjectInfo();
+  
+  /**
+   * Check whether a Security Layer conform signature manifest will be created.
+   * 
+   * @return <code>true</code>, if a Security Layer conform signature manifest 
+   * will be created, <code>false</code> otherwise.
+   */
+  public boolean isSecurityLayerConform();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContent.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContent.java
new file mode 100644
index 0000000..4c2c1cc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContent.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+/**
+ * Base class for objects containing CMS content.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CMSContent {
+  /**
+   * Indicates that this object contains a reference to the CMS content.
+   */
+  public static final int REFERENCE_CONTENT = 0;
+  /**
+   * Indicates that this object contains the CMS content explicitly.
+   */
+  public static final int EXPLICIT_CONTENT = 1;
+  
+  /**
+   * Gets the type of the contained content.
+   * 
+   * @return The type of content, either <code>REFERENCE_CONTENT</code> or
+   * <code>EXPLICIT_CONTENT</code>.
+   */
+  public int getContentType();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentExcplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentExcplicit.java
new file mode 100644
index 0000000..7fc6029
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentExcplicit.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import java.io.InputStream;
+
+/**
+ * Encapsulates binary CMS content.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CMSContentExcplicit extends CMSContent {
+  /**
+   * Gets the content as a stream.
+   * 
+   * @return A stream containing the binary content.
+   */
+  public InputStream getBinaryContent();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentReference.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentReference.java
new file mode 100644
index 0000000..ade197d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSContentReference.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+/**
+ * Encapsulates CMS content that is referenced by an URI.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CMSContentReference extends CMSContent {
+  /**
+   * Gets the reference URI from wher the content can be retrieved.
+   * 
+   * @return The reference URI.
+   */
+  public String getReference();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java
new file mode 100644
index 0000000..f9a6846
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/CMSDataObject.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import java.math.BigDecimal;
+
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * A data object used for verification of CMS signatures.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CMSDataObject {
+  /**
+   * Gets the meta information of the content.
+   * 
+   * @return An object containig the meta information.
+   */
+  public MetaInfo getMetaInfo();
+  /**
+   * Gets the actual content of the data object.
+   * 
+   * @return The actual content.
+   */
+  public CMSContent getContent();
+  
+  
+  public BigDecimal getExcludeByteRangeFrom();
+  
+  public BigDecimal getExcludeByteRangeTo();
+  
+  }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java
new file mode 100644
index 0000000..225f685
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import java.io.InputStream;
+import java.util.Date;
+
+/**
+ * Object that encapsulates a request to verify a CMS signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyCMSSignatureRequest {
+  /**
+   * Indicates, that signature checks for all signatories must be returned.
+   */
+  public static int[] ALL_SIGNATORIES = new int[] { -1 };
+  /**
+   * Gets the positions of signatories whose signature must be verified.
+   * 
+   * @return The positions of signatories.
+   */
+  public int[] getSignatories();
+  /**
+   * Gets the date and time for which the signature verification has to 
+   * be performed.
+   * 
+   * @return Date and time for which the signature verification has
+   * to be performed.
+   */
+  public Date getDateTime();
+  /**
+   * Gets the binary CMS signature.
+   * 
+   * @return An <code>InputStream</code> from which the binary CMS signature
+   * can be read.
+   */
+  public InputStream getCMSSignature();
+  /** 
+   * Gets the data object necessary for the verification.
+   * 
+   * @return The data object necessary for verification.
+   */
+  public CMSDataObject getDataObject();
+  /**
+   * Gets the profile ID of trusted certificates to be used for signature
+   * verification.
+   * 
+   * @return The profile ID of trusted certificates.
+   */
+  public String getTrustProfileId();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponse.java
new file mode 100644
index 0000000..33924cb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponse.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import java.util.List;
+
+
+/**
+ * Object that encapsulates the response on a request to verify a CMS
+ * signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyCMSSignatureResponse {
+  /**
+   * Gets the response elements.
+   * 
+   * @return The response elements. 
+   */
+  public List getResponseElements();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
new file mode 100644
index 0000000..a1135ba
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.cmsverify;
+
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Contains detailed information about the verification of a signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyCMSSignatureResponseElement {
+  /**
+   * Gets a SignerInfo element according to CMS.
+   * 
+   * @return The SignerInfo element according to CMS.
+   */
+  public SignerInfo getSignerInfo();
+  /**
+   * Gets the result of the signature verification.
+   * 
+   * @return The result of the signature verification.
+   */
+  public CheckResult getSignatureCheck();
+  /**
+   * Gets the result of the certificate verification.
+   * 
+   * @return The result of the certificate verification.
+   */
+  public CheckResult getCertificateCheck();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Base64Transform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Base64Transform.java
new file mode 100644
index 0000000..6050d5b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Base64Transform.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * A <code>Transform</code> performing a Base64 decoding.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface Base64Transform extends Transform {
+  /** Algorithm URI of the Base64 <code>Transform</code> type. */
+  public static final String BASE64_DECODING =
+    "http://www.w3.org/2000/09/xmldsig#base64";
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java
new file mode 100644
index 0000000..988c5bc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CanonicalizationTransform.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A canonicalization type of <code>Transform</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CanonicalizationTransform extends Transform {
+  /** Algorithm URI of canonical XML. */
+  public static final String CANONICAL_XML = Constants.C14N_URI;
+  /** Algorithm URI of canonical XML with comments. */
+  public static final String CANONICAL_XML_WITH_COMMENTS =
+    Constants.C14N_WITH_COMMENTS_URI;
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckResult.java
new file mode 100644
index 0000000..5c94981
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckResult.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Object encapsulating the result of a signature verification.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CheckResult {
+  /**
+   * Gets the result code.
+   * 
+   * @return The result code.
+   */
+  public int getCode();
+  /**
+   * Gets descriptive information.
+   * 
+   * @return Descriptive information.
+   */
+  public NodeList getInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Content.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Content.java
new file mode 100644
index 0000000..efde1eb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Content.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Encapsulates content data.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public interface Content {
+
+  /**
+   * Indicates that this object contains a URI reference to some content. 
+   */
+  public static final int REFERENCE_CONTENT = 0;
+
+  /**
+   * Indicates that this object contains binary content.
+   */
+  public static final int BINARY_CONTENT = 1;
+
+  /**
+   * Indicates that this object contains XML content.
+   */
+  public static final int XML_CONTENT = 2;
+ 
+  /**
+   * Indicates that this object contains a location reference content.
+   */
+  public static final int LOCREF_CONTENT = 3;
+
+  /**
+   * Gets the type of content contained in this object.
+   * 
+   * @return The type of content, one of <code>BINARY_CONTENT</code>, <code>XML_CONTENT</code>, <code>
+   *         REFERENCE_CONTENT</code> or <code>LOCREF_CONTENT</code>.
+   */
+  public int getContentType();
+
+  /**
+   * Gets the reference to the content data (a URI).
+   * 
+   * @return The reference to the content data.
+   */
+  public String getReference();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentBinary.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentBinary.java
new file mode 100644
index 0000000..77ec9dd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentBinary.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.io.InputStream;
+
+/**
+ * Encapsulates binary content.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ContentBinary extends Content {
+  /**
+   * Get the binary content.
+   * 
+   * @return An <code>InputStream</code> from which the binary content can
+   * be read.
+   */
+  public InputStream getBinaryContent();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentLocRef.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentLocRef.java
new file mode 100644
index 0000000..d1ef096
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentLocRef.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Encapsulates location reference content.
+ * 
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public interface ContentLocRef extends Content 
+{
+  /**
+   * Gets the location reference URI pointing to the actual remote location of the content.
+   * 
+   * @return the location reference URI.
+   */
+  public String getLocationReferenceURI();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentReference.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentReference.java
new file mode 100644
index 0000000..8c4a658
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentReference.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Content containing a reference to content data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ContentReference extends Content {
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentXML.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentXML.java
new file mode 100644
index 0000000..d41f6a6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ContentXML.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Encapsulates arbitrary XML content.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ContentXML extends Content {
+  /**
+   * Gets the XML content stored in this object.
+   * 
+   * @return The XML content.
+   */
+  public NodeList getXMLContent();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ElementSelector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ElementSelector.java
new file mode 100644
index 0000000..b446c5f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ElementSelector.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.Map;
+
+/**
+ * A class containing data for selecting single elements using an XPath 
+ * expression.
+ * 
+ * Derived classes are used to point to the <code>CreateSignatureLocation</code>
+ * and the <code>VerifySignatureLocation</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ElementSelector {
+  /**
+   * Gets the XPath expression pointing to a single element.
+   * 
+   * @return The XPath expression to select the signature parent element.
+   */
+  public String getXPathExpression();
+  /**
+   * Gets the namespace prefix to URI mapping to use when evaluating the XPath.
+   * 
+   * @return The namespace prefix to URI mapping.
+   */
+  public Map getNamespaceDeclarations();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/EnvelopedSignatureTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/EnvelopedSignatureTransform.java
new file mode 100644
index 0000000..8e6de87
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/EnvelopedSignatureTransform.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * An enveloped signature type of <code>Transform</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface EnvelopedSignatureTransform extends Transform {
+  /**
+   * Algorithm URI of the enveloped signature type of <code>Transform</code>.
+   */
+  public static final String ENVELOPED_SIGNATURE =
+    "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java
new file mode 100644
index 0000000..5c2b633
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/ExclusiveCanonicalizationTransform.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * An exclusive canonicalization type of <code>Transform</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ExclusiveCanonicalizationTransform extends Transform {
+  /** Algorithm URI of exclusive canonical XML. */
+  public static final String EXCLUSIVE_CANONICAL_XML = Constants.EXC_C14N_URI;
+  /** Algorithm URI of exclusive canonical XML with comments. */
+  public static final String EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS =
+    Constants.EXC_C14N_WITH_COMMENTS_URI;
+
+  /**
+   * Sets the namespace prefixes that are handled in the same manner as in
+   * canonical XML.
+   * 
+   * @return The inclusive namespace prefixes.
+   */
+  public List getInclusiveNamespacePrefixes();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java
new file mode 100644
index 0000000..8c940cd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/InputData.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Interface specifying accessors for two attributes needed for returning 
+ * <code>HashInputData</code> and <code>ReferenceInputData</code> information
+ * as part of <code>VerifyXMLSignatureResponse</code>.
+ * 
+ * @author Gregor Karlinger
+ * 
+ * @version $Id$
+ */
+public interface InputData extends Content
+{
+  /**
+   * Possible value returned by {@link #getPartOf}. 
+   */
+  public static String CONTAINER_SIGNEDINFO_ = "SignedInfo";
+
+  /**
+   * Possible value returned by {@link #getPartOf}. 
+   */
+  public static String CONTAINER_XMLDSIGMANIFEST_ = "XMLDSIGManifest";
+  
+  /**
+   * Value returned by {link getReferringReferenceNumber}, signalling that the
+   * attribute is not used.
+   */
+  public static int REFERER_NONE_ = -1;
+  
+  /**
+   * Returns a <code>String</code> signalling what kind of container the 
+   * XMLDSIG <code>Reference</code> this <code>InputData</code> belongs 
+   * to is part of.
+   * 
+   * @return the kind of container. 
+   */
+  public String getPartOf();
+  
+  /**
+   * If this <code>InputData</code> belongs to an XMLDSIG <code>Reference</code>
+   * being part of either a XMLDSIGManifest or a SignatureManifest, this method
+   * returns a positive int value signalling the particular <code>Reference</code>
+   * of the XMLDSIG <code>SignedInfo</code> referring to the XMLDSIGManifest or
+   * SignatureManifest respectively.
+   */
+  public int getReferringReferenceNumber();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/MetaInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/MetaInfo.java
new file mode 100644
index 0000000..2413229
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/MetaInfo.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Object encapsulating descriptive meta information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface MetaInfo {
+  /**
+   * Gets the mime type of the associated object.
+   * 
+   * @return The mimetype of the associated object.
+   */
+  public String getMimeType();
+  /**
+   * Gets the descriptive information (URI).
+   * 
+   * @return URI referencing the descriptive information.
+   */
+  public String getDescription();
+  /**
+   * Gets the elemental informations.
+   * 
+   * @return The elemental informations.
+   */  
+  public NodeList getAnyElements();
+  /**
+   * Gets the XML signature creation type information of the associated object.
+   * 
+   * @return the XML signature creation type information of the associated object.
+   */
+  public String getType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
new file mode 100644
index 0000000..777365a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.security.cert.X509Certificate;
+
+
+/**
+ * Contains information about the signer.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SignerInfo {
+  /**
+   * Gets the signer certificate.
+   * 
+   * @return The signer certificate.
+   */  
+  public X509Certificate getSignerCertificate();
+  /**
+   * Checks, whether the certificate contained in this object is qualified.
+   * 
+   * @return <code>true</code>, if the certificate is qualified, otherwise
+   * <code>false</code>.
+   */
+  public boolean isQualifiedCertificate();
+  
+  
+  /**
+   * Checks, whether the signature is based on a SSCD.
+   * 
+   * @return <code>true</code>, if the signature is based on a SSCD, otherwise
+   * <code>false</code>.
+   */
+  public boolean isSSCD();
+  
+  /**
+   * Returns the source of the SSCD check (TSL or Certificate)   * 
+   */
+  public String getSSCDSource();
+
+  /**
+   * Returns the source of the QC check (TSL or Certificate)   * 
+   */
+  public String getQCSource();
+
+  /**
+   * Returns the signer certificate issuer country code
+   * @return
+   */
+  public String getIssuerCountryCode();
+  /**
+   * Checks, whether the certificate contained in this object is a 
+   * public authority certificate.
+   * 
+   * @return <code>true</code>, if the certificate is a public authority 
+   * certificate, otherwise <code>false</code>.
+   */
+  public boolean isPublicAuthority();
+  /**
+   * Gets the public authority ID, if the certificate contained in this
+   * object is from a public authority.
+   * 
+   * @return The public authority ID.
+   */  
+  public String getPublicAuhtorityID();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
new file mode 100644
index 0000000..0e0c82c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
@@ -0,0 +1,82 @@
+/*

+ * Copyright 2003 Federal Chancellery Austria

+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal

+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.

+ *

+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by

+ * the European Commission - subsequent versions of the EUPL (the "Licence");

+ * You may not use this work except in compliance with the Licence.

+ * You may obtain a copy of the Licence at:

+ * http://www.osor.eu/eupl/

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the Licence is distributed on an "AS IS" basis,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the Licence for the specific language governing permissions and

+ * limitations under the Licence.

+ *

+ * This product combines work with different licenses. See the "NOTICE" text

+ * file for details on the various modules and licenses.

+ * The "NOTICE" text file is part of the distribution. Any derivative works

+ * that you distribute must include a readable copy of the "NOTICE" text file.

+ */

+

+

+package at.gv.egovernment.moa.spss.api.common;

+

+

+import iaik.xml.crypto.utils.URI;

+

+import java.util.Date;

+

+

+/**

+ * Contains TSL configuration information.

+ * 

+ * @author kstranacher

+ */

+public interface TSLConfiguration {

+	

+	/** Default URL of EU TSL */

+	public String DEFAULT_EU_TSL_URL = "https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml";

+	

+	/** Default period (1day=86400000 msec) for update schedule */

+	public String DEFAULT_UPDATE_SCHEDULE_PERIOD = "86400000";

+	

+	/** Default start time (2:00 AM) for update schedule */

+	public String DEFAULT_UPDATE_SCHEDULE_STARTTIME = "02:00:00";

+	

+	public String DEFAULT_WORKING_DIR = "tslworking";

+	

+  /**

+   * Gets the EU TSL URL.

+   * 

+   * @return The EU TSL URL.

+   */  

+  public String getEuTSLUrl();

+

+  /**

+   * 

+   * @return

+   */

+  public Date getUpdateScheduleStartTime();

+  

+  /**

+   * 

+   * @return

+   */

+  public long getUpdateSchedulePeriod();

+  

+  /**

+   * 

+   * @return

+   */

+  public String getWorkingDirectory();

+  

+  /**

+   * 

+   * @return

+   */

+  public URI getWorkingDirectoryAsURI();

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Transform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Transform.java
new file mode 100644
index 0000000..ad050b4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/Transform.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+/**
+ * Base class for XMLDsig <code>Transform</code> elements.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface Transform {
+  /**
+   * Gets the algorithm URI of this <code>Transform</code>.
+   * 
+   * @return The algorithm URI of this <code>Transform</code>.
+   */
+  public String getAlgorithmURI();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/X509IssuerSerial.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/X509IssuerSerial.java
new file mode 100644
index 0000000..39ec807
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/X509IssuerSerial.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.math.BigInteger;
+
+/**
+ * Contains an X.509 issuer distinguished name/serial number pair.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface X509IssuerSerial {
+  /**
+   * Gets the issuer distinguished name.
+   * 
+   * @return The issuer distinguished name.
+   */
+  public String getX509IssuerName();
+  /**
+   * Gets the issuer serial number.
+   * 
+   * @return The issuer serial number.
+   */
+  public BigInteger getX509SerialNumber();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XMLDataObjectAssociation.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XMLDataObjectAssociation.java
new file mode 100644
index 0000000..fe2a795
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XMLDataObjectAssociation.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+
+/**
+ * Object encapsulating arbitrary content and optional descriptive meta
+ * information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface XMLDataObjectAssociation {
+  /**
+   * Gets descriptive meta information.
+   * 
+   * @return The descriptive meta information.
+   */
+  public MetaInfo getMetaInfo();
+  /**
+   * Gets the actual content.
+   * 
+   * @return The content of this association.
+   */
+  public Content getContent();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter.java
new file mode 100644
index 0000000..06a49a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.Map;
+
+/**
+ * An XPath expression set operation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface XPathFilter {
+  /** Subtract this filter's node set from the resulting node set. */
+  public static final String SUBTRACT_TYPE = "subtract";
+  /** Intersect this filter's node set with the resulting node set. */
+  public static final String INTERSECT_TYPE = "intersect";
+  /** Compute the union of this filter's node set and the resulting node set. */
+  public static final String UNION_TYPE = "union";
+  
+  /**
+   * Gets the type of this <code>XPathFilter</code>.
+   * 
+   * @return The type of this <code>XPathFilter</code>.
+   */
+  public String getFilterType();
+  /**
+   * Gets the XPath expression for selecting the nodes.
+   * 
+   * @return The XPath expression for selecting the nodes.
+   */
+  public String getXPathExpression();
+  /**
+   * Gets The namespace prefix to URI mapping used during evaluation of the
+   * XPath expression.
+   * 
+   * @return The namespace prefix to URI mapping.
+   */
+  public Map getNamespaceDeclarations();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter2Transform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter2Transform.java
new file mode 100644
index 0000000..6f05710
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathFilter2Transform.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.List;
+
+/**
+ * An XPath type of <code>Transform</code> containing multiple filters for
+ * performing set operations on XPath selections. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface XPathFilter2Transform extends Transform {
+  /** Algorithm URI for the XPath Filter2 <code>Transform</code>. */
+  public static final String XPATH_FILTER2 =
+    "http://www.w3.org/2002/06/xmldsig-filter2";
+
+  /**
+   * Gets the <code>XPathFilter</code>s contained in this 
+   * <code>XPathFilter2Transform</code>.
+   * 
+   * @return The <code>XPathFilter</code>s.
+   */
+  public List getFilters();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathTransform.java
new file mode 100644
index 0000000..99eda2a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XPathTransform.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import java.util.Map;
+
+/**
+ * A <code>Transform</code> performing an XPath selection.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface XPathTransform extends Transform {
+  /** Algorithm URI of the XPath <code>Transform</code>. */
+  public static final String XPATH =
+    "http://www.w3.org/TR/1999/REC-xpath-19991116";
+
+  /**
+   * Gets the XPath expression used for selection.
+   * 
+   * @return The XPath expression used for selection.
+   */
+  public String getXPathExpression();
+  /**
+   * Gets The namespace prefix to URI mapping used during evaluation of the
+   * XPath expression.
+   * 
+   * @return The namespace prefix to URI mapping.
+   */
+  public Map getNamespaceDeclarations();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XSLTTransform.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XSLTTransform.java
new file mode 100644
index 0000000..8cb6c8e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/XSLTTransform.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.Element;
+
+/**
+ * A <code>Transform</code> containing an XSLT stylesheet.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface XSLTTransform extends Transform {
+  /** Algorithm URI for the XSLT type of <code>Transform</code>. */
+  public static final String XSLT =
+    "http://www.w3.org/TR/1999/REC-xslt-19991116";
+
+  /**
+   * Gets the XSLT stylesheet element used for the transformation.
+   * 
+   * @return The XSLT stylesheet element used for the transformation.
+   */
+  public Element getStylesheet();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/Base64TransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/Base64TransformImpl.java
new file mode 100644
index 0000000..f708bab
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/Base64TransformImpl.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Base64Transform;
+
+/**
+ * Default implementation of <code>Base64Transform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class Base64TransformImpl
+  extends TransformImpl
+  implements Base64Transform {
+
+  /**
+   * Create a new <code>Base64TransformImpl</code> object.
+   */
+  public Base64TransformImpl() {
+    setAlgorithmURI(BASE64_DECODING);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentExplicitImpl.java
new file mode 100644
index 0000000..8dede90
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentExplicitImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
+
+/**
+ * Default implementation of <code>CMSContentExplicit</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CMSContentExplicitImpl implements CMSContentExcplicit {
+  
+  /** The binary content, as a stream. */
+  private InputStream binaryContent;
+
+  /**
+   * Sets the binary content as a stream.
+   * 
+   * @param content The binary content as a stream.
+   */
+  public void setBinaryContent(InputStream content) {
+    this.binaryContent = content;
+  }
+
+  public InputStream getBinaryContent() {
+    return binaryContent;
+  }
+
+  /**
+   * Gets the type of content.
+   * 
+   * @return EXPLICIT_CONTENT
+   */
+  public int getContentType() {
+    return EXPLICIT_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentReferenceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentReferenceImpl.java
new file mode 100644
index 0000000..fb90c5f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSContentReferenceImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
+
+/**
+ * Default implementation of <code>CMSContentReference</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CMSContentReferenceImpl implements CMSContentReference {
+  
+  /** The reference pointing to the actual data. */
+  private String reference;
+
+  /**
+   * Sets the reference URI.
+   * 
+   * @param referenceURI The URI pointing to the content data.
+   */
+  public void setReference(String referenceURI) {
+    this.reference = referenceURI;
+  }
+
+  public String getReference() {
+    return reference;
+  }
+
+  /**
+   * Gets the content type.
+   * 
+   * @return REFERENCE_CONTENT
+   */
+  public int getContentType() {
+    return REFERENCE_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java
new file mode 100644
index 0000000..20a9b56
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSDataObjectImpl.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.math.BigDecimal;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * Default implementation of <code>CMLSDataObject</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CMSDataObjectImpl implements CMSDataObject {
+  
+  /** The <code>MetaInfo</code> associated with the CMS data object. */
+  private MetaInfo metaInfo;
+  /** The <code>CMSContent</code> contained in this data object. */
+  private CMSContent cmsContent;
+  
+  private BigDecimal excludeByteRangeFrom;
+  private BigDecimal excludeByteRangeTo;
+
+  /**
+   * Sets the meta information associated with the CMS data object.
+   * 
+   * @param metaInfo The meta information.
+   */
+  public void setMetaInfo(MetaInfo metaInfo) {
+    this.metaInfo = metaInfo;
+  }
+
+  public MetaInfo getMetaInfo() {
+    return metaInfo;
+  }
+
+  /**
+   * Sets the data of this <code>CMSDataObject</code>.
+   * 
+   * @param cmsContent The actual data of this <code>CMSDataObject</code>.
+   */
+  public void setContent(CMSContent cmsContent) {
+    this.cmsContent = cmsContent;
+  }
+
+  public CMSContent getContent() {
+    return cmsContent;
+  }
+
+  public void setExcludeByteRangeFrom(BigDecimal excludeByteRangeFrom) {
+  	this.excludeByteRangeFrom = excludeByteRangeFrom;
+  }
+  
+  public BigDecimal getExcludeByteRangeFrom() {
+	  return excludeByteRangeFrom;
+  }
+  
+  public void setExcludeByteRangeTo(BigDecimal excludeByteRangeTo) {
+	  this.excludeByteRangeTo = excludeByteRangeTo;
+  }
+  
+  public BigDecimal getExcludeByteRangeTo() {
+	  return excludeByteRangeTo;
+  }	
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java
new file mode 100644
index 0000000..b512dd0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CMSSignatureResponseImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+
+/**
+ * Default implementation of <code>CMSSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public class CMSSignatureResponseImpl
+  implements CMSSignatureResponse {
+
+  /** The base64 value of the CMS signature. */
+  private String cmsSignature;
+
+  /** 
+   * Sets the CMS signature.
+   * 
+   * @param cmsSignature The Base64 encoded value CMS signature.
+   */
+  public void setCMSSignature(String cmsSignature) {
+    this.cmsSignature = cmsSignature;
+  }
+
+  public String getCMSSignature() {
+    return cmsSignature;
+  }
+
+  /**
+   * Gets the type of <code>CreateCMSSignatureResponseElement</code>.
+   * 
+   * @return CMS_SIGNATURE
+   */
+  public int getResponseType() {
+    return CMS_SIGNATURE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CanonicalizationTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CanonicalizationTransformImpl.java
new file mode 100644
index 0000000..f8efe26
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CanonicalizationTransformImpl.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.CanonicalizationTransform;
+
+/**
+ * Default implementation of <code>CanonicalizationTransform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CanonicalizationTransformImpl
+  extends TransformImpl
+  implements CanonicalizationTransform {
+    
+  /**
+   * Create a new <code>CanonicalizationTransformImpl</code> object.
+   * 
+   * @param algorithmURI Algorithm URI of the canonicalization 
+   * <code>Transform</code> type. 
+   */
+  public CanonicalizationTransformImpl(String algorithmURI) {
+    setAlgorithmURI(algorithmURI);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckResultImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckResultImpl.java
new file mode 100644
index 0000000..5bb6e60
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckResultImpl.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+
+/**
+ * Default implementation of <code>CheckResult</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CheckResultImpl implements CheckResult {
+  /** The result code. */
+  private int code;
+  
+  /** Additional information. */ 
+  private NodeList info;
+
+  /**
+   * Sets a result code.
+   * 
+   * @param code The result code.
+   */
+  public void setCode(int code) {
+    this.code = code;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.CheckResult#getCode()
+   */
+  public int getCode() {
+    return code;
+  }
+
+  /**
+   * Sets a descriptive information.
+   * 
+   * @param info The descriptive information.
+   */
+  public void setInfo(NodeList info) {
+    this.info = info;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.CheckResult#getInfo()
+   */
+  public NodeList getInfo() {
+    return info;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentBinaryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentBinaryImpl.java
new file mode 100644
index 0000000..7fe1cf9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentBinaryImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+
+/**
+ * Default implementation of <code>ContentBinary</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ContentBinaryImpl extends ContentImpl implements ContentBinary {
+
+  /** The binary content as a stream. */ 
+  private InputStream binaryContent;
+
+  /**
+   * Sets the binary content as a stream.
+   * 
+   * @param binaryContent The binary content as a stream.
+   */
+  public void setBinaryContent(InputStream binaryContent) {
+    this.binaryContent = binaryContent;
+  }
+
+  public InputStream getBinaryContent() {
+    return binaryContent;
+  }
+
+  /**
+   * Gets the type of content.
+   * 
+   * @return BINARY_CONTENT
+   */
+  public int getContentType() {
+    return BINARY_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentImpl.java
new file mode 100644
index 0000000..d061747
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentImpl.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+
+/**
+ * Default base class for <code>Content</code> implementations.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class ContentImpl implements Content {
+  /** The reference pointing to the content data. */
+  private String reference;
+
+  /**
+   * Sets the reference pointing to the content data.
+   * 
+   * @param referenceURI The URI of the content data.
+   */
+  public void setReference(String referenceURI) {
+    this.reference = referenceURI;
+  }
+
+  public String getReference() {
+    return reference;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentLocRefImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentLocRefImpl.java
new file mode 100644
index 0000000..aa01a93
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentLocRefImpl.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.ContentLocRef;
+
+/**
+ * Default implementation of <code>ContentLocRef</code>.
+ * 
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class ContentLocRefImpl extends ContentImpl implements ContentLocRef 
+{
+  /**
+   * The location reference URI pointing to the actual remote location of the content. 
+   */
+  private String locationReferenceURI_;
+  
+  /** 
+   * @see at.gv.egovernment.moa.spss.api.common.ContentLocRef#getLocationReferenceURI()
+   */
+  public String getLocationReferenceURI()
+  {
+    return locationReferenceURI_;
+  }
+  
+  /**
+   * Sets the location reference URI pointing to the actual remote location of the content. 
+   * 
+   * @param locationReferenceURI the location reference URI.
+   */
+  public void setLocationReferenceURI(String locationReferenceURI)
+  {
+    locationReferenceURI_ = locationReferenceURI;
+  }
+  
+  /**
+   * Gets the type of content.
+   * 
+   * @return LOCREF_CONTENT.
+   */
+  public int getContentType() {
+    return LOCREF_CONTENT;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentReferenceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentReferenceImpl.java
new file mode 100644
index 0000000..ab5c3b4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentReferenceImpl.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.ContentReference;
+
+/**
+ * Default implementation of <code>ContentReference</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ContentReferenceImpl
+  extends ContentImpl
+  implements ContentReference {
+
+  /**
+   * Gets the type of content.
+   * 
+   * @return REFERENCE_CONTENT
+   */
+  public int getContentType() {
+    return REFERENCE_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentXMLImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentXMLImpl.java
new file mode 100644
index 0000000..dcc1935
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ContentXMLImpl.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+
+/**
+ * Default implementation of <code>ContentXML</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ContentXMLImpl extends ContentImpl implements ContentXML {
+
+  /** The nodes making up the XML content. */
+  private NodeList xmlContent;
+  
+  /**
+   * Sets the nodes making up the XML content.
+   * 
+   * @param xmlContent The XML content.
+   */
+  public void setXMLContent(NodeList xmlContent) {
+    this.xmlContent = xmlContent;
+  }
+
+  public NodeList getXMLContent() {
+    return xmlContent;
+  }
+
+  /**
+   * Gets the type of content.
+   * 
+   * @return XML_CONTENT
+   */
+  public int getContentType() {
+    return XML_CONTENT;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java
new file mode 100644
index 0000000..e8408bc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureRequestImpl.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+
+/**
+ * Default implementation of <code>CreateCMSSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateCMSSignatureRequestImpl
+  implements CreateCMSSignatureRequest {
+
+  /** The identifier for selecting the private keys for creating the signature.*/
+  private String keyIdentifier;
+  /** Information for creating a single signature. */
+  private List singleSignatureInfos = new ArrayList();
+
+  /**
+   * Sets the identifier for selecting the private keys for creating the 
+   * signature.
+   * 
+   * @param keyIdentifier The identifier for selecting the private keys.
+   */
+  public void setKeyIdentifier(String keyIdentifier) {
+    this.keyIdentifier = keyIdentifier;
+  }
+
+  public String getKeyIdentifier() {
+    return keyIdentifier;
+  }
+
+  /**
+   * Sets the information for creating single signatures.
+   * 
+   * @param singleSignaureInfos The information for creating single signatures.
+   */
+  public void setSingleSignatureInfos(List singleSignaureInfos) {
+    this.singleSignatureInfos =
+      singleSignaureInfos != null
+        ? Collections.unmodifiableList(new ArrayList(singleSignaureInfos))
+        : null;
+  }
+
+  public List getSingleSignatureInfos() {
+    return singleSignatureInfos;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java
new file mode 100644
index 0000000..d596058
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateCMSSignatureResponseImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+
+/**
+ * Default implementation of <code>CreateCMSSignatureResponse</code>.
+ * 
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseImpl
+  implements CreateCMSSignatureResponse {
+
+  /** The elements contained in the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Sets the elements contained in the response.
+   * 
+   * @param responseElements The response elements.
+   */
+  public void setResponseElements(List responseElements) {
+    this.responseElements =
+      responseElements != null
+        ? Collections.unmodifiableList(new ArrayList(responseElements))
+        : null;
+  }
+
+  public List getResponseElements() {
+    return responseElements;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
new file mode 100644
index 0000000..9fe8eaf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+
+/**
+ * Default implementation of 
+ * <codeCreateSignatureEnvironmentProfileExplicit</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateSignatureEnvironmentProfileExplicitImpl
+  implements CreateSignatureEnvironmentProfileExplicit {
+
+  /** The insertion location of the signature to be created. */
+  private CreateSignatureLocation createSignatureLocation;
+
+  /** Supplemental information for evaluating the signature environment. */
+  private List supplements;
+
+  /**
+   * Sets the insertion location of the signature to be created.
+   * 
+   * @param createSignatureLocation The insertion location of the signature to 
+   * be created.
+   */
+  public void setCreateSignatureLocation(CreateSignatureLocation createSignatureLocation) {
+    this.createSignatureLocation = createSignatureLocation;
+  }
+
+  public CreateSignatureLocation getCreateSignatureLocation() {
+    return createSignatureLocation;
+  }
+
+  /**
+   * Sets the supplemental information for evaluating the signature
+   * environment.
+   * 
+   * @param supplements The supplemental information.
+   */
+  public void setSupplements(List supplements) {
+    this.supplements =
+      supplements != null
+        ? Collections.unmodifiableList(new ArrayList(supplements))
+        : null;
+  }
+
+  public List getSupplements() {
+    return supplements;
+  }
+
+  /**
+   * Gets the type of profile.
+   * 
+   * @return EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE
+   */
+  public int getCreateSignatureEnvironmentProfileType() {
+    return EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileIDImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileIDImpl.java
new file mode 100644
index 0000000..5edbf4f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileIDImpl.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileID;
+
+/**
+ * Default implementation of <code>CreateSignatureEnvironmentProfileID</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateSignatureEnvironmentProfileIDImpl
+  implements CreateSignatureEnvironmentProfileID {
+
+  /** The profile ID. */
+  private String createSignatureEnvironmentProfileID;
+
+  /**
+   * Sets the profile ID.
+   * 
+   * @param profileID The profile ID.
+   */
+  public void setCreateSignatureEnvironmentProfileID(String profileID) {
+    this.createSignatureEnvironmentProfileID = profileID;
+  }
+
+  public String getCreateSignatureEnvironmentProfileID() {
+    return createSignatureEnvironmentProfileID;
+  }
+
+  /**
+   * Gets the type of profile.
+   * 
+   * @return ID_CREATESIGNATUREENVIRONMENTPROFILE
+   */
+  public int getCreateSignatureEnvironmentProfileType() {
+    return ID_CREATESIGNATUREENVIRONMENTPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureInfoImpl.java
new file mode 100644
index 0000000..7111633
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureInfoImpl.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+
+/**
+ * Default implementation of <code>CreateSignatureInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateSignatureInfoImpl implements CreateSignatureInfo {
+  
+  /** The signature environment that will contain the newly created 
+   * signature. */
+  private Content createSignatureEnvironment;
+
+  /** Additional information about the signature environment. */
+  private CreateSignatureEnvironmentProfile createSignatureEnvironmentProfile;
+
+  /**
+   * Sets the signature environment that will contain the newly created 
+   * signature.
+   * 
+   * @param createSignatureEnvironment The signature environment.
+   */
+  public void setCreateSignatureEnvironment(Content createSignatureEnvironment) {
+    this.createSignatureEnvironment = createSignatureEnvironment;
+  }
+
+  public Content getCreateSignatureEnvironment() {
+    return createSignatureEnvironment;
+  }
+
+  /**
+   * Sets the signature environment profile containing additional information
+   * about the signature environment.
+   * 
+   * @param profile The signature environment profile.
+   */
+  public void setCreateSignatureEnvironmentProfile(CreateSignatureEnvironmentProfile profile) {
+    this.createSignatureEnvironmentProfile = profile;
+  }
+
+  public CreateSignatureEnvironmentProfile getCreateSignatureEnvironmentProfile() {
+    return createSignatureEnvironmentProfile;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureLocationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureLocationImpl.java
new file mode 100644
index 0000000..6f3101f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureLocationImpl.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+
+/**
+ * Default implementation of <code>CreateSignatureLocation</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateSignatureLocationImpl
+  extends ElementSelectorImpl
+  implements CreateSignatureLocation {
+
+  /** The index of the newly created signature. */
+  private int index;
+
+  /**
+   * Sets the index of the newly created signature.
+   * 
+   * @param index The index of the newly created signature.
+   */
+  public void setIndex(int index) {
+    this.index = index;
+  }
+
+  public int getIndex() {
+    return index;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoImpl.java
new file mode 100644
index 0000000..d53f103
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoImpl.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+
+/**
+ * Default implementation of <code>CreateTransformsInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateTransformsInfoImpl implements CreateTransformsInfo {
+  /** The dsig:Transforms. */
+  private List transforms;
+  /** Meta information about the data resulting from the transforms. */
+  private MetaInfo finalDataMetaInfo;
+
+  /**
+   * Sets the transforms.
+   * 
+   * @param transforms The transforms.
+   */
+  public void setTransforms(List transforms) {
+    this.transforms =
+      transforms != null
+        ? Collections.unmodifiableList(new ArrayList(transforms))
+        : null;
+  }
+
+  public List getTransforms() {
+    return transforms;
+  }
+
+  /**
+   * Sets the meta information about the data resulting from the transforms.
+   * 
+   * @param finalDataMetaInfo The meta information.
+   */
+  public void setFinalDataMetaInfo(MetaInfo finalDataMetaInfo) {
+    this.finalDataMetaInfo = finalDataMetaInfo;
+  }
+
+  public MetaInfo getFinalDataMetaInfo() {
+    return finalDataMetaInfo;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileExplicitImpl.java
new file mode 100644
index 0000000..b6b9d52
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileExplicitImpl.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit;
+
+/**
+ * Default implementation of <code>CreateTransformsInfoProfileExplicit</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateTransformsInfoProfileExplicitImpl
+  implements CreateTransformsInfoProfileExplicit {
+
+  /** Transformation information. */
+  private CreateTransformsInfo transformsInfo;
+  /** Additional data for the transformations. */
+  private List supplements = new ArrayList();
+
+  /**
+   * Sets the transformation information.
+   * 
+   * @param transformsInfo The transformation information.
+   */
+  public void setCreateTransformsInfo(CreateTransformsInfo transformsInfo) {
+    this.transformsInfo = transformsInfo;
+  }
+
+  public CreateTransformsInfo getCreateTransformsInfo() {
+    return transformsInfo;
+  }
+
+  /**
+   * Sets the additional data for the transformations.
+   * 
+   * @param supplements The additional data.
+   */
+  public void setSupplements(List supplements) {
+    this.supplements =
+      supplements != null
+        ? Collections.unmodifiableList(new ArrayList(supplements))
+        : null;
+  }
+
+  public List getSupplements() {
+    return supplements;
+  }
+
+  /**
+   * Gets the type of profile.
+   * 
+   * @return EXPLICIT_CREATETRANSFORMSINFOPROFILE
+   */
+  public int getCreateTransformsInfoProfileType() {
+    return EXPLICIT_CREATETRANSFORMSINFOPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileIDImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileIDImpl.java
new file mode 100644
index 0000000..55d0ca6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateTransformsInfoProfileIDImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileID;
+
+/**
+ * Default implementation of <code>CreateTransformsInfoProfileID</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateTransformsInfoProfileIDImpl
+  implements CreateTransformsInfoProfileID {
+
+  /** The profile ID. */
+  private String createTransformsID;
+
+  /**
+   * Sets the profile ID.
+   * @param createTransformsID The profile ID.
+   */
+  public void setCreateTransformsInfoProfileID(String createTransformsID) {
+    this.createTransformsID = createTransformsID;
+  }
+
+  public String getCreateTransformsInfoProfileID() {
+    return createTransformsID;
+  }
+
+  /**
+   * Gets the type of profile.
+   * 
+   * @return ID_CREATETRANSFORMSINFOPROFILE
+   */
+  public int getCreateTransformsInfoProfileType() {
+    return ID_CREATETRANSFORMSINFOPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureRequestImpl.java
new file mode 100644
index 0000000..aaffaa7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureRequestImpl.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+
+/**
+ * Default implementation of <code>CreateXMLSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateXMLSignatureRequestImpl
+  implements CreateXMLSignatureRequest {
+
+  /** The identifier for selecting the private keys for creating the signature.*/
+  private String keyIdentifier;
+  /** Information for creating a single signature. */
+  private List singleSignatureInfos = new ArrayList();
+
+  /**
+   * Sets the identifier for selecting the private keys for creating the 
+   * signature.
+   * 
+   * @param keyIdentifier The identifier for selecting the private keys.
+   */
+  public void setKeyIdentifier(String keyIdentifier) {
+    this.keyIdentifier = keyIdentifier;
+  }
+
+  public String getKeyIdentifier() {
+    return keyIdentifier;
+  }
+
+  /**
+   * Sets the information for creating single signatures.
+   * 
+   * @param singleSignaureInfos The information for creating single signatures.
+   */
+  public void setSingleSignatureInfos(List singleSignaureInfos) {
+    this.singleSignatureInfos =
+      singleSignaureInfos != null
+        ? Collections.unmodifiableList(new ArrayList(singleSignaureInfos))
+        : null;
+  }
+
+  public List getSingleSignatureInfos() {
+    return singleSignatureInfos;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureResponseImpl.java
new file mode 100644
index 0000000..7a8359f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateXMLSignatureResponseImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+
+/**
+ * Default implementation of <code>CreateXMLSignatureResponse</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class CreateXMLSignatureResponseImpl
+  implements CreateXMLSignatureResponse {
+
+  /** The elements contained in the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Sets the elements contained in the response.
+   * 
+   * @param responseElements The response elements.
+   */
+  public void setResponseElements(List responseElements) {
+    this.responseElements =
+      responseElements != null
+        ? Collections.unmodifiableList(new ArrayList(responseElements))
+        : null;
+  }
+
+  public List getResponseElements() {
+    return responseElements;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java
new file mode 100644
index 0000000..702086b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoCMSImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+
+/**
+ * Default implementation of <code>DataObjectInfo</code> for CMS.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class DataObjectInfoCMSImpl implements DataObjectInfo {
+  /** The signature structure type. */
+  private String stucture;
+  /** The data object to be signed. */
+  private CMSDataObject dataObject;
+
+  /**
+   * Sets the signature structure type.
+   * 
+   * @param structure The signature structure type.
+   */
+  public void setStructure(String structure) {
+    this.stucture = structure;
+  }
+
+  public String getStructure() {
+    return stucture;
+  }
+
+
+  /**
+   * Sets the data object to be signed.
+   * 
+   * @param dataObject The data object to be signed.
+   */
+  public void setDataObject(CMSDataObject dataObject) {
+    this.dataObject = dataObject;
+  }
+
+  public CMSDataObject getDataObject() {
+    return dataObject;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoImpl.java
new file mode 100644
index 0000000..7a25a97
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/DataObjectInfoImpl.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+
+/**
+ * Default implementation of <code>DataObjectInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class DataObjectInfoImpl implements DataObjectInfo {
+  /** The signature structure type. */
+  private String stucture;
+  /** Whether a reference will be placed in the signature itself or in the
+   * manifest */
+  private boolean childOfManifest;
+  /** The data object to be signed. */
+  private Content dataObject;
+  /** The profile containing additional information for the transformations. */
+  private CreateTransformsInfoProfile createTransformsInfoProfile;
+
+  /**
+   * Sets the signature structure type.
+   * 
+   * @param structure The signature structure type.
+   */
+  public void setStructure(String structure) {
+    this.stucture = structure;
+  }
+
+  public String getStructure() {
+    return stucture;
+  }
+
+  /**
+   * Sets whether a reference will be placed in the signature itself or in the
+   * manifest.
+   * 
+   * @param childOfManifest Whether to put the reference in the signature of
+   * in the manifest. 
+   */
+  public void setChildOfManifest(boolean childOfManifest) {
+    this.childOfManifest = childOfManifest;
+  }
+
+  public boolean isChildOfManifest() {
+    return childOfManifest;
+  }
+
+  /**
+   * Sets the data object to be signed.
+   * 
+   * @param dataObject The data object to be signed.
+   */
+  public void setDataObject(Content dataObject) {
+    this.dataObject = dataObject;
+  }
+
+  public Content getDataObject() {
+    return dataObject;
+  }
+
+  /**
+   * Sets additional information for the transformations.
+   * 
+   * @param profile The profile containing additional information for the
+   * transformations.
+   */
+  public void setCreateTransformsInfoProfile(CreateTransformsInfoProfile profile) {
+    this.createTransformsInfoProfile = profile;
+  }
+
+  public CreateTransformsInfoProfile getCreateTransformsInfoProfile() {
+    return createTransformsInfoProfile;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ElementSelectorImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ElementSelectorImpl.java
new file mode 100644
index 0000000..7de0660
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ElementSelectorImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.spss.api.common.ElementSelector;
+
+/**
+ * Default implementation of <code>ElementSelector</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ElementSelectorImpl implements ElementSelector {
+  /** The XPath expression pointing to the element. */
+  private String xPathExpression;
+  /** The namespace declarations to apply for evaluating the XPath */
+  private Map namespaceDeclarations = new HashMap();
+
+  /**
+   * Sets the XPath expression pointing to the element.
+   * 
+   * @param xPathExpression XPath expression pointing to the element.
+   */
+  public void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * Sets namespace declarations to apply for evaluating the XPath.
+   * 
+   * @param namespaceDeclarations The namespace declarations to apply for 
+   * evaluating the XPath.
+   */
+  public void setNamespaceDeclarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/EnvelopedSignatureTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/EnvelopedSignatureTransformImpl.java
new file mode 100644
index 0000000..121037f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/EnvelopedSignatureTransformImpl.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.EnvelopedSignatureTransform;
+
+/**
+ * Default implementation of <code>EnvelopedSignatureTransform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class EnvelopedSignatureTransformImpl
+  extends TransformImpl
+  implements EnvelopedSignatureTransform {
+
+  /**
+   * Create a <code>EnvelopedSignatureTransformImpl</code>.
+   */
+  public EnvelopedSignatureTransformImpl() {
+    setAlgorithmURI(ENVELOPED_SIGNATURE);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ErrorResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ErrorResponseImpl.java
new file mode 100644
index 0000000..a2a59a7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ErrorResponseImpl.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+
+/**
+ * Default implementation of <code>ErrorResponse</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ErrorResponseImpl implements ErrorResponse {
+  /** The error code. */
+  private int code;
+  /** Verbose error message. */
+  private String info;
+
+  /**
+   * Sets the error code.
+   * 
+   * @param code The error code.
+   */
+  public void setErrorCode(int code) {
+    this.code = code;
+  }
+
+  public int getErrorCode() {
+    return code;
+  }
+
+  /**
+   * Sets the verbose error information.
+   * 
+   * @param info The verbose error information.
+   */
+  public void setInfo(String info) {
+    this.info = info;
+  }
+
+  public String getInfo() {
+    return info;
+  }
+
+  /**
+   * Gets the response type.
+   * 
+   * @return ERROR_RESPONSE 
+   */
+  public int getResponseType() {
+    return ERROR_RESPONSE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExclusiveCanonicalizationTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExclusiveCanonicalizationTransformImpl.java
new file mode 100644
index 0000000..eea09c0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ExclusiveCanonicalizationTransformImpl.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.ExclusiveCanonicalizationTransform;
+
+/**
+ * Default implementation of <code>ExclusiveCanonicalizationTransform</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ExclusiveCanonicalizationTransformImpl
+  extends TransformImpl
+  implements ExclusiveCanonicalizationTransform {
+
+  /** The namespaces to treat according to canonical XML. */
+  private List inclusiveNamespacePrefixes;
+  
+  /** 
+   * Create a <code>ExclusiveCanonicalizationTransformImpl</code> object.
+   * 
+   * @param algorithmURI The algorithm URI identifying the transformation
+   * algorithm.
+   */
+  public ExclusiveCanonicalizationTransformImpl(String algorithmURI) {
+    setAlgorithmURI(algorithmURI);
+  }
+
+  /**
+   * Sets the namespaces to treat according to canonical XML.
+   * @param inclusiveNamespacePrefixes The namespaces to treat according to 
+   * canonical XML.
+   */
+  public void setInclusiveNamespacePrefixes(List inclusiveNamespacePrefixes) {
+    this.inclusiveNamespacePrefixes =
+      inclusiveNamespacePrefixes != null
+        ? Collections.unmodifiableList(new ArrayList(inclusiveNamespacePrefixes))
+        : null;
+  }
+
+  public List getInclusiveNamespacePrefixes() {
+    return inclusiveNamespacePrefixes;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java
new file mode 100644
index 0000000..27f6f85
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataBinaryImpl.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.spss.MOARuntimeException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+
+/**
+ * Content wrapper decorating a binary content with two additional attributes 
+ * needed for returning <code>HashInputData</code> and <code>ReferenceInputData
+ * </code> information as part of <code>VerifyXMLSignatureResponse</code>.
+ * 
+ * @author Gregor Karlinger
+ * 
+ * @version $Id$
+ */
+public class InputDataBinaryImpl implements ContentBinary, InputData
+{
+  /**
+   * The wrapped <code>Content</code>.
+   */
+  protected ContentBinary wrapped_;
+  
+  /**
+   * This attribute signals what kind of container the XMLDSIG <code>Reference</code>
+   * this <code>InputData</code> belongs to is part of. 
+   */
+  protected String partOf_;
+  
+  /**
+   * If this <code>InputData</code> belongs to an XMLDSIG <code>Reference</code>
+   * being part of either a XMLDSIGManifest or a SignatureManifest, this attribute
+   * (a positive int) signals the particular <code>Reference</code> of the XMLDSIG 
+   * <code>SignedInfo</code> referring to the XMLDSIGManifest or SignatureManifest
+   * respectively.
+   */
+  protected int referringReferenceNumber_;
+  
+  /**
+   * Creates a new instance.
+   * 
+   * @param wrapped The wrapped <code>Content</code>. Must be of type {@link Content#BINARY_CONTENT}.
+   * 
+   * @param partOf see {@link InputData}
+   * 
+   * @param referringReferenceNumber see {@link InputData}
+   */
+  public InputDataBinaryImpl(Content wrapped, String partOf, int referringReferenceNumber) throws MOARuntimeException
+  {
+    if (wrapped.getContentType() != Content.BINARY_CONTENT) throw new MOARuntimeException("9901", null);
+    
+    wrapped_ = (ContentBinary) wrapped;
+    partOf_ =  partOf;
+    referringReferenceNumber_ = referringReferenceNumber;
+  }
+  
+  /** 
+   * @see at.gv.egovernment.moa.spss.api.common.Content#getContentType()
+   */
+  public int getContentType()
+  {
+    return wrapped_.getContentType();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.Content#getReference()
+   */
+  public String getReference()
+  {
+    return wrapped_.getReference();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.ContentBinary#getBinaryContent()
+   */
+  public InputStream getBinaryContent()
+  {
+    return wrapped_.getBinaryContent();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.InputData#getPartOf()
+   */
+  public String getPartOf()
+  {
+    return partOf_;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.InputData#getReferringReferenceNumber()
+   */
+  public int getReferringReferenceNumber()
+  {
+    return referringReferenceNumber_;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java
new file mode 100644
index 0000000..432e1a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/InputDataXMLImpl.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.MOARuntimeException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+
+/**
+ * Content wrapper decorating an XML content with two additional attributes 
+ * needed for returning <code>HashInputData</code> and <code>ReferenceInputData
+ * </code> information as part of <code>VerifyXMLSignatureResponse</code>.
+ * 
+ * @author Gregor Karlinger
+ * 
+ * @version $Id$
+ */
+public class InputDataXMLImpl implements ContentXML, InputData
+{
+  /**
+   * The wrapped <code>ContentXML</code>.
+   */
+  protected ContentXML wrapped_;
+  
+  /**
+   * This attribute signals what kind of container the XMLDSIG <code>Reference</code>
+   * this <code>InputData</code> belongs to is part of. 
+   */
+  protected String partOf_;
+  
+  /**
+   * If this <code>InputData</code> belongs to an XMLDSIG <code>Reference</code>
+   * being part of either a XMLDSIGManifest or a SignatureManifest, this attribute
+   * (a positive int) signals the particular <code>Reference</code> of the XMLDSIG 
+   * <code>SignedInfo</code> referring to the XMLDSIGManifest or SignatureManifest
+   * respectively.
+   */
+  protected int referringReferenceNumber_;
+  
+  /**
+   * Creates a new instance.
+   * 
+   * @param wrapped The wrapped <code>ContentBinary</code>. Must be of type {@link Content#XML_CONTENT}.
+   * 
+   * @param partOf see {@link InputData}
+   * 
+   * @param referringReferenceNumber see {@link InputData}
+   */
+  public InputDataXMLImpl(Content wrapped, String partOf, int referringReferenceNumber)
+  {
+    if (wrapped.getContentType() != Content.XML_CONTENT) throw new MOARuntimeException("9901", null);
+
+    wrapped_ = (ContentXML) wrapped;
+    partOf_ =  partOf;
+    referringReferenceNumber_ = referringReferenceNumber;
+  }
+  
+  /** 
+   * @see at.gv.egovernment.moa.spss.api.common.Content#getContentType()
+   */
+  public int getContentType()
+  {
+    return wrapped_.getContentType();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.Content#getReference()
+   */
+  public String getReference()
+  {
+    return wrapped_.getReference();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.ContentXML#getXMLContent()
+   */
+  public NodeList getXMLContent()
+  {
+    return wrapped_.getXMLContent();
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.InputData#getPartOf()
+   */
+  public String getPartOf()
+  {
+    return partOf_;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.InputData#getReferringReferenceNumber()
+   */
+  public int getReferringReferenceNumber()
+  {
+    return referringReferenceNumber_;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultImpl.java
new file mode 100644
index 0000000..e5b7f40
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultImpl.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+
+/**
+ * Default implementation of <code>ManifestRefsCheckResult</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ManifestRefsCheckResultImpl implements ManifestRefsCheckResult {
+  /** The numerical check code. */
+  private int code;
+  /** Additional information about the check. */
+  private ManifestRefsCheckResultInfo info;
+
+  /**
+   * Sets the check code.
+   * 
+   * @param code A numerical representation of the result of the manifest check.
+   */
+  public void setCode(int code) {
+    this.code = code;
+  }
+
+  public int getCode() {
+    return code;
+  }
+
+  /**
+   * Sets a reference to the manifest.
+   * 
+   * @param info The reference to the manifest.
+   */
+  public void setInfo(ManifestRefsCheckResultInfo info) {
+    this.info = info;
+  }
+
+  public ManifestRefsCheckResultInfo getInfo() {
+    return info;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultInfoImpl.java
new file mode 100644
index 0000000..f0ef1c5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ManifestRefsCheckResultInfoImpl.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+
+/**
+ * Default implementation of <code>ManifestRefsCheckResultInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ManifestRefsCheckResultInfoImpl
+  extends ReferencesCheckResultInfoImpl
+  implements ManifestRefsCheckResultInfo {
+
+  /** The position of the signature reference containing the reference to the 
+   * manifest being described by this object.*/
+  private int referringSignatureReference;
+
+  /**
+   * Sets the position of the signature reference containing the reference to 
+   * the manifest being described by this object.
+   * @param referringSignatureReference The position of the signature reference.
+   */
+  public void setReferringSignatureReference(int referringSignatureReference) {
+    this.referringSignatureReference = referringSignatureReference;
+  }
+
+  public int getReferringSignatureReference() {
+    return referringSignatureReference;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/MetaInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/MetaInfoImpl.java
new file mode 100644
index 0000000..e3a06c6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/MetaInfoImpl.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * Default implementation of <code>MetaInfo</code>.
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class MetaInfoImpl implements MetaInfo {
+  /** Information about the MIME type. */
+  private String mimeType;
+  /** URI pointing to a description of the content. */
+  private String description;
+  /** Descriptive XML content. */
+  private NodeList anyElements;
+  /** Type information for XML signature creation */
+  private String type;
+
+  /**
+   * Sets the MIME type.
+   * 
+   * @param mimeType The MIME type to set.
+   */
+  public void setMimeType(String mimeType) {
+    this.mimeType = mimeType;
+  }
+
+  public String getMimeType() {
+    return mimeType;
+  }
+
+  /**
+   * Sets the URI pointing to a description of the content.
+   * 
+   * @param description The URI pointing to a description of the content.
+   */
+  public void setDescription(String description) {
+    this.description = description;
+  }
+
+  public String getDescription() {
+    return description;
+  }
+
+  /**
+   * Sets descriptive XML content.
+   * 
+   * @param anyElements The elements to set.
+   */
+  public void setAnyElements(NodeList anyElements) {
+    this.anyElements = anyElements; 
+  }
+
+  public NodeList getAnyElements() {
+    return anyElements;
+  }
+
+  /**
+   * Sets the XML signature creation type information.
+   * 
+   * @param type the XML signature creation type information to set.
+   */
+  public void setType(String type) {
+    this.type = type;
+  }
+
+  public String getType() {
+    return type;
+  }
+
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferenceInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferenceInfoImpl.java
new file mode 100644
index 0000000..8bd81a7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferenceInfoImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+
+/**
+ * Default implementation of <code>ReferenceInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class ReferenceInfoImpl implements ReferenceInfo {
+  /** Profile containing the transforms allowed in the signature. */
+  private List verifyTransformsInfoProfiles;
+
+  /**
+   * Sets the transforms profile used for verifying the transforms contained
+   * in the signature.
+   * 
+   * @param verifyTransformsInfoProfiles The profiles containing the transforms
+   * allowed in the signature. 
+   */
+  public void setVerifyTransformsInfoProfiles(List verifyTransformsInfoProfiles) {
+    this.verifyTransformsInfoProfiles =
+      verifyTransformsInfoProfiles != null
+        ? Collections.unmodifiableList(
+          new ArrayList(verifyTransformsInfoProfiles))
+        : null;
+  }
+
+  public List getVerifyTransformsInfoProfiles() {
+    return verifyTransformsInfoProfiles;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultImpl.java
new file mode 100644
index 0000000..d4cbab0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultImpl.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+
+/**
+ * Default implementation of <code>ReferencesCheckResult</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ReferencesCheckResultImpl implements ReferencesCheckResult {
+  /** The check code. */
+  private int code;
+  /** Additional information about the reference check. */
+  private ReferencesCheckResultInfo info;
+
+  /**
+   * Sets the check code.
+   * 
+   * @param code A numerical representation of the result of the reference 
+   * check.
+   */
+  public void setCode(int code) {
+    this.code = code;
+  }
+  
+  public int getCode() {
+    return code;
+  }
+
+  /**
+   * Sets additional information about the reference check.
+   * 
+   * @param manifestRefsCheckResultInfo Additional information about the 
+   * reference check.
+   */
+  public void setInfo(ReferencesCheckResultInfo manifestRefsCheckResultInfo) {
+    this.info = manifestRefsCheckResultInfo;
+  }
+  
+  public ReferencesCheckResultInfo getInfo() {
+    return info;
+  }  
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultInfoImpl.java
new file mode 100644
index 0000000..a696988
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/ReferencesCheckResultInfoImpl.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+
+/**
+ * Default implementation of <code>ReferencesCheckResultInfo</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ReferencesCheckResultInfoImpl
+  implements ReferencesCheckResultInfo {
+
+  /** Additional information about the references check. */
+  private NodeList anyOtherInfo;
+  /** The indexes of the failed references. */
+  private int[] failedReferences = new int[0];
+  
+  /**
+   * Sets additional information about the references check.
+   * @param anyOtherInfo Additional information about the references check.
+   */
+  public void setAnyOtherInfo(NodeList anyOtherInfo) {
+    this.anyOtherInfo = anyOtherInfo;
+  }
+  
+  public NodeList getAnyOtherInfo() {
+    return anyOtherInfo;
+  }
+
+  /**
+   * Sets the indexes of the failed references.
+   * 
+   * @param failedReferences The indexes of the failed references.
+   */
+  public void setFailedReferences(int[] failedReferences) {
+    this.failedReferences = failedReferences;
+  }
+
+  public int[] getFailedReferences() {
+    return failedReferences;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
new file mode 100644
index 0000000..ac3d4c9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -0,0 +1,656 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.common.X509IssuerSerial;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * Default implementation of <code>SPSSFactory</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SPSSFactoryImpl extends SPSSFactory {
+
+  public CreateXMLSignatureRequest createCreateXMLSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos) {
+    CreateXMLSignatureRequestImpl createXMLSignatureRequest =
+      new CreateXMLSignatureRequestImpl();
+    createXMLSignatureRequest.setKeyIdentifier(keyIdentifier);
+    createXMLSignatureRequest.setSingleSignatureInfos(singleSignatureInfos);
+    return createXMLSignatureRequest;
+  }
+  
+  public CreateCMSSignatureRequest createCreateCMSSignatureRequest(
+    String keyIdentifier,
+    List singleSignatureInfos) {
+	  CreateCMSSignatureRequestImpl createCMSSignatureRequest =
+		      new CreateCMSSignatureRequestImpl();
+	  createCMSSignatureRequest.setKeyIdentifier(keyIdentifier);
+	  createCMSSignatureRequest.setSingleSignatureInfos(singleSignatureInfos);
+	  return createCMSSignatureRequest;
+	  
+  }
+  
+  public CreateCMSSignatureResponse createCreateCMSSignatureResponse(List responseElements) {
+	  CreateCMSSignatureResponseImpl createCMSSignatureResponse = new CreateCMSSignatureResponseImpl();
+	  createCMSSignatureResponse.setResponseElements(responseElements);
+	  return createCMSSignatureResponse;
+  }
+  
+  
+  public CMSSignatureResponse createCMSSignatureResponse(String base64value) {
+	  CMSSignatureResponseImpl cmsSignatureResponse = new CMSSignatureResponseImpl();
+	  cmsSignatureResponse.setCMSSignature(base64value);
+	  
+	  return cmsSignatureResponse;
+  }
+  
+
+  public SingleSignatureInfo createSingleSignatureInfo(
+    List dataObjectInfos,
+    CreateSignatureInfo createSignatureInfo,
+    boolean securityLayerConform) {
+    SingleSignatureInfoImpl singleSignatureInfo = new SingleSignatureInfoImpl();
+    singleSignatureInfo.setDataObjectInfos(dataObjectInfos);
+    singleSignatureInfo.setCreateSignatureInfo(createSignatureInfo);
+    singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+    return singleSignatureInfo;
+  }
+  
+  public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
+		  at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,		    
+		    boolean securityLayerConform) {
+		    SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl();
+		    singleSignatureInfo.setDataObjectInfo(dataObjectInfo);
+		    singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+		    return singleSignatureInfo;
+		  }
+  
+  public DataObjectInfo createDataObjectInfo(
+    String structure,
+    boolean childOfManifest,
+    Content dataObject,
+    CreateTransformsInfoProfile createTransformsInfoProfile) {
+    DataObjectInfoImpl dataObjectInfo = new DataObjectInfoImpl();
+    dataObjectInfo.setStructure(structure);
+    dataObjectInfo.setChildOfManifest(childOfManifest);
+    dataObjectInfo.setDataObject(dataObject);
+    dataObjectInfo.setCreateTransformsInfoProfile(createTransformsInfoProfile);
+    return dataObjectInfo;
+  }
+  
+  public at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo createDataObjectInfo(
+		    String structure,
+		    CMSDataObject dataObject) {
+		    DataObjectInfoCMSImpl dataObjectInfo = new DataObjectInfoCMSImpl();
+		    dataObjectInfo.setStructure(structure);
+		    dataObjectInfo.setDataObject(dataObject);
+		    return dataObjectInfo;
+		  }
+
+  public CreateTransformsInfoProfile createCreateTransformsInfoProfile(String profileID) {
+
+    CreateTransformsInfoProfileIDImpl createTransformsInfoProfile =
+      new CreateTransformsInfoProfileIDImpl();
+    createTransformsInfoProfile.setCreateTransformsInfoProfileID(profileID);
+    return createTransformsInfoProfile;
+  }
+
+  public CreateTransformsInfoProfile createCreateTransformsInfoProfile(
+    CreateTransformsInfo transformsInfo,
+    List supplements) {
+    CreateTransformsInfoProfileExplicitImpl createTransformsInfoProfile =
+      new CreateTransformsInfoProfileExplicitImpl();
+    createTransformsInfoProfile.setCreateTransformsInfo(transformsInfo);
+    createTransformsInfoProfile.setSupplements(supplements);
+    return createTransformsInfoProfile;
+  }
+
+  public CreateTransformsInfo createCreateTransformsInfo(
+    List transforms,
+    MetaInfo finalDataMetaInfo) {
+    CreateTransformsInfoImpl createTransformsInfo =
+      new CreateTransformsInfoImpl();
+      
+    createTransformsInfo.setTransforms(transforms);
+    createTransformsInfo.setFinalDataMetaInfo(finalDataMetaInfo);
+    return createTransformsInfo;
+  }
+
+  public CreateSignatureInfo createCreateSignatureInfo(
+    Content createSignatureEnvironment,
+    CreateSignatureEnvironmentProfile createSignatureEnvironmentProfile) {
+    CreateSignatureInfoImpl createSignatureInfo = new CreateSignatureInfoImpl();
+    createSignatureInfo.setCreateSignatureEnvironment(
+      createSignatureEnvironment);
+    createSignatureInfo.setCreateSignatureEnvironmentProfile(
+      createSignatureEnvironmentProfile);
+    return createSignatureInfo;
+  }
+
+  public CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(
+    CreateSignatureLocation createSignatureLocation,
+    List supplements) {
+    CreateSignatureEnvironmentProfileExplicitImpl createSignatureEnvironmentProfile =
+      new CreateSignatureEnvironmentProfileExplicitImpl();
+    createSignatureEnvironmentProfile.setCreateSignatureLocation(
+      createSignatureLocation);
+    createSignatureEnvironmentProfile.setSupplements(supplements);
+    return createSignatureEnvironmentProfile;
+  }
+
+  public CreateSignatureLocation createCreateSignatureLocation(
+    String signatureLocationXPath,
+    int signatureLocationIndex,
+    Map namespaceDeclarations) {
+    CreateSignatureLocationImpl createSignatureLocation =
+      new CreateSignatureLocationImpl();
+    createSignatureLocation.setIndex(signatureLocationIndex);
+    createSignatureLocation.setNamespaceDeclarations(namespaceDeclarations);
+    createSignatureLocation.setXPathExpression(signatureLocationXPath);
+    return createSignatureLocation;
+  }
+
+  public CreateSignatureEnvironmentProfile createCreateSignatureEnvironmentProfile(String profileID) {
+    CreateSignatureEnvironmentProfileIDImpl createSignatureEnvironmentProfile =
+      new CreateSignatureEnvironmentProfileIDImpl();
+    createSignatureEnvironmentProfile.setCreateSignatureEnvironmentProfileID(
+      profileID);
+    return createSignatureEnvironmentProfile;
+  }
+
+  public CreateXMLSignatureResponse createCreateXMLSignatureResponse(List responseElements) {
+    CreateXMLSignatureResponseImpl createXMLSignatureResponse =
+      new CreateXMLSignatureResponseImpl();
+    createXMLSignatureResponse.setResponseElements(responseElements);
+    return createXMLSignatureResponse;
+  }
+
+  public SignatureEnvironmentResponse createSignatureEnvironmentResponse(Element signatureEnvironment) {
+    SignatureEnvironmentResponseImpl signatureEnvironmentResponse =
+      new SignatureEnvironmentResponseImpl();
+    signatureEnvironmentResponse.setSignatureEnvironment(signatureEnvironment);
+    return signatureEnvironmentResponse;
+  }
+
+  public ErrorResponse createErrorResponse(int code, String info) {
+    ErrorResponseImpl errorResponse = new ErrorResponseImpl();
+    errorResponse.setErrorCode(code);
+    errorResponse.setInfo(info);
+    return errorResponse;
+  }
+
+  public VerifyCMSSignatureRequest createVerifyCMSSignatureRequest(
+    int[] signatories,
+    Date dateTime,
+    InputStream cmsSignature,
+    CMSDataObject dataObject,
+    String trustProfileID) {
+    VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest =
+      new VerifyCMSSignatureRequestImpl();
+    verifyCMSSignatureRequest.setDateTime(dateTime);
+    verifyCMSSignatureRequest.setCMSSignature(cmsSignature);
+    verifyCMSSignatureRequest.setDataObject(dataObject);
+    verifyCMSSignatureRequest.setTrustProfileId(trustProfileID);
+    verifyCMSSignatureRequest.setSignatories(signatories);
+    return verifyCMSSignatureRequest;
+  }
+
+  public CMSDataObject createCMSDataObject(
+    MetaInfo metaInfo,
+    CMSContent content,
+    BigDecimal excludeByteRangeFrom,
+    BigDecimal excludeByteRangeTo) {
+      
+    CMSDataObjectImpl cmsDataObject = new CMSDataObjectImpl();
+    cmsDataObject.setMetaInfo(metaInfo);
+    cmsDataObject.setContent(content);
+    cmsDataObject.setExcludeByteRangeFrom(excludeByteRangeFrom);
+    cmsDataObject.setExcludeByteRangeTo(excludeByteRangeTo);
+    
+    return cmsDataObject;
+  }
+  
+  public CMSContent createCMSContent(InputStream binaryContent) {
+    CMSContentExplicitImpl cmsContent = new CMSContentExplicitImpl();
+    
+    cmsContent.setBinaryContent(binaryContent);
+    return cmsContent;
+  }
+
+  public CMSContent createCMSContent(String referenceURI) {
+    CMSContentReferenceImpl cmsContent = new CMSContentReferenceImpl();
+    
+    cmsContent.setReference(referenceURI);
+    return cmsContent;
+  }  
+  
+
+  public CMSDataObject createCMSDataObject(
+    MetaInfo metaInfo,
+    String referenceURI) {
+    CMSDataObjectImpl cmsDataObject = new CMSDataObjectImpl();
+    CMSContentReferenceImpl cmsContent = new CMSContentReferenceImpl();
+    cmsDataObject.setMetaInfo(metaInfo);
+    cmsContent.setReference(referenceURI);
+    return cmsDataObject;
+  }
+
+  public VerifyCMSSignatureResponse createVerifyCMSSignatureResponse(List responseElements) {
+    VerifyCMSSinatureResponseImpl verifyCMSSignatureResponse =
+      new VerifyCMSSinatureResponseImpl();
+    verifyCMSSignatureResponse.setResponseElements(responseElements);
+    return verifyCMSSignatureResponse;
+  }
+
+  public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
+    SignerInfo signerInfo,
+    CheckResult signatureCheck,
+    CheckResult certificateCheck) {
+    VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement =
+      new VerifyCMSSignatureResponseElementImpl();
+    verifyCMSSignatureResponseElement.setSignerInfo(signerInfo);
+    verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck);
+    verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck);
+    
+    return verifyCMSSignatureResponseElement;
+  }
+
+  public VerifyXMLSignatureRequest createVerifyXMLSignatureRequest(
+    Date dateTime,
+    VerifySignatureInfo verifySignatureInfo,
+    List supplementProfiles,
+    SignatureManifestCheckParams signatureManifestParams,
+    boolean returnHashInputData,
+    String trustProfileID) {
+    VerifyXMLSignatureRequestImpl verifyXMLSignatureRequest =
+      new VerifyXMLSignatureRequestImpl();
+    verifyXMLSignatureRequest.setDateTime(dateTime);
+    verifyXMLSignatureRequest.setSignatureInfo(verifySignatureInfo);
+    verifyXMLSignatureRequest.setSupplementProfiles(supplementProfiles);
+    verifyXMLSignatureRequest.setSignatureManifestCheckParams(
+      signatureManifestParams);
+    verifyXMLSignatureRequest.setReturnHashInputData(returnHashInputData);
+    verifyXMLSignatureRequest.setTrustProfileId(trustProfileID);
+    return verifyXMLSignatureRequest;
+  }
+
+  public VerifySignatureInfo createVerifySignatureInfo(
+    Content verifySignatureEnvironment,
+    VerifySignatureLocation verifySignatureLocation) {
+    VerifySignatureInfoImpl verifySignatureInfo = new VerifySignatureInfoImpl();
+    verifySignatureInfo.setVerifySignatureEnvironment(
+      verifySignatureEnvironment);
+    verifySignatureInfo.setVerifySignatureLocation(verifySignatureLocation);
+    return verifySignatureInfo;
+  }
+
+  public VerifySignatureLocation createVerifySignatureLocation(
+    String xPathExpression,
+    Map namespaceDeclarations) {
+    VerifySignatureLocationImpl verifySignatureLocation =
+      new VerifySignatureLocationImpl();
+    verifySignatureLocation.setXPathExpression(xPathExpression);
+    verifySignatureLocation.setNamespaceDeclarations(namespaceDeclarations);
+    return verifySignatureLocation;
+  }
+
+  public SupplementProfile createSupplementProfile(String profileID) {
+    SupplementProfileIDImpl supplementProfileID = new SupplementProfileIDImpl();
+    supplementProfileID.setSupplementProfileID(profileID);
+    return supplementProfileID;
+  }
+
+  public SupplementProfile createSupplementProfile(XMLDataObjectAssociation supplementProfile) {
+    SupplementProfileExplicitImpl supplementProfileExplicit =
+      new SupplementProfileExplicitImpl();
+    supplementProfileExplicit.setSupplementProfile(supplementProfile);
+    return supplementProfileExplicit;
+  }
+
+  public SignatureManifestCheckParams createSignatureManifestCheckParams(
+    List referenceInfos,
+    boolean returnReferenceInputData) {
+    SignatureManifestCheckParamsImpl signatureManifestCheckParams =
+      new SignatureManifestCheckParamsImpl();
+    signatureManifestCheckParams.setReferenceInfos(referenceInfos);
+    signatureManifestCheckParams.setReturnReferenceInputData(
+      returnReferenceInputData);
+    return signatureManifestCheckParams;
+  }
+
+  public ReferenceInfo createReferenceInfo(List verifyTransformsInfoProfiles) {
+    ReferenceInfoImpl referenceInfo = new ReferenceInfoImpl();
+    referenceInfo.setVerifyTransformsInfoProfiles(verifyTransformsInfoProfiles);
+    return referenceInfo;
+  }
+
+  public VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(
+    List transforms,
+    List transformParameters) {
+    VerifyTransformsInfoProfileExplicitImpl verifyTransformsInfoProfile =
+      new VerifyTransformsInfoProfileExplicitImpl();
+    
+    verifyTransformsInfoProfile.setTransforms(transforms);
+    verifyTransformsInfoProfile.setTransformParameters(transformParameters);
+    
+    return verifyTransformsInfoProfile;
+  }
+
+  public VerifyTransformsInfoProfile createVerifyTransformsInfoProfile(String profileID) {
+    VerifyTransformsInfoProfileIDImpl verifyTransformsInfoProfile =
+      new VerifyTransformsInfoProfileIDImpl();
+    verifyTransformsInfoProfile.setVerifyTransformsInfoProfileID(profileID);
+    return verifyTransformsInfoProfile;
+  }
+
+
+  public TransformParameter createTransformParameter(String URI, String digestMethod, byte[] digestValue) {
+    TransformPatameterHashImpl transformParameter =
+      new TransformPatameterHashImpl();
+    transformParameter.setURI(URI);
+    transformParameter.setDigestMethod(digestMethod);
+    transformParameter.setDigestValue(digestValue);
+    return transformParameter;
+  }
+
+  public TransformParameter createTransformParameter(
+    String URI,
+    InputStream binaryData) {
+    TransformParameterBinaryImpl transformParameter =
+      new TransformParameterBinaryImpl();
+    transformParameter.setURI(URI);
+    transformParameter.setBinaryContent(binaryData);
+    return transformParameter;
+  }
+
+  public TransformParameter createTransformParameter(String URI) {
+    TransformParameterURIImpl transformParameter =
+      new TransformParameterURIImpl();
+    transformParameter.setURI(URI);
+    return transformParameter;
+  }
+
+  public VerifyXMLSignatureResponse createVerifyXMLSignatureResponse(
+    SignerInfo signerInfo,
+    List hashInputDatas,
+    List referenceInputDatas,
+    ReferencesCheckResult signatureCheck,
+    ReferencesCheckResult signatureManifestCheck,
+    List xmlDsigManifestChecks,
+    CheckResult certificateCheck) {
+    VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse =
+      new VerifyXMLSignatureResponseImpl();
+    verifyXMLSignatureResponse.setSignerInfo(signerInfo);
+    verifyXMLSignatureResponse.setHashInputDatas(hashInputDatas);
+    verifyXMLSignatureResponse.setReferenceInputDatas(referenceInputDatas);
+    verifyXMLSignatureResponse.setSignatureCheck(signatureCheck);
+    verifyXMLSignatureResponse.setSignatureManifestCheck(
+      signatureManifestCheck);
+    verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks);
+    verifyXMLSignatureResponse.setCertificateCheck(certificateCheck);
+    
+    return verifyXMLSignatureResponse;
+  }
+
+  public ReferencesCheckResult createReferencesCheckResult(
+    int code,
+    ReferencesCheckResultInfo info) {
+    ReferencesCheckResultImpl referencesCheckResult =
+      new ReferencesCheckResultImpl();
+    referencesCheckResult.setCode(code);
+    referencesCheckResult.setInfo(info);
+    return referencesCheckResult;
+  }
+
+  public ReferencesCheckResultInfo createReferencesCheckResultInfo(
+    NodeList anyOtherInfo,
+    int[] failedReferences) {
+    ReferencesCheckResultInfoImpl referencesCheckResultInfo =
+      new ReferencesCheckResultInfoImpl();
+    referencesCheckResultInfo.setAnyOtherInfo(anyOtherInfo);
+    referencesCheckResultInfo.setFailedReferences(failedReferences);
+    return referencesCheckResultInfo;
+  }
+
+  public ManifestRefsCheckResult createManifestRefsCheckResult(
+    int code,
+    ManifestRefsCheckResultInfo info) {
+    ManifestRefsCheckResultImpl manifestRefsCheckResult =
+      new ManifestRefsCheckResultImpl();
+    manifestRefsCheckResult.setCode(code);
+    manifestRefsCheckResult.setInfo(info);
+    return manifestRefsCheckResult;
+  }
+  
+  public ManifestRefsCheckResultInfo createManifestRefsCheckResultInfo(
+    NodeList anyOtherInfo,
+    int[] failedReferences,
+    int referringSigReference) {
+    ManifestRefsCheckResultInfoImpl manifestRefsCheckResultInfo =
+      new ManifestRefsCheckResultInfoImpl();
+    manifestRefsCheckResultInfo.setAnyOtherInfo(anyOtherInfo);
+    manifestRefsCheckResultInfo.setReferringSignatureReference(
+      referringSigReference);
+    manifestRefsCheckResultInfo.setFailedReferences(failedReferences);
+    return manifestRefsCheckResultInfo;
+  }
+
+  public Content createContent(InputStream binaryData, String referenceURI) {
+    ContentBinaryImpl content = new ContentBinaryImpl();
+    content.setBinaryContent(binaryData);
+    content.setReference(referenceURI);
+    return content;
+  }
+
+  public Content createContent(String locationReferenceURI, String referenceURI) {
+    ContentLocRefImpl content = new ContentLocRefImpl();
+    content.setLocationReferenceURI(locationReferenceURI);
+    content.setReference(referenceURI);
+    return content;
+  }
+
+  public Content createContent(String referenceURI) {
+    ContentReferenceImpl content = new ContentReferenceImpl();
+    content.setReference(referenceURI);
+    return content;
+  }
+
+  public Content createContent(NodeList xmlData, String referenceURI) {
+    ContentXMLImpl content = new ContentXMLImpl();
+    content.setXMLContent(xmlData);
+    content.setReference(referenceURI);
+    return content;
+  }
+  
+  public XMLDataObjectAssociation createXMLDataObjectAssociation(
+    MetaInfo metaInfo,
+    Content xmlContent) {
+    XMLDataObjectAssociationImpl xmlDataObjectAssociation =
+      new XMLDataObjectAssociationImpl();
+    xmlDataObjectAssociation.setMetaInfo(metaInfo);
+    xmlDataObjectAssociation.setContent(xmlContent);
+    return xmlDataObjectAssociation;
+  }
+
+  public MetaInfo createMetaInfo(
+    String mimeType,
+    String description,
+    NodeList otherInfo,
+    String type) {
+    MetaInfoImpl metaInfo = new MetaInfoImpl();
+    metaInfo.setMimeType(mimeType);
+    metaInfo.setDescription(description);
+    metaInfo.setAnyElements(otherInfo);
+    metaInfo.setType(type);
+    return metaInfo;
+  }
+
+  public Transform createCanonicalizationTransform(String algorithmURI) {
+    CanonicalizationTransformImpl transform = new CanonicalizationTransformImpl(algorithmURI);
+    return transform;
+  }
+  
+  public Transform createExclusiveCanonicalizationTransform(String algorithmURI, List inclusiveNamespacePrefixes) {
+    ExclusiveCanonicalizationTransformImpl transform = new ExclusiveCanonicalizationTransformImpl(algorithmURI);
+    transform.setInclusiveNamespacePrefixes(inclusiveNamespacePrefixes);
+    return transform;
+  }
+  
+  public Transform createBase64Transform() {
+    Base64TransformImpl transform = new Base64TransformImpl();
+    return transform;
+  }
+
+  public Transform createEnvelopedSignatureTransform() {
+    EnvelopedSignatureTransformImpl transform =
+      new EnvelopedSignatureTransformImpl();
+    return transform;
+  }
+
+  public Transform createXSLTTransform(Element styleSheet) {
+    XSLTransformImpl transform = new XSLTransformImpl();
+    transform.setStylesheet(styleSheet);
+    return transform;
+  }
+
+  public Transform createXPathTransform(
+    String xPathExpression,
+    Map namespaceDeclarations) {
+    XPathTransformImpl transform = new XPathTransformImpl();
+    transform.setXPathExpression(xPathExpression);
+    transform.setNamespaceDelcarations(namespaceDeclarations);
+    return transform;
+  }
+
+  public Transform createXPathFilter2Transform(List xPathFilters) {
+    XPathFilter2TransformImpl transform = new XPathFilter2TransformImpl();
+    transform.setFilters(xPathFilters);
+    return transform;
+  }
+
+  public XPathFilter createXPathFilter(
+    String filterType,
+    String xPathExpression,
+    Map namespaceDeclarations) {
+    XPathFilterImpl xPathFilter = new XPathFilterImpl();
+    xPathFilter.setFilterType(filterType);
+    xPathFilter.setXPathExpression(xPathExpression);
+    xPathFilter.setNamespaceDelcarations(namespaceDeclarations);
+    return xPathFilter;
+  }
+
+  public CheckResult createCheckResult(int code, NodeList info) {
+    CheckResultImpl checkResult = new CheckResultImpl();
+    checkResult.setCode(code);
+    checkResult.setInfo(info);
+    return checkResult;
+  }
+  
+
+  public SignerInfo createSignerInfo(
+    X509Certificate signerCertificate,
+    boolean qualifiedCertificate,
+    boolean qcSourceTSL,
+    boolean publicAuthority,
+    String publicAuthorityID, 
+    boolean sscd,
+    boolean sscdSourceTSL,
+    String issuerCountryCode) {
+    SignerInfoImpl signerInfo = new SignerInfoImpl();
+    signerInfo.setSignerCertificate(signerCertificate);
+    signerInfo.setQualifiedCertificate(qualifiedCertificate);
+    signerInfo.setQCSourceTSL(qcSourceTSL);
+    signerInfo.setPublicAuthority(publicAuthority);
+    signerInfo.setPublicAuhtorityID(publicAuthorityID);
+    signerInfo.setSSCD(sscd);
+    signerInfo.setSSCDSourceTSL(sscdSourceTSL);
+    signerInfo.setIssuerCountryCode(issuerCountryCode);
+    return signerInfo;
+  }
+
+  public X509IssuerSerial createX509IssuerSerial(
+    String issuerName,
+    BigInteger serialNumber) {
+    X509IssuerSerialImpl x509IssuerSerial = new X509IssuerSerialImpl();
+    x509IssuerSerial.setX509IssuerName(issuerName);
+    x509IssuerSerial.setX509SerialNumber(serialNumber);
+    return x509IssuerSerial;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureEnvironmentResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureEnvironmentResponseImpl.java
new file mode 100644
index 0000000..4b50d89
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureEnvironmentResponseImpl.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+
+/**
+ * Default implementation of <code>SignatureEnvironmentResponse</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SignatureEnvironmentResponseImpl
+  implements SignatureEnvironmentResponse {
+
+  /** The signature environment containing the XML signature. */
+  private Element signatureEnvironment;
+
+  /** 
+   * Sets the XML structure which contains the signature.
+   * 
+   * @param signatureEnvironment A general XML structure containing the signature.
+   */
+  public void setSignatureEnvironment(Element signatureEnvironment) {
+    this.signatureEnvironment = signatureEnvironment;
+  }
+
+  public Element getSignatureEnvironment() {
+    return signatureEnvironment;
+  }
+
+  /**
+   * Gets the type of <code>CreateXMLSignatureResponseElement</code>.
+   * 
+   * @return SIGNATURE_ENVIRONMENT_RESPONSE
+   */
+  public int getResponseType() {
+    return SIGNATURE_ENVIRONMENT_RESPONSE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureManifestCheckParamsImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureManifestCheckParamsImpl.java
new file mode 100644
index 0000000..40e87e7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignatureManifestCheckParamsImpl.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+
+/**
+ * Default implementation of <code>SignatureManifestCheckParams</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SignatureManifestCheckParamsImpl
+  implements SignatureManifestCheckParams {
+
+  /** Referential information. */
+  private List referenceInfos;
+  /** Whether to return the signature source data. */
+  private boolean returnReferenceInputData = true;
+
+  /**
+   * Sets the referantial information.
+   * 
+   * @param referenceInfos The referential information.
+   */
+  public void setReferenceInfos(List referenceInfos) {
+    this.referenceInfos =
+      referenceInfos != null
+        ? Collections.unmodifiableList(new ArrayList(referenceInfos))
+        : null;
+  }
+
+  public List getReferenceInfos() {
+    return referenceInfos;
+  }
+  
+  /**
+   * Sets whether to return signature source data.
+   * 
+   * @param returnReferenceInputData Whether to return signature source data.
+   */
+  public void setReturnReferenceInputData(boolean returnReferenceInputData) {
+    this.returnReferenceInputData = returnReferenceInputData;
+  }
+
+  public boolean getReturnReferenceInputData() {
+    return returnReferenceInputData;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
new file mode 100644
index 0000000..7a108e8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.security.cert.X509Certificate;
+
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Default implementation of <code>SignerInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SignerInfoImpl implements SignerInfo {
+
+  /** The signer certificate. */
+  private X509Certificate signerCertificate;
+  /** Determines, whether <code>signerCertificate</code> is a qualified 
+   * certificate. */
+  private boolean qualifiedCertificate;
+  /** Determines, whether <code>signerCertificate</code> is from a public
+   * authority. */
+  private boolean publicAuthority;
+  /** The public authority ID of the <code>signerCertificate</code>. */
+  private String publicAuthorityID;
+
+  /** Determines, whether the signature is based on an SSCD */
+  private boolean sscd;
+  
+  /** Determines, if the SSCD check bases upon on TSL */
+  private boolean sscdSourceTSL;
+  
+  /** Determines, if the QC check bases upon on TSL */
+  private boolean qcSourceTSL;
+  
+  /** The certificate issuer country code */
+  private String issuerCountryCode;
+  
+  /**
+  * Sets the signer certificate.
+  * 
+  * @param signerCertificate The signer certificate.
+  */
+  public void setSignerCertificate(X509Certificate signerCertificate) {
+    this.signerCertificate = signerCertificate;
+  }
+
+  public X509Certificate getSignerCertificate() {
+    return signerCertificate;
+  }
+
+  /**
+   * Sets, whether the certificate contained in this object is qualified or not.
+   * 
+   * @param qualifiedCertificate Is <code>true</code>, if the certificate is 
+   * qualified, otherwise <code>false</code>.
+   */
+  public void setQualifiedCertificate(boolean qualifiedCertificate) {
+    this.qualifiedCertificate = qualifiedCertificate;
+  }
+
+  public boolean isQualifiedCertificate() {
+    return qualifiedCertificate;
+  }
+
+  /**
+   * Sets, whether the signature is based on an SSCS or not.
+   * 
+   * @param sscd Is <code>true</code>, if the signature is 
+   * based on an SSCD, otherwise <code>false</code>.
+   */
+  public void setSSCD(boolean sscd) {
+    this.sscd = sscd;
+  }
+  public boolean isSSCD() {
+	    return sscd;
+  }
+  
+  public void setSSCDSourceTSL(boolean sscdSourceTSL) {
+	  this.sscdSourceTSL = sscdSourceTSL;
+  }
+  
+  public String getSSCDSource() {
+	  if (sscdSourceTSL)
+		  return "TSL";
+	  else
+		  return "Certificate";
+  }
+  
+  public void setQCSourceTSL(boolean qcSourceTSL) {
+	  this.qcSourceTSL = qcSourceTSL;
+  }
+  
+  public String getQCSource() {
+	  if (qcSourceTSL)
+		  return "TSL";
+	  else
+		  return "Certificate";
+  }
+  
+  public void setIssuerCountryCode(String issuerCountryCode) {
+	    this.issuerCountryCode = issuerCountryCode;
+  }
+	  public String getIssuerCountryCode() {
+		    return issuerCountryCode;
+	  }
+	  
+  /**
+   * Sets, whether the certificate contained in this object is an 
+   * e-government certificate or not.
+   * 
+   * @param publicAuthority Is <code>true</code>, if the certificate is 
+   * public authority certificate, otherwise <code>false</code>.
+   */
+  public void setPublicAuthority(boolean publicAuthority) {
+    this.publicAuthority = publicAuthority;
+  }
+
+  public boolean isPublicAuthority() {
+    return publicAuthority;
+  }
+
+  /**
+   * Sets the public authority ID of the signer certificate.
+   * 
+   * @param publicAuhtorityID The public authority ID of the signer certificate.
+   */
+  public void setPublicAuhtorityID(String publicAuhtorityID) {
+    this.publicAuthorityID = publicAuhtorityID;
+  }
+
+  public String getPublicAuhtorityID() {
+    return publicAuthorityID;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
new file mode 100644
index 0000000..cb36515
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+
+/**
+ * @version $Id$
+ */
+public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
+
+  private DataObjectInfo dataObjectInfo = null;
+
+
+  private boolean securityLayerConform = true;
+
+  public void setDataObjectInfo(DataObjectInfo dataObjectInfo) {
+    this.dataObjectInfo = dataObjectInfo;
+  }
+
+  public DataObjectInfo getDataObjectInfo() {
+    return dataObjectInfo;
+  }
+
+
+
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoImpl.java
new file mode 100644
index 0000000..3d43068
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoImpl.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+
+/**
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SingleSignatureInfoImpl implements SingleSignatureInfo {
+
+  private List dataObjectInfos = new ArrayList();
+
+  private CreateSignatureInfo createSignatureInfo;
+
+  private boolean securityLayerConform = true;
+
+  public void setDataObjectInfos(List dataObjectInfos) {
+    this.dataObjectInfos =
+      dataObjectInfos != null
+        ? Collections.unmodifiableList(new ArrayList(dataObjectInfos))
+        : null;
+  }
+
+  public List getDataObjectInfos() {
+    return dataObjectInfos;
+  }
+
+  public void setCreateSignatureInfo(CreateSignatureInfo createSignatureInfo) {
+    this.createSignatureInfo = createSignatureInfo;
+  }
+
+  public CreateSignatureInfo getCreateSignatureInfo() {
+    return createSignatureInfo;
+  }
+
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileExplicitImpl.java
new file mode 100644
index 0000000..7f80388
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileExplicitImpl.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit;
+
+/**
+ * Default implementation of <code>SupplementProfileExplicit</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SupplementProfileExplicitImpl implements SupplementProfileExplicit {
+
+  /** Supplemental information for verifying a signature. */
+  private XMLDataObjectAssociation supplement;
+
+  /**
+   * Sets the supplemental information for verifying a signature.
+   * 
+   * @param supplement The supplemental information for verifying a signature.
+   */
+  public void setSupplementProfile(XMLDataObjectAssociation supplement) {
+    this.supplement = supplement;
+  }
+  
+  public XMLDataObjectAssociation getSupplementProfile() {
+    return supplement;
+  }
+
+  /**
+   * Gets the type of <code>SupplementProfile</code>.
+   * 
+   * @return EXPLICIT_SUPPLEMENTPROFILE
+   */
+  public int getSupplementProfileType() {
+    return EXPLICIT_SUPPLEMENTPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileIDImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileIDImpl.java
new file mode 100644
index 0000000..e73ce60
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SupplementProfileIDImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileID;
+
+/**
+ * Default implementation of <code>SupplementProfileID</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SupplementProfileIDImpl implements SupplementProfileID {
+  /** The profile ID. */
+  private String profileID;
+  
+  /**
+   * Sets the <code>SupplementProfile</code> profile ID.
+   * 
+   * @param profileID The profile ID.
+   */
+  public void setSupplementProfileID(String profileID) {
+    this.profileID = profileID;
+  }
+
+  public String getSupplementProfileID() {
+    return profileID;
+  }
+
+  /**
+   * Gets the type of <code>SupplementProfile</code>.
+   * 
+   * @return ID_SUPPLEMENTPROFILE
+   */
+  public int getSupplementProfileType() {
+    return ID_SUPPLEMENTPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
new file mode 100644
index 0000000..4d69ed7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
@@ -0,0 +1,100 @@
+/*

+ * Copyright 2003 Federal Chancellery Austria

+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal

+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.

+ *

+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by

+ * the European Commission - subsequent versions of the EUPL (the "Licence");

+ * You may not use this work except in compliance with the Licence.

+ * You may obtain a copy of the Licence at:

+ * http://www.osor.eu/eupl/

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the Licence is distributed on an "AS IS" basis,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the Licence for the specific language governing permissions and

+ * limitations under the Licence.

+ *

+ * This product combines work with different licenses. See the "NOTICE" text

+ * file for details on the various modules and licenses.

+ * The "NOTICE" text file is part of the distribution. Any derivative works

+ * that you distribute must include a readable copy of the "NOTICE" text file.

+ */

+

+

+package at.gv.egovernment.moa.spss.api.impl;

+

+import iaik.xml.crypto.utils.URI;

+

+import java.util.Date;

+

+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;

+

+/**

+ * Default implementation of <code>TSLConfiguration</code>.

+ * 

+ * @author kstranacher

+ */

+public class TSLConfigurationImpl implements TSLConfiguration {

+

+	

+	

+	/** The EU TSL URL. */

+	private String euTSLUrl;

+

+	/** update period in milliseconds */

+	private long updateSchedulePeriod;

+  

+	/** Time of the first update */

+	private Date updateScheduleStartTime;

+  

+	/** Working directory */

+	private String workingDirectory;

+	

+	/** Working directory */

+	private URI workingDirectoryAsURI;

+  

+  public String getEuTSLUrl() {

+	  return this.euTSLUrl;

+  }

+

+  public long getUpdateSchedulePeriod() {

+	  return this.updateSchedulePeriod;

+  }

+

+  public Date getUpdateScheduleStartTime() {

+	  return this.updateScheduleStartTime;

+  }

+

+  public String getWorkingDirectory() {

+	  return this.workingDirectory;

+  }

+  

+  public URI getWorkingDirectoryAsURI() {

+	  return this.workingDirectoryAsURI;

+  }

+

+	public void setEuTSLUrl(String euTSLUrl) {

+		this.euTSLUrl = euTSLUrl;

+	}

+	

+	public void setUpdateSchedulePeriod(long updateSchedulePeriod) {

+		this.updateSchedulePeriod = updateSchedulePeriod;

+	}

+	

+	public void setUpdateScheduleStartTime(Date updateScheduleStartTime) {

+		this.updateScheduleStartTime = updateScheduleStartTime;

+	}

+	

+	public void setWorkingDirectory(String workingDirectory) {

+		this.workingDirectory = workingDirectory;

+	}

+	

+	public void setWorkingDirectoryURI(URI workingDirectoryAsURI) {

+		this.workingDirectoryAsURI = workingDirectoryAsURI;

+	}

+

+  

+ 

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformImpl.java
new file mode 100644
index 0000000..37a05f9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformImpl.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Transform;
+
+/**
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class TransformImpl implements Transform {
+  /** The URI identifying the transformation algorithm. */
+  private String algorithmURI;
+
+  /**
+   * Sets the URI identifying the transformation algorithm.
+   * 
+   * @param algorithmURI The URI identifying the transformation algorithm.
+   */
+  public void setAlgorithmURI(String algorithmURI) {
+    this.algorithmURI = algorithmURI;
+  }
+
+  public String getAlgorithmURI() {
+    return algorithmURI;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterBinaryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterBinaryImpl.java
new file mode 100644
index 0000000..691f3a9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterBinaryImpl.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterBinary;
+
+/**
+ * Default implementation of <code>TransformParameterBinary</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class TransformParameterBinaryImpl
+  extends TransformParameterImpl
+  implements TransformParameterBinary {
+    
+  /** The binary content as a stream. */
+  private InputStream binaryContent;
+
+  /**
+   * Sets the binary content as a stream.
+   * 
+   * @param binaryContent The binary content as a stream.
+   */
+  public void setBinaryContent(InputStream binaryContent) {
+    this.binaryContent = binaryContent;
+  }
+
+  public InputStream getBinaryContent() {
+    return binaryContent;
+  }
+
+  /**
+   * Gets the <code>TransformParameter</code> type.
+   * 
+   * @return BINARY_TRANSFORMPARAMETER
+   */
+  public int getTransformParameterType() {
+    return BINARY_TRANSFORMPARAMETER;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterImpl.java
new file mode 100644
index 0000000..1399c6e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterImpl.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+/**
+ * Default base implementation of <code>TransformParameter</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class TransformParameterImpl {
+  /** An URI identifying the <code>TransformParameter</code>. */
+  private String uri;
+
+  /**
+   * Sets the URI identifying the <code>TransformParameter</code>.
+   * @param uri The URI identifying the <code>TransformParameter</code>.
+   */
+  public void setURI(String uri) {
+    this.uri = uri;
+  }
+
+  public String getURI() {
+    return uri;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterURIImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterURIImpl.java
new file mode 100644
index 0000000..77810be
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformParameterURIImpl.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterURI;
+
+/**
+ * Default implementation of <code>TransformParameterURI</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class TransformParameterURIImpl
+  extends TransformParameterImpl
+  implements TransformParameterURI {
+
+  /**
+   * Gets the type of <code>TransformParameter</code>.
+   * 
+   * @return URI_TRANSFORMPARAMETER
+   */
+  public int getTransformParameterType() {
+    return URI_TRANSFORMPARAMETER;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformPatameterHashImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformPatameterHashImpl.java
new file mode 100644
index 0000000..7fcd72c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TransformPatameterHashImpl.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterHash;
+
+/**
+ * Default implementation of <code>TransformParameterHash</code>
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class TransformPatameterHashImpl
+  extends TransformParameterImpl
+  implements TransformParameterHash {
+
+  /** The method used to calculate the digest value. */
+  private String digestMethod;
+  /** The digest value. */
+  private byte[] digestValue;
+
+  /**
+   * Sets method used to calculate the digest value.
+   * @param digestMethod The method used to calculate the digest value.
+   */
+  public void setDigestMethod(String digestMethod) {
+    this.digestMethod = digestMethod;
+  }
+
+  public String getDigestMethod() {
+    return digestMethod;
+  }
+
+  /**
+   * Sets the digest value.
+   * 
+   * @param digestValue The digest value.
+   */
+  public void setDigestValue(byte[] digestValue) {
+    this.digestValue = digestValue;
+  }
+  
+  public byte[] getDigestValue() {
+    return digestValue;
+  }
+
+  /**
+   * Gets the type of <code>TransformParameter</code>.
+   * 
+   * @return HASH_TRANSFORMPARAMETER
+   */
+  public int getTransformParameterType() {
+    return HASH_TRANSFORMPARAMETER;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java
new file mode 100644
index 0000000..c759f5f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.io.InputStream;
+import java.util.Date;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+
+/**
+ * Default implementation of <code>VerifyCMSSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyCMSSignatureRequestImpl
+  implements VerifyCMSSignatureRequest {
+
+  /** The indexes of the signatories whose signature should be verified. */
+  private int[] signatories;
+  /** The profile ID of trusted certificates. */
+  private String trustProfileId;
+  /** The data object necessary for signature verification. */
+  private CMSDataObject dataObject;
+  /** The CMS signature to verify. */
+  private InputStream cmsSignature;
+  /** The date for which to verify the signature. */
+  private Date dateTime;
+
+  /**
+   * Sets the indexes of the signatories whose signature should be verified.
+   * 
+   * @param signatories The indexes of the signatories whose signature should be 
+   * verified.
+   */
+  public void setSignatories(int[] signatories) {
+    this.signatories = signatories;
+  }
+
+  public int[] getSignatories() {
+    return signatories;
+  }
+
+  /**
+   * Sets the date for which to verify the signature.
+   * 
+   * @param dateTime The date for which to verify the signature.
+   */
+  public void setDateTime(Date dateTime) {
+    this.dateTime = dateTime;
+  }
+
+  public Date getDateTime() {
+    return dateTime;
+  }
+
+  /**
+   * Sets the CMS signature to verify.
+   * @param signature The CMS signature to verify.
+   */
+  public void setCMSSignature(InputStream signature) {
+    this.cmsSignature = signature;
+
+  }
+
+  public InputStream getCMSSignature() {
+    return cmsSignature;
+  }
+
+  /**
+   * Sets the data object necessary for signature verification.
+   * @param dataObject The data object necessary for signature verification.
+   */
+  public void setDataObject(CMSDataObject dataObject) {
+    this.dataObject = dataObject;
+  }
+
+  public CMSDataObject getDataObject() {
+    return dataObject;
+  }
+
+  /**
+   * Sets the profile ID of trusted certificates.
+   * @param trustProfileId The profile ID of trusted certificates.
+   */
+  public void setTrustProfileId(String trustProfileId) {
+    this.trustProfileId = trustProfileId;
+  }
+
+  public String getTrustProfileId() {
+    return trustProfileId;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
new file mode 100644
index 0000000..f258b3b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Default implementation of <code>VerifyCMSSignatureResponseElement</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyCMSSignatureResponseElementImpl
+  implements VerifyCMSSignatureResponseElement {
+
+  /** Information about the signer certificate. */
+  private SignerInfo signerInfo;
+  /** Information about the signature check. */
+  private CheckResult signatureCheck;
+  /** Information about the certificate check. */
+  private CheckResult certificateCheck;
+  
+  /**
+   * Sets a SignerInfo element according to CMS.
+   * 
+   * @param signerInfo The SignerInfo element according to CMS.
+   */
+  public void setSignerInfo(SignerInfo signerInfo) {
+    this.signerInfo = signerInfo;
+  }
+
+  public SignerInfo getSignerInfo() {
+    return signerInfo;
+  }
+
+  /**
+   * Sets a result of the signature verification.
+   * 
+   * @param signatureCheck The result of the signature verification.
+   */
+  public void setSignatureCheck(CheckResult signatureCheck) {
+    this.signatureCheck = signatureCheck;
+  }
+
+  public CheckResult getSignatureCheck() {
+    return signatureCheck;
+  }
+
+  /**
+   * Sets a result of the certificate verification.
+   * 
+   * @param certificateCheck The result of the certificate verification.
+   */
+  public void setCertificateCheck(CheckResult certificateCheck) {
+    this.certificateCheck = certificateCheck;
+  }
+
+  public CheckResult getCertificateCheck() {
+    return certificateCheck;
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSinatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSinatureResponseImpl.java
new file mode 100644
index 0000000..44fb474
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSinatureResponseImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+
+/**
+ * Default implementation of <code>VerifyCMSSignatureResponse</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyCMSSinatureResponseImpl
+  implements VerifyCMSSignatureResponse {
+
+  /** The elements contained in the response. */
+  private List responseElements;
+
+  /**
+   * Sets the elements contained in the response.
+   * 
+   * @param responseElements The elements contained in the response.
+   */
+  public void setResponseElements(List responseElements) {
+    this.responseElements =
+      responseElements != null
+        ? Collections.unmodifiableList(new ArrayList(responseElements))
+        : null;
+  }
+
+  public List getResponseElements() {
+    return responseElements;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureInfoImpl.java
new file mode 100644
index 0000000..d022ae4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureInfoImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+
+/**
+ * Default implementation of <code>VerifySignatureInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifySignatureInfoImpl implements VerifySignatureInfo {
+  /** The location of the signature to be verified. */
+  private VerifySignatureLocation verifySignatureLocation;
+  /** The environment containing the signature to be verified. */
+  private Content verifySignatureEnvironment;
+
+  /**
+   * Sets the location of the signature to be verified.
+   * 
+   * @param verifySignatureLocation The location of the signature to be 
+   * verified.
+   */
+  public void setVerifySignatureLocation(VerifySignatureLocation verifySignatureLocation) {
+    this.verifySignatureLocation = verifySignatureLocation;
+  }
+
+  public VerifySignatureLocation getVerifySignatureLocation() {
+    return verifySignatureLocation;
+  }
+
+  /**
+   * Sets the signature environment containing the signature to be verified.
+   * 
+   * @param verifySignatureEnvironment The signature environment containing the 
+   * signature to be verified.
+   */
+  public void setVerifySignatureEnvironment(Content verifySignatureEnvironment) {
+    this.verifySignatureEnvironment = verifySignatureEnvironment;
+  }
+
+  public Content getVerifySignatureEnvironment() {
+    return verifySignatureEnvironment;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureLocationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureLocationImpl.java
new file mode 100644
index 0000000..8e183bb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifySignatureLocationImpl.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+
+/**
+ * Default implementation of <code>VerifySignatureLocation</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifySignatureLocationImpl
+  extends ElementSelectorImpl
+  implements VerifySignatureLocation {
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
new file mode 100644
index 0000000..25b5c39
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+
+/**
+ * Default implementation of <codeReferenceInfo</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyTransformsDataImpl implements ReferenceInfo {
+  /** Information about the transformations contained in the signature. */
+  private List verifyTransformsInfoProfiles;
+
+  /**
+   * Sets the information about the transformations contained in the signature.
+   * 
+   * @param verifyTransformsInfoProfiles The profiles containing transformation
+   * information.
+   */
+  public void setVerifyTransformsInfoProfiles(List verifyTransformsInfoProfiles) {
+    this.verifyTransformsInfoProfiles =
+      verifyTransformsInfoProfiles != null
+        ? Collections.unmodifiableList(
+          new ArrayList(verifyTransformsInfoProfiles))
+        : null;
+  }
+
+  public List getVerifyTransformsInfoProfiles() {
+    return verifyTransformsInfoProfiles;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileExplicitImpl.java
new file mode 100644
index 0000000..2ce5f39
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileExplicitImpl.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+
+/**
+ * Default implementation of <code>VerifyTransformsInfoProfileExplicit</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyTransformsInfoProfileExplicitImpl
+  implements VerifyTransformsInfoProfileExplicit {
+
+  /** The transforms contained in this profile. */
+  private List transforms;
+  /** Additional information for the transforms. */
+  private List transformParameters = new ArrayList();
+
+  /**
+   * Sets the transforms contained in this profile.
+   * 
+   * @param transforms The transforms contained in this profile.
+   */
+  public void setTransforms(List transforms) {
+    this.transforms =
+      transforms != null
+        ? Collections.unmodifiableList(new ArrayList(transforms))
+        : null;
+  }
+
+  public List getTransforms() {
+    return transforms;
+  }
+
+  /**
+   * Sets additional information for the transforms.
+   * 
+   * @param transformParameters Additional information for the transforms.
+   */
+  public void setTransformParameters(List transformParameters) {
+    this.transformParameters = new ArrayList(transformParameters);
+  }
+
+  public List getTransformParameters() {
+    return transformParameters;
+  }
+
+  /**
+   * Gets the type of <code>VerifyTransformsInfoProfile</code>.
+   * 
+   * @return EXPLICIT_VERIFYTRANSFORMSINFOPROFILE
+   */
+  public int getVerifyTransformsInfoProfileType() {
+    return EXPLICIT_VERIFYTRANSFORMSINFOPROFILE;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileIDImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileIDImpl.java
new file mode 100644
index 0000000..a545535
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsInfoProfileIDImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileID;
+
+/**
+ * Default implementation of <code>VerifyTransformsInfoProfileID</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyTransformsInfoProfileIDImpl implements VerifyTransformsInfoProfileID {
+
+  /** The profile ID. */
+  private String verifyTransformsInfoProfileID;
+
+  /**
+   * Sets the profile ID.
+   * 
+   * @param profileID The profile ID.
+   */
+  public void setVerifyTransformsInfoProfileID(String profileID) {
+    this.verifyTransformsInfoProfileID = profileID;
+  }
+
+  public String getVerifyTransformsInfoProfileID() {
+    return verifyTransformsInfoProfileID;
+  }
+
+  /**
+   * Gets the type of <code>VerifyTransformsInfoProfile</code>.
+   * 
+   * @return ID_VERIFYTRANSFORMSINFOPROFILE
+   */
+  public int getVerifyTransformsInfoProfileType() {
+    return ID_VERIFYTRANSFORMSINFOPROFILE;
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java
new file mode 100644
index 0000000..1b9be35
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureRequestImpl.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+
+/**
+ * Default implementation of <code>VerifyXMLSignatureRequest</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestImpl
+  implements VerifyXMLSignatureRequest {
+  /** Date and time for signature verification. */
+  private Date dateTime;
+  /** The signature to be verified. */
+  private VerifySignatureInfo verifySignatureInfo;
+  /** Supplemental information about the singature. */
+  private List supplementProfiles;
+  /** Additional parameters for checking the signature manifest. */
+  private SignatureManifestCheckParams signatureManifestCheckParams;
+  /** Whether to return the hash input data. */
+  private boolean returnHashInputData;
+  /** The profile ID of the trust profile containing the trusted certificates. 
+   */
+  private String trustProfileId;
+
+  /**
+   * Sets the date and time for signature verification.
+   * 
+   * @param dateTime The date and time for signature verification.
+   */
+  public void setDateTime(Date dateTime) {
+    this.dateTime = dateTime;
+  }
+
+  public Date getDateTime() {
+    return dateTime;
+  }
+
+  /** 
+   * Sets the signature to be verified.
+   * 
+   * @param signatureInfo The signature to be verified.
+   */
+  public void setSignatureInfo(VerifySignatureInfo signatureInfo) {
+    this.verifySignatureInfo = signatureInfo;
+  }
+
+  public VerifySignatureInfo getSignatureInfo() {
+    return verifySignatureInfo;
+  }
+
+  /**
+   * Sets supplemental information about the singature.
+   * @param supplementProfiles
+   */
+  public void setSupplementProfiles(List supplementProfiles) {
+    this.supplementProfiles =
+      supplementProfiles != null
+        ? Collections.unmodifiableList(new ArrayList(supplementProfiles))
+        : null;
+  }
+
+  public List getSupplementProfiles() {
+    return supplementProfiles;
+  }
+
+  /**
+   * Sets supplemental information about the singature.
+   * @param params Supplemental information about the singature.
+   */
+  public void setSignatureManifestCheckParams(SignatureManifestCheckParams params) {
+    this.signatureManifestCheckParams = params;
+  }
+
+  public SignatureManifestCheckParams getSignatureManifestCheckParams() {
+    return signatureManifestCheckParams;
+  }
+
+  /**
+   * Sets whether to return hash input data.
+   * 
+   * @param returnSignedData Whether to return hash input data.
+   */
+  public void setReturnHashInputData(boolean returnSignedData) {
+    this.returnHashInputData = returnSignedData;
+  }
+
+  public boolean getReturnHashInputData() {
+    return returnHashInputData;
+  }
+
+  /**
+   * Sets the profile ID of trusted certificates.
+   * 
+   * @param trustProfileId The profile ID of trusted certificates.
+   */
+  public void setTrustProfileId(String trustProfileId) {
+    this.trustProfileId = trustProfileId;
+  }
+
+  public String getTrustProfileId() {
+    return trustProfileId;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
new file mode 100644
index 0000000..46fd517
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class VerifyXMLSignatureResponseImpl
+  implements VerifyXMLSignatureResponse {
+
+  /** Information about the signer certificate. */
+  private SignerInfo signerInfo;
+  
+  /** 
+   * The hash input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
+   * */
+  private List hashInputDatas = new ArrayList();
+  
+  /** 
+   * The reference input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s. 
+   * */
+  private List referenceInputDatas = new ArrayList();
+  
+  /** Information about the signature check. */
+  private ReferencesCheckResult signatureCheck;
+  /** Information about the signature manifest check. */
+  private ReferencesCheckResult signatureManifestCheck;
+  /** Information about the XMLDsig manifest check. */
+  private List xmlDsigManifestChecks = new ArrayList();
+  /** Information about the certificate check. */
+  private CheckResult certificateCheck;
+  
+  /**
+   * Sets information about the signer certificate.
+   * 
+   * @param signerInfo Information about the signer certificate.
+   */
+  public void setSignerInfo(SignerInfo signerInfo) {
+    this.signerInfo = signerInfo;
+  }
+
+  public SignerInfo getSignerInfo() {
+    return signerInfo;
+  }
+
+  /**
+   * Sets data signed by the signatory.
+   * 
+   * @param hashInputDatas The signed datas.
+   */
+  public void setHashInputDatas(List hashInputDatas) {
+    this.hashInputDatas =
+      hashInputDatas != null
+        ? Collections.unmodifiableList(new ArrayList(hashInputDatas))
+        : null;
+  }
+
+  public List getHashInputDatas() {
+    return hashInputDatas;
+  }
+
+  /**
+   * Sets the source data elements.
+   * 
+   * @param referenceInputDatas The source data elements.
+   */
+  public void setReferenceInputDatas(List referenceInputDatas) {
+    this.referenceInputDatas =
+      referenceInputDatas != null
+        ? Collections.unmodifiableList(new ArrayList(referenceInputDatas))
+        : null;
+  }
+
+  public List getReferenceInputDatas() {
+    return referenceInputDatas;
+  }
+
+  /**
+   * Sets the result of the signature verification.
+   * 
+   * @param signatureCheck The result of the signature verification.
+   */
+  public void setSignatureCheck(ReferencesCheckResult signatureCheck) {
+    this.signatureCheck = signatureCheck;
+  }
+
+  public ReferencesCheckResult getSignatureCheck() {
+    return signatureCheck;
+  }
+
+  /**
+   * Sets the result of the signature manifest verification.
+   * 
+   * @param signatureManifestCheck The result of the signature manifest verification.
+   */
+  public void setSignatureManifestCheck(ReferencesCheckResult signatureManifestCheck) {
+    this.signatureManifestCheck = signatureManifestCheck;
+  }
+
+  public ReferencesCheckResult getSignatureManifestCheck() {
+    return signatureManifestCheck;
+  }
+
+  /**
+   * Sets the result of the certification verification.
+   * 
+   * @param certificateCheck The result of the certificate verification.
+   */
+  public void setCertificateCheck(CheckResult certificateCheck) {
+    this.certificateCheck = certificateCheck;
+  }
+
+  public CheckResult getCertificateCheck() {
+    return certificateCheck;
+  }
+  
+
+  /**
+   * Sets the XMLDSigManifestChecks.
+   * 
+   * @param xmlDsigManifestChecks The XMLDSigManifestChecks.
+   */
+  public void setXMLDsigManifestChecks(List xmlDsigManifestChecks) {
+    this.xmlDsigManifestChecks =
+      xmlDsigManifestChecks != null
+        ? Collections.unmodifiableList(new ArrayList(xmlDsigManifestChecks))
+        : null;
+  }
+
+  public List getXMLDsigManifestChecks() {
+    return xmlDsigManifestChecks;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/X509IssuerSerialImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/X509IssuerSerialImpl.java
new file mode 100644
index 0000000..aff7e10
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/X509IssuerSerialImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.math.BigInteger;
+
+import at.gv.egovernment.moa.spss.api.common.X509IssuerSerial;
+
+/**
+ * Default implementation of <code>X509IssuerSerial</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class X509IssuerSerialImpl implements X509IssuerSerial {
+  /** The certificate serial number. */
+  private BigInteger x509SerialNumber;
+  /** The certificate issuer DN. */
+  private String x509IssuerName;
+
+  /**
+   * Sets the issuer distinguished name.
+   * 
+   * @param x509IssuerName The issuer distinguished name.
+   */
+  public void setX509IssuerName(String x509IssuerName) {
+    this.x509IssuerName = x509IssuerName;
+  }
+
+  public String getX509IssuerName() {
+    return x509IssuerName;
+  }
+
+  /**
+   * Sets the certificate serial number.
+   * 
+   * @param x509SerialNumber The issuer serial number.
+   */
+  public void setX509SerialNumber(BigInteger x509SerialNumber) {
+    this.x509SerialNumber = x509SerialNumber;
+  }
+
+  public BigInteger getX509SerialNumber() {
+    return x509SerialNumber;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XMLDataObjectAssociationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XMLDataObjectAssociationImpl.java
new file mode 100644
index 0000000..dabf29d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XMLDataObjectAssociationImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+
+/**
+ * Default implementation of <code>XMLDataObjectAssociation</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XMLDataObjectAssociationImpl implements XMLDataObjectAssociation {
+
+  /** Meta information about the <code>Content</code> object. */
+  private MetaInfo metaInfo;
+  /** The actual data contained in this object. */
+  private Content content;
+
+  /**
+   * Sets meta information about the <code>Content</code> object.
+   * @param metaInfo Meta information about the <code>Content</code> object.
+   */
+  public void setMetaInfo(MetaInfo metaInfo) {
+    this.metaInfo = metaInfo;
+  }
+
+  public MetaInfo getMetaInfo() {
+    return metaInfo;
+  }
+
+  /**
+   * Sets the actual data contained in this object.
+   * 
+   * @param content The actual data contained in this object.
+   */
+  public void setContent(Content content) {
+    this.content = content;
+  }
+
+  public Content getContent() {
+    return content;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilter2TransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilter2TransformImpl.java
new file mode 100644
index 0000000..175de3a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilter2TransformImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform;
+
+/**
+ * Default implementation of <code>XPathFilter2Transform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XPathFilter2TransformImpl
+  extends TransformImpl
+  implements XPathFilter2Transform {
+    
+  /** The XPath filters. */
+  private List filters;
+  
+  /**
+   * Create a new <code>XPathFilter2TransformImpl</code> object.
+   */
+  public XPathFilter2TransformImpl() {
+    setAlgorithmURI(XPATH_FILTER2);
+  }
+
+  /**
+   * Sets the XPath filters contained in this  
+   * <code>XPathFilter2Transform</code>.
+   * 
+   * @param filters The XPath filters contained in this 
+   * <code>XPathFilter2Transform</code>.
+   */  
+  public void setFilters(List filters) {
+    this.filters = new ArrayList(filters);
+  }
+
+  public List getFilters() {
+    return filters;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilterImpl.java
new file mode 100644
index 0000000..6615e9f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathFilterImpl.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+
+/**
+ * Default implementation of <code>XPathFilter</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XPathFilterImpl implements XPathFilter {
+  /** The type of filter. */
+  private String filterType;
+  /** The XPath expression of the filter. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to while evaluating the XPath 
+   * expression. */
+  private Map namespaceDeclarations = new HashMap();
+
+  /**
+   * Sets the type of filter.
+   * 
+   * @param filterType The type of filter.
+   */
+  public void setFilterType(String filterType) {
+    this.filterType = filterType;
+  }
+
+  public String getFilterType() {
+    return filterType;
+  }
+
+  /**
+   * Sets the XPath expression of the filter.
+   * 
+   * @param xPathExpression The XPath expression of the filter.
+   */
+  public void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * Sets the namespace prefix to URI mapping to while evaluating the XPath 
+   * expression.
+   * 
+   * @param namespaceDeclarations The namespace prefix to URI mapping to while 
+   * evaluating the XPath expression.
+   */
+  public void setNamespaceDelcarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathTransformImpl.java
new file mode 100644
index 0000000..f626a95
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XPathTransformImpl.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.spss.api.common.XPathTransform;
+
+/**
+ * Default implementation of <code>XPathTransform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XPathTransformImpl
+  extends TransformImpl
+  implements XPathTransform {
+    
+  /** The XPath expression to evaluate. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to while evaluating the XPath 
+   * expression. */
+  private Map namespaceDeclarations = new HashMap();
+
+  /**
+   * Create a new <code>XPathTransformImpl</code> object.
+   */
+  public XPathTransformImpl() {
+    setAlgorithmURI(XPATH);
+  }
+
+  /**
+   * Sets the XPath expression to evaluate.
+   * 
+   * @param xPathExpression The XPath expression to evaluate.
+   */
+  public void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * Sets the namespace prefix to URI mapping to while evaluating the XPath 
+   * expression.
+   * 
+   * @param namespaceDeclarations The namespace prefix to URI mapping to while 
+   * evaluating the XPath expression.
+   */
+  public void setNamespaceDelcarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XSLTransformImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XSLTransformImpl.java
new file mode 100644
index 0000000..3fd4cc1
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/XSLTransformImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.impl;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.common.XSLTTransform;
+
+/**
+ * Default implementation of <code>XSLTTransform</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class XSLTransformImpl extends TransformImpl implements XSLTTransform {
+  /** The XSLT stylesheet to apply. */
+  private Element styleSheet;
+  
+  /**
+   * Create a new <code>XSLTransformImpl</code> object.
+   */
+  public XSLTransformImpl() {
+    setAlgorithmURI(XSLT);
+  }
+
+  /**
+   * Sets the XSLT stylesheet to apply.
+   * 
+   * @param styleSheet The XSLT stylesheet to apply.
+   */
+  public void setStylesheet(Element styleSheet) {
+    this.styleSheet = styleSheet;
+  }
+
+  public Element getStylesheet() {
+    return styleSheet;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
new file mode 100644
index 0000000..a8cae9c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
@@ -0,0 +1,261 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A parser to parse <code>CreateCMSSignatureRequest</code> DOM trees into
+ * <code>CreateCMSSignatureRequest</code> API objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateCMSSignatureRequestParser {
+
+  //
+  // XPath expresssions to select elements in the CreateCMSSignatureRequest
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String KEY_IDENTIFIER_XPATH =
+    "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "KeyIdentifier";
+  private static final String SINGLE_SIGNATURE_INFO_XPATH =
+    "/" + MOA + "CreateCMSSignatureRequest/" + MOA + "SingleSignatureInfo";
+  private static final String DATA_OBJECT_INFO_XPATH = MOA + "DataObjectInfo";
+  private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
+  
+  private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+
+  private static final String META_INFO_XPATH = MOA + "MetaInfo";
+  private static final String CONTENT_XPATH = MOA + "Content";
+  private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content";
+  private static final String EXCLUDEBYTERANGE_FROM_XPATH = MOA + "ExcludedByteRange/" + MOA + "From";
+  private static final String EXCLUDEBYTERANGE_TO_XPATH = MOA + "ExcludedByteRange/" + MOA + "To";
+  
+
+  
+  /** The factory to create API objects. */
+  private SPSSFactory factory;
+
+  /**
+   * Create a new <code>CreateCMSSignatureRequestParser</code>.
+   */
+  public CreateCMSSignatureRequestParser() {
+    this.factory = SPSSFactory.getInstance();
+  }
+
+  /**
+   * Parse a <code>CreateCMSSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>CreateCMSSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>CreateCMSSignatureRequest</code> API object containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public CreateCMSSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = parseSingleSignatureInfos(requestElem);
+    String keyIdentifier =
+      XPathUtils.getElementValue(requestElem, KEY_IDENTIFIER_XPATH, null);
+
+    return factory.createCreateCMSSignatureRequest(
+      keyIdentifier,
+      singleSignatureInfos);
+  }
+
+  /**
+   * Parse all <code>SingleSignatureInfo</code> elements of the 
+   * <code>CreateCMSSignatureRequest</code>.
+   * 
+   * @param requestElem The <code>CreateCMSSignatureRequest</code> to parse.
+   * @return A <code>List</code> of <code>SingleSignatureInfo</code> API 
+   * objects.
+   * @throws MOAApplicationException An error occurred parsing on of the 
+   * <code>SingleSignatureInfo</code> elements.
+   */
+  private List parseSingleSignatureInfos(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = new ArrayList();
+    NodeIterator sigInfoElems =
+      XPathUtils.selectNodeIterator(requestElem, SINGLE_SIGNATURE_INFO_XPATH);
+    Element sigInfoElem;
+
+    while ((sigInfoElem = (Element) sigInfoElems.nextNode()) != null) {
+      singleSignatureInfos.add(parseSingleSignatureInfo(sigInfoElem));
+    }
+
+    return singleSignatureInfos;
+  }
+
+  /**
+   * Parse a <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The <code>SingleSignatureInfo</code> DOM element to 
+   * parse.
+   * @return A <code>SingleSignatureInfo</code> API object containing the 
+   * information of <code>sigInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>SingleSignatureInfo</code>.
+   */
+  private SingleSignatureInfo parseSingleSignatureInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+    DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem);
+    boolean securityLayerConform;
+
+    if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
+      securityLayerConform =
+        BoolUtils.valueOf(sigInfoElem.getAttribute(SL_CONFORM_ATTR_NAME));
+    } else {
+      securityLayerConform = true;
+    }
+
+    return factory.createSingleSignatureInfoCMS(
+      dataObjectInfo,
+      securityLayerConform);
+  }
+
+  /**
+   * Parse the <code>DataObjectInfo</code> DOM elements contained in the given
+   * <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The  <code>SingleSignatureInfo</code> DOM element
+   * whose <code>DataObjectInfo</code>s to parse.
+   * @return A <code>List</code> of <code>DataObjectInfo</code> API objects
+   * containing the data from the <code>DataObjectInfo</code> DOM elements.
+   * @throws MOAApplicationException An error occurred parsing one of the
+   * <code>DataObjectInfo</code>s.
+   */
+  private DataObjectInfo parseDataObjectInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+	  Element dataObjInfoElem = (Element)XPathUtils.selectSingleNode(sigInfoElem, DATA_OBJECT_INFO_XPATH);
+	  
+	  String structure = dataObjInfoElem.getAttribute("Structure");
+	    Element dataObjectElem =
+	      (Element) XPathUtils.selectSingleNode(dataObjInfoElem, DATA_OBJECT_XPATH);
+	  
+	    CMSDataObject dataObject = parseDataObject(dataObjectElem);
+
+	    return factory.createDataObjectInfo(
+	      structure,
+	      dataObject);
+	    
+  }
+  
+ 
+
+ 
+
+  /**
+   * Parse a the <code>DataObject</code> DOM element contained in a given 
+   * <code>CreateCMSSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The DataObject DOM element of the <code>VerifyCMSSignatureRequest</code> 
+   * to parse.
+   * @return The <code>CMSDataObject</code> API object containing the data
+   * from the <code>DataObject</code> DOM element.
+   */
+  private CMSDataObject parseDataObject(Element dataObjectElem) {
+
+    if (dataObjectElem != null) {
+      Element metaInfoElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, META_INFO_XPATH);
+      MetaInfo metaInfo = null;
+      Element contentElem = (Element) XPathUtils.selectSingleNode(dataObjectElem, CONTENT_XPATH);
+      CMSContent content = parseContent(contentElem);
+
+      if (metaInfoElem != null) {
+        metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
+      }
+
+      String excludeByteRangeFromStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_FROM_XPATH, null);
+      String excludeByteRangeToStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_TO_XPATH, null);
+      
+      BigDecimal excludeByteRangeFrom = null;
+      BigDecimal excludeByteRangeTo = null;
+      
+      if (excludeByteRangeFromStr != null)
+    	  excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr);
+      if (excludeByteRangeToStr != null)
+    	  excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr);
+      
+      return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo);
+    } 
+    else {
+      return null;
+    }
+  }
+
+    
+
+    /**
+     * Parse the content contained in a <code>CMSContentBaseType</code> kind of
+     * DOM element.
+     * 
+     * @param contentElem The <code>CMSContentBaseType</code> kind of element to
+     * parse.
+     * @return A <code>CMSDataObject</code> API object containing the data
+     * from the given DOM element.
+     */
+    private CMSContent parseContent(Element contentElem) {
+      Element base64ContentElem =
+        (Element) XPathUtils.selectSingleNode(contentElem, BASE64_CONTENT_XPATH);
+
+      if (base64ContentElem != null) {
+        String base64Str = DOMUtils.getText(base64ContentElem);
+        InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true);
+        return factory.createCMSContent(binaryContent);
+      } else {
+        return factory.createCMSContent(
+          contentElem.getAttribute("Reference"));
+      }
+    } 
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
new file mode 100644
index 0000000..907f90d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.util.Iterator;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Convert a <code>CreateCMSSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseBuilder {
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>CreateCMSSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>CreateCMSSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public CreateCMSSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("CreateCMSSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>CreateCMSSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>CreateCMSSignatureResponse</code> API object.
+   * 
+   * @param response The <code>CreateCMSSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>CreateCMSSignatureResponse</code>
+   * DOM element.
+   */
+  public Document build(CreateCMSSignatureResponse response) {
+    Iterator iter;
+
+        
+    for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
+      CreateCMSSignatureResponseElement responseElement =
+        (CreateCMSSignatureResponseElement) iter.next();
+      
+      switch (responseElement.getResponseType()) {
+        case CreateCMSSignatureResponseElement.CMS_SIGNATURE :
+        	CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseElement;
+        	addCMSSignature(cmsSignatureResponse);
+          break;
+
+        case CreateCMSSignatureResponseElement.ERROR_RESPONSE :
+          ErrorResponse errorResponse = (ErrorResponse) responseElement;
+          addErrorResponse(errorResponse);
+          break;
+      }
+
+    }
+
+    return responseDoc;
+  }
+
+
+
+  /**
+   * Add a <code>CMSSignature</code> element to the response.
+   * 
+   * @param cmsSignatureResponse The content to put under the
+   * <code>CMSSignature</code> element.
+   */
+  private void addCMSSignature(CMSSignatureResponse cmsSignatureResponse) {
+	  String base64Value = cmsSignatureResponse.getCMSSignature();
+	  
+	  Element cmsSignature = responseDoc.createElementNS(MOA_NS_URI, "CMSSignature");	  
+	  cmsSignature.setTextContent(base64Value);
+	  
+	  responseElem.appendChild(cmsSignature);
+	  
+}
+  
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorResponse The API object containing the information to put into
+   * the <code>ErrorResponse</code> DOM element.
+   */
+  private void addErrorResponse(ErrorResponse errorResponse) {
+    Element errorElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorResponse");
+    Element errorCodeElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorCode");
+    Element infoElem = responseDoc.createElementNS(MOA_NS_URI, "Info");
+    String errorCodeStr = Integer.toString(errorResponse.getErrorCode());
+
+    errorCodeElem.appendChild(responseDoc.createTextNode(errorCodeStr));
+    errorElem.appendChild(errorCodeElem);
+    infoElem.appendChild(responseDoc.createTextNode(errorResponse.getInfo()));
+    errorElem.appendChild(errorCodeElem);
+    errorElem.appendChild(infoElem);
+    responseElem.appendChild(errorElem);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java
new file mode 100644
index 0000000..9cea2fc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParser.java
@@ -0,0 +1,312 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+
+/**
+ * A parser to parse <code>CreateXMLSignatureRequest</code> DOM trees into
+ * <code>CreateXMLSignatureRequest</code> API objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateXMLSignatureRequestParser {
+
+  //
+  // XPath expresssions to select elements in the CreateXMLSignatureRequest
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String KEY_IDENTIFIER_XPATH =
+    "/" + MOA + "CreateXMLSignatureRequest/" + MOA + "KeyIdentifier";
+  private static final String SINGLE_SIGNATURE_INFO_XPATH =
+    "/" + MOA + "CreateXMLSignatureRequest/" + MOA + "SingleSignatureInfo";
+  private static final String DATA_OBJECT_INFO_XPATH = MOA + "DataObjectInfo";
+  private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
+  private static final String CREATE_SIGNATURE_INFO_XPATH =
+    MOA + "CreateSignatureInfo";
+  private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH =
+    (MOA + "CreateTransformsInfoProfile | ")
+      + (MOA + "CreateTransformsInfoProfileID");
+  private static final String CREATE_SIGNATURE_ENVIRONMENT_XPATH =
+    MOA + "CreateSignatureEnvironment";
+  private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH =
+    (MOA + "CreateSignatureEnvironmentProfile | ")
+      + (MOA + "CreateSignatureEnvironmentProfileID");
+  private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+  
+  /** The factory to create API objects. */
+  private SPSSFactory factory;
+
+  /**
+   * Create a new <code>CreateXMLSignatureRequestParser</code>.
+   */
+  public CreateXMLSignatureRequestParser() {
+    this.factory = SPSSFactory.getInstance();
+  }
+
+  /**
+   * Parse a <code>CreateXMLSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>CreateXMLSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>CreateXMLSignatureRequest</code> API object containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public CreateXMLSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = parseSingleSignatureInfos(requestElem);
+    String keyIdentifier =
+      XPathUtils.getElementValue(requestElem, KEY_IDENTIFIER_XPATH, null);
+
+    return factory.createCreateXMLSignatureRequest(
+      keyIdentifier,
+      singleSignatureInfos);
+  }
+
+  /**
+   * Parse all <code>SingleSignatureInfo</code> elements of the 
+   * <code>CreateXMLSignatureRequest</code>.
+   * 
+   * @param requestElem The <code>CreateXMLSignatureRequest</code> to parse.
+   * @return A <code>List</code> of <code>SingleSignatureInfo</code> API 
+   * objects.
+   * @throws MOAApplicationException An error occurred parsing on of the 
+   * <code>SingleSignatureInfo</code> elements.
+   */
+  private List parseSingleSignatureInfos(Element requestElem)
+    throws MOAApplicationException {
+
+    List singleSignatureInfos = new ArrayList();
+    NodeIterator sigInfoElems =
+      XPathUtils.selectNodeIterator(requestElem, SINGLE_SIGNATURE_INFO_XPATH);
+    Element sigInfoElem;
+
+    while ((sigInfoElem = (Element) sigInfoElems.nextNode()) != null) {
+      singleSignatureInfos.add(parseSingleSignatureInfo(sigInfoElem));
+    }
+
+    return singleSignatureInfos;
+  }
+
+  /**
+   * Parse a <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The <code>SingleSignatureInfo</code> DOM element to 
+   * parse.
+   * @return A <code>SingleSignatureInfo</code> API object containing the 
+   * information of <code>sigInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>SingleSignatureInfo</code>.
+   */
+  private SingleSignatureInfo parseSingleSignatureInfo(Element sigInfoElem)
+    throws MOAApplicationException {
+
+    List dataObjectInfos = parseDataObjectInfos(sigInfoElem);
+    CreateSignatureInfo createSignatureInfo =
+      parseCreateSignatureInfo(sigInfoElem);
+    boolean securityLayerConform;
+
+    if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
+      securityLayerConform =
+        BoolUtils.valueOf(sigInfoElem.getAttribute(SL_CONFORM_ATTR_NAME));
+    } else {
+      securityLayerConform = true;
+    }
+
+    return factory.createSingleSignatureInfo(
+      dataObjectInfos,
+      createSignatureInfo,
+      securityLayerConform);
+  }
+
+  /**
+   * Parse the <code>DataObjectInfo</code> DOM elements contained in the given
+   * <code>SingleSignatureInfo</code> DOM element.
+   * 
+   * @param sigInfoElem The  <code>SingleSignatureInfo</code> DOM element
+   * whose <code>DataObjectInfo</code>s to parse.
+   * @return A <code>List</code> of <code>DataObjectInfo</code> API objects
+   * containing the data from the <code>DataObjectInfo</code> DOM elements.
+   * @throws MOAApplicationException An error occurred parsing one of the
+   * <code>DataObjectInfo</code>s.
+   */
+  private List parseDataObjectInfos(Element sigInfoElem)
+    throws MOAApplicationException {
+
+    List dataObjectInfos = new ArrayList();
+    NodeIterator dataObjInfoElems =
+      XPathUtils.selectNodeIterator(sigInfoElem, DATA_OBJECT_INFO_XPATH);
+    Element dataObjInfoElem;
+
+    while ((dataObjInfoElem = (Element) dataObjInfoElems.nextNode()) != null) {
+      dataObjectInfos.add(parseDataObjectInfo(dataObjInfoElem));
+    }
+    return dataObjectInfos;
+  }
+
+  /**
+   * Parse a <code>DataObjectInfo</code> DOM element.
+   * 
+   * @param dataObjInfoElem The <code>DataObjectInfo</code> DOM element to 
+   * parse.
+   * @return A <code>DataObjectInfo</code> API element containing the data
+   * from <code>dataObjInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>DataObjectInfo</code>.
+   */
+  private DataObjectInfo parseDataObjectInfo(Element dataObjInfoElem)
+    throws MOAApplicationException {
+
+    String structure = dataObjInfoElem.getAttribute("Structure");
+    Element dataObjectElem =
+      (Element) XPathUtils.selectSingleNode(dataObjInfoElem, DATA_OBJECT_XPATH);
+    Content dataObject = RequestParserUtils.parseContent(dataObjectElem);
+    CreateTransformsInfoProfile createTransformsInfoProfile =
+      parseCreateTransformsInfoProfile(dataObjInfoElem);
+    boolean childOfManifest;
+
+    if (dataObjInfoElem.hasAttribute("ChildOfManifest")) {
+      childOfManifest =
+        BoolUtils.valueOf(dataObjInfoElem.getAttribute("ChildOfManifest"));
+    } else {
+      childOfManifest = false;
+    }
+
+    return factory.createDataObjectInfo(
+      structure,
+      childOfManifest,
+      dataObject,
+      createTransformsInfoProfile);
+  }
+
+  /**
+   * Parse a <code>CreateTransformsInfoProfile</code> DOM element.
+   * 
+   * @param dataObjInfoElem The <code>DataObjectInfo</code> DOM element 
+   * containing the <code>CreateTransformsInfoProfile</code>.
+   * @return The <code>CreateTransformsInfoProfile</code> API object containing
+   * the profile found in <code>dataObjInfoElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>CreateTransformsInfoProfile</code>.
+   */
+  private CreateTransformsInfoProfile parseCreateTransformsInfoProfile(Element dataObjInfoElem)
+    throws MOAApplicationException {
+
+    Element profileElem =
+      (Element) XPathUtils.selectSingleNode(
+        dataObjInfoElem,
+        CREATE_TRANSFORMS_INFO_PROFILE_XPATH);
+
+    if ("CreateTransformsInfoProfile".equals(profileElem.getLocalName())) {
+      ProfileParser profileParser = new ProfileParser();
+      return profileParser.parseCreateTransformsInfoProfile(profileElem);
+
+    } else {
+      String profileID = DOMUtils.getText(profileElem);
+      return factory.createCreateTransformsInfoProfile(profileID);
+    }
+  }
+
+  /**
+   * Parse the <code>CreateSignatureInfo</code> DOM element contained in
+   * a <code>SingleSignatureInfo</code>.
+   * 
+   * @param sigInfoElem The <code>SingleSignatureInfo</code> DOM element
+   * containing the <code>CreateSignatureInfo</code> to be parsed.
+   * @return A <code>CreateSignatureInfo</code> API object containing the
+   * data from the <code>CreateSignatureInfo</code> DOM element, or 
+   * <code>null</code>, if none was found.
+   */
+  private CreateSignatureInfo parseCreateSignatureInfo(Element sigInfoElem) {
+    Element createInfoElem =
+      (Element) XPathUtils.selectSingleNode(
+        sigInfoElem,
+        CREATE_SIGNATURE_INFO_XPATH);
+
+    if (createInfoElem != null) {
+      Element environmentElem =
+        (Element) XPathUtils.selectSingleNode(
+          createInfoElem,
+          CREATE_SIGNATURE_ENVIRONMENT_XPATH);
+      Content environment = RequestParserUtils.parseContent(environmentElem);
+      CreateSignatureEnvironmentProfile environmentProfile =
+        parseCreateSignatureEnvironmentProfile(createInfoElem);
+
+      return factory.createCreateSignatureInfo(environment, environmentProfile);
+    } else {
+      return null;
+    }
+  }
+
+  /**
+   * Parse the <code>CreateSignatureEnvironmentProfile</code> contained in
+   * the given <code>CreateSignatureInfo</code> DOM element.
+   * 
+   * @param createInfoElem <code>CreateSignatureInfo</code> DOM element to
+   * parse.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> contained
+   * in the given <code>CreateSignatureInfo</code> DOM element..
+   */
+  private CreateSignatureEnvironmentProfile parseCreateSignatureEnvironmentProfile(Element createInfoElem) {
+    Element profileElem =
+      (Element) XPathUtils.selectSingleNode(
+        createInfoElem,
+        CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH);
+
+    if ("CreateSignatureEnvironmentProfile"
+      .equals(profileElem.getLocalName())) {
+      ProfileParser profileParser = new ProfileParser();
+      return profileParser.parseCreateSignatureEnvironmentProfile(profileElem);
+    } else {
+      String profileID = DOMUtils.getText(profileElem);
+      return factory.createCreateSignatureEnvironmentProfile(profileID);
+    }
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java
new file mode 100644
index 0000000..0af1a67
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureResponseBuilder.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.Iterator;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.util.Constants;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+
+/**
+ * Convert a <code>CreateXMLSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateXMLSignatureResponseBuilder {
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>CreateXMLSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>CreateXMLSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public CreateXMLSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("CreateXMLSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>CreateXMLSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>CreateXMLSignatureResponse</code> API object.
+   * 
+   * @param response The <code>CreateXMLSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>CreateXMLSignatureResponse</code>
+   * DOM element.
+   */
+  public Document build(CreateXMLSignatureResponse response) {
+    Iterator iter;
+
+    for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
+      CreateXMLSignatureResponseElement responseElement =
+        (CreateXMLSignatureResponseElement) iter.next();
+
+      switch (responseElement.getResponseType()) {
+        case CreateXMLSignatureResponseElement.SIGNATURE_ENVIRONMENT_RESPONSE :
+          SignatureEnvironmentResponse envResponse =
+            (SignatureEnvironmentResponse) responseElement;
+          addSignatureEnvironment(envResponse);
+          break;
+
+        case CreateXMLSignatureResponseElement.ERROR_RESPONSE :
+          ErrorResponse errorResponse = (ErrorResponse) responseElement;
+          addErrorResponse(errorResponse);
+          break;
+      }
+
+    }
+
+    return responseDoc;
+  }
+
+  /**
+   * Add a <code>SignatureEnvironment</code> element to the response.
+   * 
+   * @param envResponse The content to put under the
+   * <code>SignatureEnvironment</code> element. This should either be a
+   * <code>dsig:Signature</code> element (in case of a detached signature) or
+   * the signature environment containing the signature (in case of
+   * an enveloping signature).
+   */
+  private void addSignatureEnvironment(SignatureEnvironmentResponse envResponse) {
+    Element content = envResponse.getSignatureEnvironment();
+    Node importedSignature = responseDoc.importNode(content, true);
+    Element signatureEnvironment =
+      responseDoc.createElementNS(MOA_NS_URI, "SignatureEnvironment");
+    signatureEnvironment.appendChild(importedSignature);
+    responseElem.appendChild(signatureEnvironment);
+  }
+
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorResponse The API object containing the information to put into
+   * the <code>ErrorResponse</code> DOM element.
+   */
+  private void addErrorResponse(ErrorResponse errorResponse) {
+    Element errorElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorResponse");
+    Element errorCodeElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ErrorCode");
+    Element infoElem = responseDoc.createElementNS(MOA_NS_URI, "Info");
+    String errorCodeStr = Integer.toString(errorResponse.getErrorCode());
+
+    errorCodeElem.appendChild(responseDoc.createTextNode(errorCodeStr));
+    errorElem.appendChild(errorCodeElem);
+    infoElem.appendChild(responseDoc.createTextNode(errorResponse.getInfo()));
+    errorElem.appendChild(errorCodeElem);
+    errorElem.appendChild(infoElem);
+    responseElem.appendChild(errorElem);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java
new file mode 100644
index 0000000..0705c0b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ProfileParser.java
@@ -0,0 +1,309 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile;
+
+/**
+ * Parse the various profile elements contained in the MOA web service requests
+ * and given as separate files in the MOA configuration.
+ * 
+ * The profiles parsed must be schema valid according to the MOA XML schema.
+ *  
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ProfileParser {
+  
+  //
+  // XPath expressions to select parts of the profiles
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  private static final String CREATE_TRANSFORMS_XPATH =
+    MOA + "CreateTransformsInfo/" + DSIG + "Transforms";
+  private static final String FINAL_DATA_META_INFO_XPATH =
+    MOA + "CreateTransformsInfo/" + MOA + "FinalDataMetaInfo";
+  private static final String CREATE_SIGNATURE_LOCATION_XPATH =
+    MOA + "CreateSignatureLocation";
+  private static final String SUPPLEMENT_XPATH = MOA + "Supplement";
+  private static final String VERIFY_TRANSFORMS_XPATH = DSIG + "Transforms";
+  private static final String TRANSFORM_PARAMETER_XPATH =
+    MOA + "TransformParameter";
+  private static final String TRANSFORM_PARAMETER_CONTENT_XPATH =
+    MOA + "Base64Content | " + MOA + "Hash";
+  private static final String DIGEST_METHOD_XPATH = DSIG + "DigestMethod";
+  private static final String DIGEST_VALUE_XPATH = DSIG + "DigestValue";
+
+  /** The factory used to create API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+  /**
+   * Parse a <code>CreateTransformsInfoProfile</code> DOM element.
+   * 
+   * @param profileElem The <code>CreateTransformsInfoProfile</code> element
+   * to parse.
+   * @return The <code>CreateTransformsInfoProfile</code> API object containing
+   * the data from the <code>profileElem</code>.
+   * @throws MOAApplicationException An error occurred parsing the DOM element. 
+   */
+  public CreateTransformsInfoProfile parseCreateTransformsInfoProfile(Element profileElem)
+    throws MOAApplicationException {
+    CreateTransformsInfo createTransformsInfo =
+      parseCreateTransformsInfo(profileElem);
+    List supplements = parseSupplements(profileElem);
+
+    return factory.createCreateTransformsInfoProfile(
+      createTransformsInfo,
+      supplements);
+  }
+
+  /**
+   * Parse the <code>CreateTransformsInfo</code> DOM element contained in a 
+   * <code>CreateTransformsInfoProfile</code>.
+   * 
+   * @param profileElem The <code>CreateTransformsInfoProfile</code> DOM
+   * element containing the <code>CreateTransformsInfo</code>.
+   * @return The <code>CreateTransformsInfo</code> API object containinig the
+   * data from the <code>CreateTransformsInfo</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>CreateTransformsInfo</code> DOM element.
+   */
+  private CreateTransformsInfo parseCreateTransformsInfo(Element profileElem)
+    throws MOAApplicationException {
+
+    Element transformsElem =
+      (Element) XPathUtils.selectSingleNode(
+        profileElem,
+        CREATE_TRANSFORMS_XPATH);
+    Element metaInfoElem =
+      (Element) XPathUtils.selectSingleNode(
+        profileElem,
+        FINAL_DATA_META_INFO_XPATH);
+    MetaInfo finalDataMetaInfo;
+    List transforms;
+
+    // parse the dsig:Transforms    
+    if (transformsElem != null) {
+      TransformParser transformsParser = new TransformParser();
+      transforms = transformsParser.parseTransforms(transformsElem);
+    } else {
+      transforms = null;
+    }
+
+    // parse the meta info
+    finalDataMetaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
+
+    return factory.createCreateTransformsInfo(transforms, finalDataMetaInfo);
+  }
+
+  /**
+   * Parse a <code>CreateSignatureEnvironmentProfile</code> DOM element.
+   * 
+   * @param profileElem The <code>CreateSignatureEnvironmentProfile</code>
+   * DOM element to parse.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> API object
+   * containing the data from the <code>profileElem</code>.
+   */
+  public CreateSignatureEnvironmentProfile parseCreateSignatureEnvironmentProfile(Element profileElem) {
+    CreateSignatureLocation createSignatureLocation =
+      parseCreateSignatureLocation(profileElem);
+    List supplements = parseSupplements(profileElem);
+
+    return factory.createCreateSignatureEnvironmentProfile(
+      createSignatureLocation,
+      supplements);
+  }
+
+  /**
+   * Parse a <code>CreateSignatureLocation</code> DOM element contained in 
+   * a <code>CreateSignatureEnvironmentProfile</code>.
+   * 
+   * @param profileElem The <code>CreateSignatureEnvironmentProfile</code> DOM
+   * element containing the <code>CreateSignatureLocation</code>.
+   * @return The <code>CreateSignatureLocation</code> API object containing
+   * the data from the <code>CreateSignatureLocation</code> DOM element.
+   */
+  private CreateSignatureLocation parseCreateSignatureLocation(Element profileElem) {
+    Element locationElem =
+      (Element) XPathUtils.selectSingleNode(
+        profileElem,
+        CREATE_SIGNATURE_LOCATION_XPATH);
+    String xPathExpression = DOMUtils.getText(locationElem);
+    Map namespaceDeclarations = DOMUtils.getNamespaceDeclarations(locationElem);
+    String indexStr = locationElem.getAttribute("Index");
+    int index = Integer.parseInt(indexStr);
+
+    return factory.createCreateSignatureLocation(
+      xPathExpression,
+      index,
+      namespaceDeclarations);
+  }
+
+  /**
+   * Parse all <code>Supplement</code> DOM elements contained in a given
+   * parent DOM element.
+   * 
+   * @param supplementsParentElem The DOM element being the parent of the
+   * <code>Supplement</code>s.
+   * @return A <code>List</code> of <code>Supplement</code> API objects 
+   * containing the data from the <code>Supplement</code> DOM elements.
+   */
+  private List parseSupplements(Element supplementsParentElem) {
+    List supplements = new ArrayList();
+    NodeIterator supplementElems =
+      XPathUtils.selectNodeIterator(supplementsParentElem, SUPPLEMENT_XPATH);
+    Element supplementElem;
+
+    while ((supplementElem = (Element) supplementElems.nextNode()) != null) {
+      XMLDataObjectAssociation supplement =
+        RequestParserUtils.parseXMLDataObjectAssociation(supplementElem);
+      supplements.add(supplement);
+    }
+    return supplements;
+  }
+
+  /**
+   * Parse a <code>SupplementProfile</code> DOM element.
+   * 
+   * @param profileElem The <code>SupplementProfile</code> DOM element to parse.
+   * @return The <code>SupplementProfile</code> API object containing the
+   * data from the <code>SupplementProfile</code> DOM element.
+   */
+  public SupplementProfile parseSupplementProfile(Element profileElem) {
+    XMLDataObjectAssociation supplementProfile =
+      RequestParserUtils.parseXMLDataObjectAssociation(profileElem);
+
+    return factory.createSupplementProfile(supplementProfile);
+  }
+
+  /**
+   * Parse a <code>VerifyTransformsInfoProfile</code> DOM element. 
+   * 
+   * @param profileElem The <code>VerifyTransformsInfoProfile</code> DOM 
+   * element to parse.
+   * @return A <code>VerifyTransformsInfoProfile</code> API object containing
+   * the information from the <code>VerifyTransformsInfoProfile</code> DOM 
+   * element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>VerifyTransformsInfoProfile</code>.
+   */
+  public VerifyTransformsInfoProfile parseVerifyTransformsInfoProfile(Element profileElem)
+    throws MOAApplicationException {
+    Element transformsElem =
+      (Element) XPathUtils.selectSingleNode(
+        profileElem,
+        VERIFY_TRANSFORMS_XPATH);
+    List transforms = null;
+    NodeIterator paramElems =
+      XPathUtils.selectNodeIterator(profileElem, TRANSFORM_PARAMETER_XPATH);
+    Element paramElem;
+    List transformParameters = new ArrayList();
+
+    // parse the dsig:Transforms
+    if (transformsElem != null) {
+      TransformParser transformsParser = new TransformParser();
+      transforms = transformsParser.parseTransforms(transformsElem);
+    }
+
+    // parse the TransformParameter elements
+    while ((paramElem = (Element) paramElems.nextNode()) != null) {
+      transformParameters.add(parseTransformParameter(paramElem));
+    }
+
+    return factory.createVerifyTransformsInfoProfile(
+      transforms,
+      transformParameters);
+  }
+
+  /**
+   * Parse a <code>TransformParameter</code> DOM element.
+   * 
+   * @param paramElem The <code>TransformParameter</code> DOM element to
+   * parse.
+   * @return The <code>TransformParameter</code> API object containing the
+   * information from the <code>TransformParameter</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>TransformParameter</code> DOM element.
+   */
+  private TransformParameter parseTransformParameter(Element paramElem) 
+    throws MOAApplicationException {
+    String uri = paramElem.getAttribute("URI");
+    Element contentElem =
+      (Element) XPathUtils.selectSingleNode(
+        paramElem,
+        TRANSFORM_PARAMETER_CONTENT_XPATH);
+
+    if (contentElem == null) {
+      return factory.createTransformParameter(uri);
+    } else if ("Base64Content".equals(contentElem.getLocalName())) {
+      String base64Str = DOMUtils.getText(contentElem);
+      InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true);
+
+      return factory.createTransformParameter(uri, binaryContent);
+    } else { // "Hash".equals(contentElem.getLocalName())
+      String digestMethodStr =
+        XPathUtils.getElementValue(contentElem, DIGEST_METHOD_XPATH, "");
+      String digestValueStr =
+        XPathUtils.getElementValue(contentElem, DIGEST_VALUE_XPATH, "");
+      byte[] digestValue = null;
+
+      try {
+        digestValue = Base64Utils.decode(digestValueStr, true);
+      } catch (IOException e) {
+        throw new MOAApplicationException("2270", null); 
+      }
+      return factory.createTransformParameter(
+        uri,
+        digestMethodStr,
+        digestValue);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
new file mode 100644
index 0000000..743a17c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.text.ParseException;
+import java.util.Date;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+
+/**
+ * Utility methods for parsing XML requests definied in the MOA XML schema.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RequestParserUtils {
+  //
+  // XPath expressions for parsing parts of a request
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String REFERENCE_ATTR_NAME = "Reference";
+  private static final String MIME_TYPE_XPATH = MOA + "MimeType";
+  private static final String DESCRIPTION_XPATH = MOA + "Description";
+  private static final String TYPE_XPATH = MOA + "Type";
+  private static final String XML_ASSOC_CONTENT_XPATH = MOA + "Content";
+  private static final String CONTENT_XPATH =
+    MOA + "Base64Content | " + MOA + "XMLContent |" + MOA + "LocRefContent";
+  private static final String ANY_OTHER_XPATH =
+    "*[namespace-uri() != \"" + Constants.MOA_NS_URI + "\"]";
+
+  /**
+   * Parse a <code>XMLDataObjectAssociationType</code> kind of DOM element.
+   * 
+   * @param assocElem The <code>XMLDataObjectAssociationType</code> kind of
+   * DOM elmeent to parse. 
+   * @return The <code>XMLDataObjectAssociation</code> API object containing
+   * the data from the <code>XMLDataObjectAssociationType</code> DOM element.
+   */
+  public static XMLDataObjectAssociation parseXMLDataObjectAssociation(Element assocElem) {
+    SPSSFactory factory = SPSSFactory.getInstance();
+    MetaInfo metaInfo = parseMetaInfo(assocElem);
+    Element contentElem =
+      (Element) XPathUtils.selectSingleNode(assocElem, XML_ASSOC_CONTENT_XPATH);
+    Content content = parseContent(contentElem);
+
+    return factory.createXMLDataObjectAssociation(metaInfo, content);
+  }
+
+  /**
+   * Parse a <code>MetaInfoType</code> kind of DOM element.
+   * 
+   * @param metaInfoElem The <code>MetaInfoType</code> kind of DOM element.
+   * @return The <code>MetaInfo</code> API object containing the data from
+   * the <code>metaInfoElem</code>.
+   */
+  public static MetaInfo parseMetaInfo(Element metaInfoElem) {
+    SPSSFactory factory = SPSSFactory.getInstance();
+    String mimeType =
+      XPathUtils.getElementValue(metaInfoElem, MIME_TYPE_XPATH, null);
+    String description =
+      XPathUtils.getElementValue(metaInfoElem, DESCRIPTION_XPATH, null);
+    NodeList anyOther =
+      XPathUtils.selectNodeList(metaInfoElem, ANY_OTHER_XPATH);
+    String type =
+      XPathUtils.getElementValue(metaInfoElem, TYPE_XPATH, null);
+
+    return factory.createMetaInfo(mimeType, description, anyOther, type);
+  }
+
+  /**
+   * Parse a <code>ContentOptionalRefType</code> or 
+   * <code>ContentRequiredRefType</code> kind of DOM element.
+   * @param contentParentElem The DOM element being the parent of the 
+   * content element.
+   * @return The <code>Content</code> API object containing the data from
+   * the given DOM element.
+   */
+  public static Content parseContent(Element contentParentElem) {
+    SPSSFactory factory = SPSSFactory.getInstance();
+    String referenceURI =
+      contentParentElem.hasAttribute(REFERENCE_ATTR_NAME)
+        ? contentParentElem.getAttribute(REFERENCE_ATTR_NAME)
+        : null;
+    Element contentElem =
+      (Element) XPathUtils.selectSingleNode(contentParentElem, CONTENT_XPATH);
+
+    if (contentElem == null) {
+      return factory.createContent(referenceURI);
+    }
+
+    if ("Base64Content".equals(contentElem.getLocalName())) {
+      String base64String = DOMUtils.getText(contentElem);
+      return factory.createContent(
+        Base64Utils.decodeToStream(base64String, true),
+        referenceURI);
+    } else if ("LocRefContent".equals(contentElem.getLocalName())) {
+      String locationReferenceURI = DOMUtils.getText(contentElem);
+      return factory.createContent(
+        locationReferenceURI,
+        referenceURI);
+    } else { // "XMLContent".equals(contentElem.getLocalName())
+      return factory.createContent(
+        contentElem.getChildNodes(),
+        referenceURI);
+    }
+  }
+
+  /**
+   * Get the signing time from a Verfiy(CMS|XML)SignatureRequest.
+   * 
+   * @param requestElem A <code>Verify(CMS|XML)SignatureRequest</code> DOM 
+   * element.
+   * @param dateTimeXPath The XPath to lookup the <code>DateTime</code> element
+   * within the request.
+   * @return Date The date and time corresponding to the <code>DateTime</code>
+   * element in the request. If no <code>DateTime</code> element exists in the
+   * request, <code>null</code> is returned.
+   * @throws MOAApplicationException An error occurred during a parsing the
+   * <code>DateTime</code> element or creating the return value.
+   */
+  public static Date parseDateTime(Element requestElem, String dateTimeXPath)
+    throws MOAApplicationException {
+
+    Element dateTimeElem;
+    String dateTimeText;
+
+    // select the DateTime element
+    dateTimeElem =
+      (Element) XPathUtils.selectSingleNode(requestElem, dateTimeXPath);
+
+    // parse a date from the element value
+    if (dateTimeElem != null) {
+      dateTimeText = DOMUtils.getText(dateTimeElem);
+      try {
+        return DateTimeUtils.parseDateTime(dateTimeText);
+      } catch (ParseException e) {
+        throw new MOAApplicationException(
+          "1104",
+          new Object[] { dateTimeText });
+      }
+    } else {
+      return null;
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
new file mode 100644
index 0000000..b5ec20f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -0,0 +1,289 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+
+/**
+ * Utility methods used by the verious <code>ResponseBuilder</code> classes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ResponseBuilderUtils {
+  //
+  // shortcuts to various XML namespace constants
+  //
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  private static final String DSIG_NS_URI = Constants.DSIG_NS_URI;
+  private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+
+  /**
+   * Create a response element with all the namespaces set.
+   * 
+   * @param responseName The name of the response root element.
+   * @return A DOM document containing the response root element and predefined
+   * MOA, DSIG and XML namespace declarations.
+   * @throws MOASystemException An error building the response document.
+   */
+  public static Document createResponse(String responseName)
+    throws MOASystemException {
+
+    try {
+      DocumentBuilder docBuilder =
+        DocumentBuilderFactory.newInstance().newDocumentBuilder();
+      DOMImplementation impl = docBuilder.getDOMImplementation();
+      Document response;
+      Element root;
+      String attrValue;
+
+      response = impl.createDocument(MOA_NS_URI, responseName, null);
+      root = response.getDocumentElement();
+
+      // add namespace prefix declarations
+      root.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+      attrValue = "xmlns:" + Constants.DSIG_PREFIX;
+      root.setAttributeNS(XMLNS_NS_URI, attrValue, DSIG_NS_URI);
+
+      return response;
+    } catch (ParserConfigurationException e) {
+      throw new MOASystemException("2200", null, e);
+    }
+  }
+
+  /**
+   * Add a <code>SignerInfo</code> element to the response.
+   * 
+   * @param response The response document, in order to create new elements in
+   * it.
+   * @param root The root element into which the <code>SignerInfo</code> element
+   * will be inserted.
+   * @param cert The signer certificate to add.
+   * @param isQualified Indicates, whether <code>cert</code> is a qualified
+   * certificate.
+   * @param isPublicAuthority Indicates, whether <code>cert</code> is
+   * certificate owned by a public authority.
+   * @param publicAuthorityID Information about the public authority owning
+   * <code>cert</code>. Must not be <code>null</code>, if
+   * <code>isPublicAuthority ! = null</code>.
+   * @throws MOAApplicationException An error occurred reading data from the
+   * certificate.
+   */
+  public static void addSignerInfo(
+    Document response,
+    Element root,
+    X509Certificate cert,
+    boolean isQualified,
+    String qcSource,
+    boolean isPublicAuthority,
+    String publicAuthorityID,
+    boolean isSSCD,
+    String sscdSource,
+    String issuerCountryCode)
+    throws MOAApplicationException {
+
+    Element signerInfoElem = response.createElementNS(MOA_NS_URI, "SignerInfo");
+    Element x509DataElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509Data");
+    Element x509IssuerSerialElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509IssuerSerial");
+    Element x509IssuerElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509IssuerName");
+    String issuer = cert.getIssuerDN().getName();
+    Element x509SerialNumberElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509SerialNumber");
+    String serialNumber = cert.getSerialNumber().toString();
+    Element x509SubjectNameElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509SubjectName");
+    Element x509CertificateElem =
+      response.createElementNS(DSIG_NS_URI, DSIG + "X509Certificate");
+    Element qualifiedCertificateElem =
+      isQualified
+        ? response.createElementNS(MOA_NS_URI, "QualifiedCertificate")
+        : null;
+    Element sscdElem =
+            isSSCD
+              ? response.createElementNS(MOA_NS_URI, "SecureSignatureCreationDevice")
+              : null;
+    Element issuerCountryCodeElem = null;
+    if (issuerCountryCode != null) {
+    	issuerCountryCodeElem = response.createElementNS(MOA_NS_URI, "IssuerCountryCode");
+    	issuerCountryCodeElem.setTextContent(issuerCountryCode);    	
+    }
+              
+    Element publicAuthorityElem =
+      isPublicAuthority
+        ? response.createElementNS(MOA_NS_URI, "PublicAuthority")
+        : null;
+    Element codeElem =
+      publicAuthorityID != null
+        ? response.createElementNS(MOA_NS_URI, "Code")
+        : null;
+
+    // fill in text
+    x509IssuerElem.appendChild(response.createTextNode(issuer));
+    x509SerialNumberElem.appendChild(response.createTextNode(serialNumber));
+    try {
+      RFC2253NameParser parser = 
+        new RFC2253NameParser(cert.getSubjectDN().getName());
+      String subjectRfc2253 = parser.parse().getRFC2253String();
+      x509SubjectNameElem.appendChild(response.createTextNode(subjectRfc2253));
+    } catch (RFC2253NameParserException e) {
+      x509SubjectNameElem.appendChild(
+        response.createTextNode(cert.getSubjectDN().getName()));
+    }
+    try {
+      x509CertificateElem.appendChild(
+        response.createTextNode(Base64Utils.encode(cert.getEncoded())));
+    } catch (CertificateEncodingException e) {
+      throw new MOAApplicationException("2245", null, e);
+    } catch (IOException e) {
+      throw new MOAApplicationException("2245", null, e);
+    }
+
+    // build structure
+    x509DataElem.appendChild(x509SubjectNameElem);
+    x509IssuerSerialElem.appendChild(x509IssuerElem);
+    x509IssuerSerialElem.appendChild(x509SerialNumberElem);
+    x509DataElem.appendChild(x509IssuerSerialElem);
+    x509DataElem.appendChild(x509CertificateElem);
+    if (isQualified) {
+    	if (qcSource.compareToIgnoreCase("TSL") == 0)
+    		qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource);
+    	
+    	x509DataElem.appendChild(qualifiedCertificateElem);
+    }
+    if (isPublicAuthority) {
+      x509DataElem.appendChild(publicAuthorityElem);
+      if (publicAuthorityID != null) {
+        codeElem.appendChild(response.createTextNode(publicAuthorityID));
+        publicAuthorityElem.appendChild(codeElem);
+      }
+    }
+    if (isSSCD) {
+   		sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource);
+        x509DataElem.appendChild(sscdElem);
+      }
+    if (issuerCountryCodeElem != null)
+    	x509DataElem.appendChild(issuerCountryCodeElem);
+    
+    signerInfoElem.appendChild(x509DataElem);
+    root.appendChild(signerInfoElem);
+  }
+
+  /**
+   * Add an element containing <code>Code</code> and <code>Info</code>
+   * subelements.
+   * 
+   * @param response The response document, in order to create new elements in
+   * it.
+   * @param root The root element into which to insert the newly created
+   * element.
+   * @param elementName The name of the newly created element.
+   * @param code The content of the <code>Code</code> subelement.
+   * @param info The content of the <code>Info</code> subelement.
+   */
+  public static void addCodeInfoElement(
+    Document response,
+    Element root,
+    String elementName,
+    int code,
+    NodeList info) {
+
+    Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName);
+    Element codeElem = response.createElementNS(MOA_NS_URI, "Code");
+    Element infoElem;
+    int i;
+
+    codeElem.appendChild(response.createTextNode(Integer.toString(code)));
+    codeInfoElem.appendChild(codeElem);
+    if (info != null) {
+      infoElem = response.createElementNS(MOA_NS_URI, "Info");
+
+      for (i = 0; i < info.getLength(); i++) {
+        infoElem.appendChild(info.item(i).cloneNode(true));
+      }
+      codeInfoElem.appendChild(infoElem);
+    }
+    root.appendChild(codeInfoElem);
+  }
+  
+  /**
+   * Add an element containing <code>Code</code> and <code>Info</code>
+   * subelements.
+   * 
+   * @param response The response document, in order to create new elements in
+   * it.
+   * @param root The root element into which to insert the newly created
+   * element.
+   * @param elementName The name of the newly created element.
+   * @param code The content of the <code>Code</code> subelement.
+   * @param info The content of the <code>Info</code> subelement.
+   */
+  public static void addCodeInfoElement(
+    Document response,
+    Element root,
+    String elementName,
+    int code,
+    String info) {
+
+    Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName);
+    Element codeElem = response.createElementNS(MOA_NS_URI, "Code");
+    Element infoElem;
+    int i;
+
+    codeElem.appendChild(response.createTextNode(Integer.toString(code)));
+    codeInfoElem.appendChild(codeElem);
+    
+    if (info != null) {
+      infoElem = response.createElementNS(MOA_NS_URI, "Info");
+      infoElem.appendChild(response.createTextNode(info));
+      codeInfoElem.appendChild(infoElem);
+    }
+    root.appendChild(codeInfoElem);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java
new file mode 100644
index 0000000..687b0ae
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java
@@ -0,0 +1,270 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.Base64Transform;
+import at.gv.egovernment.moa.spss.api.common.CanonicalizationTransform;
+import at.gv.egovernment.moa.spss.api.common.EnvelopedSignatureTransform;
+import at.gv.egovernment.moa.spss.api.common.ExclusiveCanonicalizationTransform;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform;
+import at.gv.egovernment.moa.spss.api.common.XPathTransform;
+import at.gv.egovernment.moa.spss.api.common.XSLTTransform;
+
+/**
+ * A parser to parse XMLDsig <code>Transform</code> DOM elements into their
+ * MOA SPSS API representation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TransformParser {
+  //
+  // XPath expressions for selecting information from the DOM tree
+  //
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  private static final String DSIG_FILTER2 =
+    Constants.DSIG_FILTER2_PREFIX + ":";
+  private static final String XSLT = Constants.XSLT_PREFIX + ":";
+  private static final String EC = Constants.DSIG_EC_PREFIX + ":";
+  private static final String TRANSFORM_XPATH = DSIG + "Transform";
+  private static final String XPATH_XPATH = DSIG + "XPath";
+  private static final String XSLT_ELEMENT_XPATH = XSLT + "stylesheet";
+  private static final String XPATH2_XPATH =
+    (DSIG_FILTER2 + "XPath[@Filter=\"intersect\"] | ")
+      + (DSIG_FILTER2 + "XPath[@Filter=\"subtract\"] | ")
+      + (DSIG_FILTER2 + "XPath[@Filter=\"union\"]");
+  private static final String INCLUSIVE_NAMESPACES_XPATH =
+    EC + "InclusiveNamespaces";
+
+  /**
+   * The <code>SPSSFactory</code> to use for creating new API objects.
+   */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+  /**
+   * Parse an XMLDsig <code>Transforms</code> DOM element.
+   * 
+   * @param transformsElem The <code>Transforms</code> DOM element to parse.
+   * @return A <code>List</code> of <code>Transform</code> API objects 
+   * containing the data from the individual <code>Transform</code> DOM
+   * elements.
+   * @throws MOAApplicationException An error occurred parsing the  
+   * <code>Transforms</code> DOM element.
+   */
+  public List parseTransforms(Element transformsElem)
+    throws MOAApplicationException {
+    List transforms = new ArrayList();
+    NodeIterator transformElems =
+      XPathUtils.selectNodeIterator(transformsElem, TRANSFORM_XPATH);
+    Element transformElem;
+    Transform transform;
+
+    while ((transformElem = (Element) transformElems.nextNode()) != null) {
+      transform = parseTransform(transformElem);
+      transforms.add(transform);
+    }
+
+    return transforms;
+  }
+
+  /**
+   * Parse an XMLDsig <code>Transform</code> DOM element.
+   * 
+   * @param transformElem <code>Transform</code> DOM element to parse.
+   * @return The <code>Transform</code> API object containing the data
+   * from the <code>Transform</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>Transform</code> DOM element.
+   */
+  public Transform parseTransform(Element transformElem)
+    throws MOAApplicationException {
+
+    String algorithmUri = transformElem.getAttribute("Algorithm");
+
+    if (CanonicalizationTransform.CANONICAL_XML.equals(algorithmUri)
+      || CanonicalizationTransform.CANONICAL_XML_WITH_COMMENTS.equals(
+        algorithmUri)) {
+      return factory.createCanonicalizationTransform(algorithmUri);
+    } else if (
+      ExclusiveCanonicalizationTransform.EXCLUSIVE_CANONICAL_XML.equals(
+        algorithmUri)
+        || ExclusiveCanonicalizationTransform
+          .EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS
+          .equals(
+          algorithmUri)) {
+      return parseExclusiveC14nTransform(algorithmUri, transformElem);
+    } else if (Base64Transform.BASE64_DECODING.equals(algorithmUri)) {
+      return factory.createBase64Transform();
+    } else if (
+      EnvelopedSignatureTransform.ENVELOPED_SIGNATURE.equals(algorithmUri)) {
+      return factory.createEnvelopedSignatureTransform();
+    } else if (XPathTransform.XPATH.equals(algorithmUri)) {
+      return parseXPathTransform(transformElem);
+    } else if (XPathFilter2Transform.XPATH_FILTER2.equals(algorithmUri)) {
+      return parseXPathFilter2Transform(transformElem);
+    } else if (XSLTTransform.XSLT.equals(algorithmUri)) {
+      return parseXSLTTransform(transformElem);
+    } else {
+      throw new MOAApplicationException("1108", new Object[] { algorithmUri });
+    }
+  }
+
+  /**
+   * Parse an exclusive canonicalization type of transform.
+   * 
+   * @param algorithmUri The algorithm URI of the canonicalization algorithm.
+   * @param transformElem The <code>Transform</code> DOM element to parse.
+   * @return An <code>ExclusiveCanonicalizationTransform</code> API object
+   * containing the data from the <code>transformElem</code>.
+   */
+  private Transform parseExclusiveC14nTransform(
+    String algorithmUri,
+    Element transformElem)
+    {
+
+    Element inclusiveNamespacesElem =
+      (Element) XPathUtils.selectSingleNode(
+        transformElem,
+        INCLUSIVE_NAMESPACES_XPATH);
+
+    List inclusiveNamespaces = new ArrayList();
+    if (inclusiveNamespacesElem != null)
+    {
+      StringTokenizer tokenizer = new StringTokenizer(inclusiveNamespacesElem.getAttribute("PrefixList"));
+      while (tokenizer.hasMoreTokens()) 
+      {
+        inclusiveNamespaces.add(tokenizer.nextToken());
+      }
+    }
+    return factory.createExclusiveCanonicalizationTransform(
+      algorithmUri,
+      inclusiveNamespaces);
+  }
+
+  /**
+   * Parse an <code>XPath</code> type of <code>Transform</code>.
+   * 
+   * @param transformElem The <code>Transform</code> DOM element to parse.
+   * @return The <code>Transform</code> API object representation of the
+   * <code>Transform</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>Transform</code> DOM element.
+   */
+  private Transform parseXPathTransform(Element transformElem)
+    throws MOAApplicationException {
+    Element xPathElem =
+      (Element) XPathUtils.selectSingleNode(transformElem, XPATH_XPATH);
+    Map nsDecls;
+
+    if (xPathElem == null) {
+      throw new MOAApplicationException("2202", null);
+    }
+
+    nsDecls = DOMUtils.getNamespaceDeclarations(xPathElem);
+    nsDecls.remove("");
+
+    return factory.createXPathTransform(DOMUtils.getText(xPathElem), nsDecls);
+  }
+
+  /**
+   * Parse an <code>XPathFilter2</code> type of <code>Transform</code>.
+   * 
+   * @param transformElem The <code>Transform</code> DOM element to parse.
+   * @return The <code>Transform</code> API object representation of the
+   * <code>Transform</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>Transform</code> DOM element.
+   */
+  private Transform parseXPathFilter2Transform(Element transformElem)
+    throws MOAApplicationException {
+    List filters = new ArrayList();
+    NodeIterator iter =
+      XPathUtils.selectNodeIterator(transformElem, XPATH2_XPATH);
+    Element filterElem;
+
+    while ((filterElem = (Element) iter.nextNode()) != null) {
+      String filterAttr = filterElem.getAttribute("Filter");
+      String filterType;
+      String expression;
+      Map nsDecls;
+
+      if (filterAttr.equals("intersect")) {
+        filterType = XPathFilter.INTERSECT_TYPE;
+      } else if (filterAttr.equals("subtract")) {
+        filterType = XPathFilter.SUBTRACT_TYPE;
+      } else {
+        filterType = XPathFilter.UNION_TYPE;
+      }
+
+      expression = DOMUtils.getText(filterElem);
+      nsDecls = DOMUtils.getNamespaceDeclarations(filterElem);
+      nsDecls.remove("");
+      filters.add(factory.createXPathFilter(filterType, expression, nsDecls));
+    }
+    if (filters.size() == 0) {
+      throw new MOAApplicationException("2216", null);
+    }
+
+    return factory.createXPathFilter2Transform(filters);
+  }
+
+  /**
+   * Parse an <code>XSLT</code> type of <code>Transform</code>.
+   * 
+   * @param transformElem The <code>Transform</code> DOM element to parse.
+   * @return The <code>Transform</code> API object representation of the
+   * <code>Transform</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>Transform</code> DOM element.
+   */
+  private Transform parseXSLTTransform(Element transformElem)
+    throws MOAApplicationException {
+    Element xsltElem =
+      (Element) XPathUtils.selectSingleNode(transformElem, XSLT_ELEMENT_XPATH);
+
+    if (xsltElem == null) {
+      throw new MOAApplicationException("2215", null);
+    }
+
+    return factory.createXSLTTransform(xsltElem);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
new file mode 100644
index 0000000..6b3f430
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.StringTokenizer;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.CollectionUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * A parser to parse <code>VerifyCMSSignatureRequest</code> DOM trees into
+ * <code>VerifyCMSSignatureRequest</code> API objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyCMSSignatureRequestParser {
+
+  //
+  // XPath expressions for selecting parts of the DOM message
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String DATE_TIME_XPATH = MOA + "DateTime";
+  private static final String CMS_SIGNATURE_XPATH = MOA + "CMSSignature";
+  private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID";
+  private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
+  private static final String META_INFO_XPATH = MOA + "MetaInfo";
+  private static final String CONTENT_XPATH = MOA + "Content";
+  private static final String BASE64_CONTENT_XPATH = MOA + "Base64Content";
+  private static final String EXCLUDEBYTERANGE_FROM_XPATH = MOA + "ExcludedByteRange/" + MOA + "From";
+  private static final String EXCLUDEBYTERANGE_TO_XPATH = MOA + "ExcludedByteRange/" + MOA + "To";
+
+
+  /** The <code>SPSSFactory</code> for creating new API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+  /**
+   * Parse a <code>VerifyCMSSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>VerifyCMSSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>VerifyCMSSignatureRequest</code> API objects containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public VerifyCMSSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    int[] signatories = parseSignatories(requestElem);
+    Date dateTime =
+      RequestParserUtils.parseDateTime(requestElem, DATE_TIME_XPATH);
+    String cmsSignatureStr =
+      XPathUtils.getElementValue(requestElem, CMS_SIGNATURE_XPATH, "");
+    CMSDataObject dataObject = parseDataObject(requestElem);
+    String trustProfileID =
+      XPathUtils.getElementValue(requestElem, TRUST_PROFILE_ID_XPATH, null);
+    InputStream cmsSignature =
+      Base64Utils.decodeToStream(cmsSignatureStr, true);
+
+    return factory.createVerifyCMSSignatureRequest(
+      signatories,
+      dateTime,
+      cmsSignature,
+      dataObject,
+      trustProfileID);
+  }
+
+  /**
+   * Parse the <code>Signatories</code> attribute contained in the 
+   * <code>VerifyCMSSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyCMSSignatureRequest</code> DOM element.
+   * @return The signatories contained in the given 
+   * <code>VerifyCMSSignatureRequest</code> DOM element. 
+   */
+  private int[] parseSignatories(Element requestElem) {
+    String signatoriesStr = requestElem.getAttribute("Signatories");
+
+    if ("all".equals(signatoriesStr)) {
+      return VerifyCMSSignatureRequest.ALL_SIGNATORIES;
+    } else {
+      StringTokenizer tokenizer = new StringTokenizer(signatoriesStr);
+      List signatoriesList = new ArrayList();
+      int[] signatories;
+
+      // put the signatories into a List
+      while (tokenizer.hasMoreTokens()) {
+        try {
+          signatoriesList.add(new Integer(tokenizer.nextToken()));
+        } catch (NumberFormatException e) {
+          // this cannot occur if the request has been validated
+        }
+      }
+
+      // convert the List into an int array
+      signatories = CollectionUtils.toIntArray(signatoriesList);
+
+      return signatories;
+    }
+  }
+
+  /**
+   * Parse a the <code>DataObject</code> DOM element contained in a given 
+   * <code>VerifyCMSSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyCMSSignatureRequest</code> DOM element
+   * to parse.
+   * @return The <code>CMSDataObject</code> API object containing the data
+   * from the <code>DataObject</code> DOM element.
+   */
+  private CMSDataObject parseDataObject(Element requestElem) {
+    Element dataObjectElem =
+      (Element) XPathUtils.selectSingleNode(requestElem, DATA_OBJECT_XPATH);
+
+    if (dataObjectElem != null) {
+      Element metaInfoElem =
+        (Element) XPathUtils.selectSingleNode(dataObjectElem, META_INFO_XPATH);
+      MetaInfo metaInfo = null;
+      Element contentElem =
+        (Element) XPathUtils.selectSingleNode(dataObjectElem, CONTENT_XPATH);
+      CMSContent content = parseContent(contentElem);
+
+      if (metaInfoElem != null) {
+        metaInfo = RequestParserUtils.parseMetaInfo(metaInfoElem);
+      }
+
+      String excludeByteRangeFromStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_FROM_XPATH, null);
+      String excludeByteRangeToStr = XPathUtils.getElementValue(dataObjectElem, EXCLUDEBYTERANGE_TO_XPATH, null);
+      
+      BigDecimal excludeByteRangeFrom = null;
+      BigDecimal excludeByteRangeTo = null;
+      
+      if (excludeByteRangeFromStr != null)
+    	  excludeByteRangeFrom = new BigDecimal(excludeByteRangeFromStr);
+      if (excludeByteRangeToStr != null)
+    	  excludeByteRangeTo = new BigDecimal(excludeByteRangeToStr);
+
+      return factory.createCMSDataObject(metaInfo, content, excludeByteRangeFrom, excludeByteRangeTo);
+      
+      
+    } else {
+      return null;
+    }
+
+  }
+
+  /**
+   * Parse the content contained in a <code>CMSContentBaseType</code> kind of
+   * DOM element.
+   * 
+   * @param contentElem The <code>CMSContentBaseType</code> kind of element to
+   * parse.
+   * @return A <code>CMSDataObject</code> API object containing the data
+   * from the given DOM element.
+   */
+  private CMSContent parseContent(Element contentElem) {
+    Element base64ContentElem =
+      (Element) XPathUtils.selectSingleNode(contentElem, BASE64_CONTENT_XPATH);
+
+    if (base64ContentElem != null) {
+      String base64Str = DOMUtils.getText(base64ContentElem);
+      InputStream binaryContent = Base64Utils.decodeToStream(base64Str, true);
+      return factory.createCMSContent(binaryContent);
+    } else {
+      return factory.createCMSContent(
+        contentElem.getAttribute("Reference"));
+    }
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
new file mode 100644
index 0000000..b11560b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.Iterator;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Convert a <code>VerifyCMSSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyCMSSignatureResponseBuilder {
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>VerifyCMSSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>VerifyCMSSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public VerifyCMSSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("VerifyCMSSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>VerifyCMSSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>VerifyCMSSignatureResponse</code> API object.
+   * 
+   * @param response The <code>VerifyCMSSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>VerifyCMSSignatureResponse</code>
+   * DOM element.
+   * @throws MOAApplicationException An error occurred building the response.
+   */
+  public Document build(VerifyCMSSignatureResponse response)
+    throws MOAApplicationException {
+
+    Iterator iter;
+
+    for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
+      VerifyCMSSignatureResponseElement responseElement =
+        (VerifyCMSSignatureResponseElement) iter.next();
+      addResponseElement(responseElement);
+    }
+
+    return responseDoc;
+  }
+
+  /**
+   * Add an element to the response.
+   * 
+   * @param responseElement The element to add to the response.
+   * @throws MOAApplicationException An error occurred adding the element.
+   */
+  private void addResponseElement(VerifyCMSSignatureResponseElement responseElement)
+    throws MOAApplicationException {
+
+    SignerInfo signerInfo = responseElement.getSignerInfo();
+    CheckResult signatureCheck = responseElement.getSignatureCheck();
+    CheckResult certCheck = responseElement.getCertificateCheck();
+    
+    ResponseBuilderUtils.addSignerInfo(
+      responseDoc,
+      responseElem,
+      signerInfo.getSignerCertificate(),
+      signerInfo.isQualifiedCertificate(),
+      signerInfo.getQCSource(),
+      signerInfo.isPublicAuthority(),
+      signerInfo.getPublicAuhtorityID(),
+      signerInfo.isSSCD(),
+      signerInfo.getSSCDSource(),
+      signerInfo.getIssuerCountryCode());
+
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      "SignatureCheck",
+      signatureCheck.getCode(),
+      signatureCheck.getInfo());
+
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      "CertificateCheck",
+      certCheck.getCode(),
+      certCheck.getInfo());
+    
+    
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java
new file mode 100644
index 0000000..7bd0b9e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParser.java
@@ -0,0 +1,299 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+
+/**
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestParser {
+
+  //
+  // XPath expressions for parsing parts of the request
+  //
+  private static final String MOA = Constants.MOA_PREFIX + ":";
+  private static final String DATE_TIME_XPATH = MOA + "DateTime";
+  private static final String RETURN_HASH_INPUT_DATA_XPATH =
+    MOA + "ReturnHashInputData";
+  private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID";
+  private static final String VERIFY_SIGNATURE_ENVIRONMENT_XPATH =
+    MOA + "VerifySignatureInfo/" + MOA + "VerifySignatureEnvironment";
+  private static final String VERIFY_SIGNATURE_LOCATION_XPATH =
+    MOA + "VerifySignatureInfo/" + MOA + "VerifySignatureLocation";
+  private static final String SUPPLEMENT_PROFILE_XPATH =
+    MOA + "SupplementProfile | " + MOA + "SupplementProfileID";
+  private static final String SIGNATURE_MANIFEST_CHECK_PARAMS_XPATH =
+    MOA + "SignatureManifestCheckParams";
+  private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH =
+    (MOA + "VerifyTransformsInfoProfile | ")
+      + (MOA + "VerifyTransformsInfoProfileID");
+  private static final String REFERENCE_INFO_XPATH = MOA + "ReferenceInfo";
+
+  /** The <code>SPSSFactory</code> for creating new API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+
+  /**
+   * Parse a <code>VerifyXMLSignatureRequest</code> DOM element, as defined
+   * by the MOA schema.
+   * 
+   * @param requestElem The <code>VerifyXMLSignatureRequest</code> to parse. The
+   * request must have been successfully parsed against the schema for this
+   * method to succeed.
+   * @return A <code>VerifyXMLSignatureRequest</code> API object containing
+   * the data from the DOM element.
+   * @throws MOAApplicationException An error occurred parsing the request.
+   */
+  public VerifyXMLSignatureRequest parse(Element requestElem)
+    throws MOAApplicationException {
+
+    Date dateTime =
+      RequestParserUtils.parseDateTime(requestElem, DATE_TIME_XPATH);
+    VerifySignatureInfo verifySignatureInfo =
+      parseVerifySignatureInfo(requestElem);
+    List supplementProfiles = parseSupplementProfiles(requestElem);
+    SignatureManifestCheckParams signatureManifestCheckParams =
+      parseSignatureManifestCheckParams(requestElem);
+    boolean returnHashInputData =
+      XPathUtils.selectSingleNode(requestElem, RETURN_HASH_INPUT_DATA_XPATH)
+        != null;
+    String trustProfileID =
+      XPathUtils.getElementValue(requestElem, TRUST_PROFILE_ID_XPATH, null);
+
+    return factory.createVerifyXMLSignatureRequest(
+      dateTime,
+      verifySignatureInfo,
+      supplementProfiles,
+      signatureManifestCheckParams,
+      returnHashInputData,
+      trustProfileID);
+  }
+
+  /**
+   * Parse the <code>VerifySignatureInfo</code> DOM element contained in
+   * the <code>VerifyXMLSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyXMLSignatureRequest</code> DOM element
+   * containing the <code>VerifySignatureInfo</code> DOM element.
+   * @return The <code>VerifySignatureInfo</code> API object containing the
+   * data from the DOM element.
+   */
+  private VerifySignatureInfo parseVerifySignatureInfo(Element requestElem) {
+    Element verifySignatureEnvironmentElem =
+      (Element) XPathUtils.selectSingleNode(
+        requestElem,
+        VERIFY_SIGNATURE_ENVIRONMENT_XPATH);
+    Content verifySignatureEnvironment =
+      RequestParserUtils.parseContent(verifySignatureEnvironmentElem);
+    VerifySignatureLocation verifySignatureLocation =
+      parseVerifySignatureLocation(requestElem);
+
+    return factory.createVerifySignatureInfo(
+      verifySignatureEnvironment,
+      verifySignatureLocation);
+  }
+
+  /**
+   * Parse the <code>VerifySignatureLocation</code> DOM element contained
+   * in the given <code>VerifyXMLSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyXMLSignatureRequst</code> DOM element.
+   * @return The <code>VerifySignatureLocation</code> API object containing the
+   * data from the DOM element.
+   */
+  private VerifySignatureLocation parseVerifySignatureLocation(Element requestElem) {
+    Element locationElem =
+      (Element) XPathUtils.selectSingleNode(
+        requestElem,
+        VERIFY_SIGNATURE_LOCATION_XPATH);
+    String xPathExpression = DOMUtils.getText(locationElem);
+    Map namespaceDeclarations = DOMUtils.getNamespaceDeclarations(locationElem);
+
+    return factory.createVerifySignatureLocation(
+      xPathExpression,
+      namespaceDeclarations);
+  }
+
+  /**
+   * Parse the supplement profiles contained in the given 
+   * <code>VerifyXMLSignatureRequest</code> DOM element.
+   * 
+   * @param requestElem The <code>VerifyXMLSignatureRequest</code> DOM element.
+   * @return A <code>List</code> of <code>SupplementProfile</code> API objects
+   * containing the data from the <code>SupplementProfile</code> DOM elements.
+   */
+  private List parseSupplementProfiles(Element requestElem) {
+    List supplementProfiles = new ArrayList();
+    NodeIterator profileElems =
+      XPathUtils.selectNodeIterator(requestElem, SUPPLEMENT_PROFILE_XPATH);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileElems.nextNode()) != null) {
+      SupplementProfile profile;
+
+      if ("SupplementProfile".equals(profileElem.getLocalName())) {
+        ProfileParser profileParser = new ProfileParser();
+        profile = profileParser.parseSupplementProfile(profileElem);
+      } else {
+        String profileID = DOMUtils.getText(profileElem);
+        profile = factory.createSupplementProfile(profileID);
+      }
+      supplementProfiles.add(profile);
+    }
+    return supplementProfiles;
+  }
+
+  /**
+   * Parse the <code>SignatureManifestCheckParams</code> DOM element contained
+   * in the given <code>VerifyXMLSignatureRequest</code> DOM element.
+   * @param requestElem The <code>VerifyXMLSignatureRequest</code> DOM element.
+   * @return The <code>SignatureManifestCheckParams</code> API object containing
+   * the data from the <code>SignatureManifestCheckParams</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>SignatureManifestCheckParams</code> DOM element.
+   */
+  private SignatureManifestCheckParams parseSignatureManifestCheckParams(Element requestElem)
+    throws MOAApplicationException {
+    Element paramsElem =
+      (Element) XPathUtils.selectSingleNode(
+        requestElem,
+        SIGNATURE_MANIFEST_CHECK_PARAMS_XPATH);
+
+    if (paramsElem != null) {
+      String returnReferenceInputDataStr =
+        paramsElem.getAttribute("ReturnReferenceInputData");
+      boolean returnReferencInputData =
+        BoolUtils.valueOf(returnReferenceInputDataStr);
+      List referenceInfos = parseReferenceInfos(paramsElem);
+
+      return factory.createSignatureManifestCheckParams(
+        referenceInfos,
+        returnReferencInputData);
+    } else {
+      return null;
+    }
+  }
+
+  /**
+   * Parse the <code>ReferenceInfo</code> DOM elements contained in a
+   * <code>SignatureManifestCheckParams</code> DOM element.
+   * 
+   * @param paramsElem The <code>SignatureManifestCheckParams</code> DOM element
+   * containing the <code>ReferenceInfo</code> DOM elements.
+   * @return A <code>List</code> of <code>RefernceInfo</code> API objects
+   * containing the data from the <code>ReferenceInfo</code> DOM elements.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>ReferenceInfo</code> DOM elements.
+   */
+  private List parseReferenceInfos(Element paramsElem)
+    throws MOAApplicationException {
+
+    List referenceInfos = new ArrayList();
+    NodeIterator refInfoElems =
+      XPathUtils.selectNodeIterator(paramsElem, REFERENCE_INFO_XPATH);
+    Element refInfoElem;
+
+    while ((refInfoElem = (Element) refInfoElems.nextNode()) != null) {
+      ReferenceInfo referenceInfo = parseReferenceInfo(refInfoElem);
+
+      referenceInfos.add(referenceInfo);
+    }
+
+    return referenceInfos;
+  }
+
+  /**
+   * Parse a <code>ReferenceInfo</code> DOM element.
+   *  
+   * @param refInfoElem The <code>ReferenceInfo</code> DOM element to parse.
+   * @return The <code>ReferenceInfo</code> API object containing the data
+   * from the given <code>ReferenceInfo</code> DOM element.
+   * @throws MOAApplicationException An error occurred parsing the
+   * <code>ReferenceInfo</code> DOM element.
+   */
+  private ReferenceInfo parseReferenceInfo(Element refInfoElem)
+    throws MOAApplicationException {
+    List profiles = parseVerifyTransformsInfoProfiles(refInfoElem);
+    return factory.createReferenceInfo(profiles);
+  }
+
+  /**
+   * Parse the <code>VerifyTransformsInfoProfile</code> DOM elements contained
+   * in a <code>ReferenceInfo</code> DOM element.
+   * 
+   * @param refInfoElem <code>ReferenceInfo</code> DOM element containing
+   * the <code>VerifyTransformsInfoProfile</code> DOM elements.
+   * @return A <code>List</code> of <code>VerifyTransformsInfoProfile</code>
+   * API objects containing the profile data.
+   * @throws MOAApplicationException An error occurred building the
+   * <code>VerifyTransformsInfoProfile</code>s.
+   */
+  private List parseVerifyTransformsInfoProfiles(Element refInfoElem)
+    throws MOAApplicationException {
+
+    List profiles = new ArrayList();
+    NodeIterator profileElems =
+      XPathUtils.selectNodeIterator(
+        refInfoElem,
+        VERIFY_TRANSFORMS_INFO_PROFILE_XPATH);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileElems.nextNode()) != null) {
+      if ("VerifyTransformsInfoProfile".equals(profileElem.getLocalName())) {
+        ProfileParser profileParser = new ProfileParser();
+        profiles.add(
+          profileParser.parseVerifyTransformsInfoProfile(profileElem));
+      } else {
+        String profileID = DOMUtils.getText(profileElem);
+        profiles.add(factory.createVerifyTransformsInfoProfile(profileID));
+      }
+    }
+    return profiles;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
new file mode 100644
index 0000000..dd4e13a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -0,0 +1,340 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlbind;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * Convert a <code>VerifyXMLSignatureResponse</code> API object into its
+ * XML representation, according to the MOA XML schema.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyXMLSignatureResponseBuilder {
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+
+  /** The XML document containing the response element. */
+  private Document responseDoc;
+  /** The response <code>VerifyXMLSignatureResponse</code> DOM element. */
+  private Element responseElem;
+
+  /**
+   * Create a new <code>VerifyXMLSignatureResponseBuilder</code>:
+   * 
+   * @throws MOASystemException An error occurred setting up the resulting
+   * XML document.
+   */
+  public VerifyXMLSignatureResponseBuilder() throws MOASystemException {
+    responseDoc =
+      ResponseBuilderUtils.createResponse("VerifyXMLSignatureResponse");
+    responseElem = responseDoc.getDocumentElement();
+  }
+
+  /**
+   * Build a document containing a <code>VerifyXMLSignatureResponse</code>
+   * DOM element being the XML representation of the given 
+   * <code>VerifyXMLSignatureResponse</code> API object.
+   * 
+   * @param response The <code>VerifyXMLSignatureResponse</code> to convert
+   * to XML.
+   * @return A document containing the <code>VerifyXMLSignatureResponse</code>
+   * DOM element.
+   * @throws MOAApplicationException An error occurred building the response.
+   */
+  public Document build(VerifyXMLSignatureResponse response)
+    throws MOAApplicationException {
+
+    Iterator iter;
+    List responseData;
+
+    // add the SignerInfo
+    ResponseBuilderUtils.addSignerInfo(
+      responseDoc,
+      responseElem,
+      response.getSignerInfo().getSignerCertificate(),
+      response.getSignerInfo().isQualifiedCertificate(),
+      response.getSignerInfo().getQCSource(),
+      response.getSignerInfo().isPublicAuthority(),
+      response.getSignerInfo().getPublicAuhtorityID(),
+      response.getSignerInfo().isSSCD(),
+      response.getSignerInfo().getSSCDSource(),
+      response.getSignerInfo().getIssuerCountryCode());
+
+    // add HashInputData elements
+    responseData = response.getHashInputDatas();
+    if (responseData != null && !responseData.isEmpty()) {
+      for (iter = responseData.iterator(); iter.hasNext();) {
+        InputData inputData = (InputData) iter.next();
+        addContent("HashInputData", inputData);
+      }
+    }
+
+    // add ReferenceInputData elements
+    responseData = response.getReferenceInputDatas();
+    if (responseData != null && !responseData.isEmpty()) {
+      for (iter = responseData.iterator(); iter.hasNext();) {
+        InputData inputData = (InputData) iter.next();
+        addContent("ReferenceInputData", inputData);
+      }
+    }
+
+    // add the SignatureCheck
+    addReferencesCheckResult("SignatureCheck", response.getSignatureCheck());
+
+    // add the SignatureManifestCheck
+    if (response.getSignatureManifestCheck() != null) {
+      addReferencesCheckResult(
+        "SignatureManifestCheck",
+        response.getSignatureManifestCheck());
+    }
+
+    // add the XMLDsigManifestChecks
+    responseData = response.getXMLDsigManifestChecks();
+    if (responseData != null && !responseData.isEmpty()) {
+      for (iter = responseData.iterator(); iter.hasNext();) {
+        ManifestRefsCheckResult checkResult =
+          (ManifestRefsCheckResult) iter.next();
+        addManifestRefsCheckResult("XMLDSIGManifestCheck", checkResult);
+      }
+    }
+
+    // add the CertificateCheck
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      "CertificateCheck",
+      response.getCertificateCheck().getCode(),
+      response.getCertificateCheck().getInfo());
+    
+    
+
+    return responseDoc;
+  }
+
+  /**
+   * Add an element of type <code>ContentBaseType</code> to the response.
+   * 
+   * @param elementName The name of the element.
+   * 
+   * @param inputData The <code>InputData</code> to add. Based on the type of
+   * 
+   * the <code>InputData</code>, either a <code>Base64Content</code> element
+   * or a <code>XMLContent</code> subelement will be added. An <code>
+   * InputDataBinaryImpl</code> will be added as a <code>Base64Content</code>
+   * child element. An<code>InputDataXMLImpl</code> will be added as <code>
+   * XMLContent</code> child element.
+   * 
+   * @throws MOAApplicationException An error occurred adding the content.
+   */
+  private void addContent(String elementName, InputData inputData)
+    throws MOAApplicationException {
+
+    Element contentElem = responseDoc.createElementNS(MOA_NS_URI, elementName);
+
+    contentElem.setAttributeNS(null, "PartOf", inputData.getPartOf());
+    if (inputData.getReferringReferenceNumber() != InputData.REFERER_NONE_)
+      contentElem.setAttributeNS(
+        null, 
+        "ReferringSigReference", 
+        Integer.toString(inputData.getReferringReferenceNumber()));
+    
+    switch (inputData.getContentType()) {
+      case Content.XML_CONTENT :
+        ContentXML contentXml = (ContentXML) inputData;
+        NodeList nodes = contentXml.getXMLContent();
+        Element xmlElem;
+        int i;
+
+        xmlElem = responseDoc.createElementNS(MOA_NS_URI, "XMLContent");
+        //xmlElem.setAttributeNS(XML_NS_URI, "xml:space", "preserve");
+        xmlElem.setAttribute("xml:space", "preserve");
+
+        for (i = 0; i < nodes.getLength(); i++) {
+          xmlElem.appendChild(responseDoc.importNode(nodes.item(i), true));
+        }
+        contentElem.appendChild(xmlElem);
+        responseElem.appendChild(contentElem);
+        break;
+      case Content.BINARY_CONTENT :
+        Element binaryElem =
+          responseDoc.createElementNS(MOA_NS_URI, "Base64Content");
+        ContentBinary contentBinary = (ContentBinary) inputData;
+        String base64Str;
+
+        try {
+          base64Str = Base64Utils.encode(contentBinary.getBinaryContent());
+        } catch (IOException e) {
+          throw new MOAApplicationException("2200", null, e);
+        }
+        binaryElem.appendChild(responseDoc.createTextNode(base64Str));
+        contentElem.appendChild(binaryElem);
+        responseElem.appendChild(contentElem);
+        break;
+    }
+  }
+
+  /**
+   * Add a <code>ReferencesCheckResult</code> to the response.
+   * 
+   * @param elementName The DOM element name to use.
+   * @param checkResult The <code>ReferencesCheckResult</code> to add.
+   */
+  private void addReferencesCheckResult(
+    String elementName,
+    ReferencesCheckResult checkResult) {
+
+    NodeList info = null;
+
+    if (checkResult.getInfo() != null) {
+      DocumentFragment fragment = responseDoc.createDocumentFragment();
+      NodeList anyOtherInfo = checkResult.getInfo().getAnyOtherInfo();
+      int[] failedReferences = checkResult.getInfo().getFailedReferences();
+
+      if (anyOtherInfo != null) {
+        addAnyOtherInfo(fragment, checkResult.getInfo().getAnyOtherInfo());
+      }
+
+      if (failedReferences != null) {
+        addFailedReferences(fragment, failedReferences);
+      }
+
+      info = fragment.getChildNodes();
+    }
+
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      elementName,
+      checkResult.getCode(),
+      info);
+  }
+
+  
+  /**
+   * Add a <code>ManifestRefsCheckResult</code> to the response.
+   * 
+   * @param elementName The DOM element name to use.
+   * @param checkResult The <code>ManifestRefsCheckResult</code> to add.
+   */
+  private void addManifestRefsCheckResult(
+    String elementName,
+    ManifestRefsCheckResult checkResult) {
+
+    DocumentFragment fragment = responseDoc.createDocumentFragment();
+    NodeList anyOtherInfo = checkResult.getInfo().getAnyOtherInfo();
+    int[] failedReferences = checkResult.getInfo().getFailedReferences();
+    Element referringSigRefElem;
+    String referringSigRefStr;
+
+    // add any other elements
+    if (anyOtherInfo != null) {
+      addAnyOtherInfo(fragment, checkResult.getInfo().getAnyOtherInfo());
+    }
+
+    // add the failed references
+    if (failedReferences != null) {
+      addFailedReferences(fragment, failedReferences);
+    }
+
+    // add the ReferringSigReference
+    referringSigRefElem =
+      responseDoc.createElementNS(MOA_NS_URI, "ReferringSigReference");
+    referringSigRefStr =
+      Integer.toString(checkResult.getInfo().getReferringSignatureReference());
+    referringSigRefElem.appendChild(
+      responseDoc.createTextNode(referringSigRefStr));
+    fragment.appendChild(referringSigRefElem);
+
+    // add XMLDSIGManifestCheckResult to the response
+    ResponseBuilderUtils.addCodeInfoElement(
+      responseDoc,
+      responseElem,
+      elementName,
+      checkResult.getCode(),
+      fragment.getChildNodes());
+  }
+
+  /**
+   * Add arbitrary XML content to a DOM <code>DocumentFragment</code>.
+   * 
+   * @param fragment The fragment to add the XML content to.
+   * @param anyOtherInfo The XML content to add.
+   */
+  private void addAnyOtherInfo(
+    DocumentFragment fragment,
+    NodeList anyOtherInfo) {
+
+    int i;
+
+    for (i = 0; i < anyOtherInfo.getLength(); i++) {
+      fragment.appendChild(responseDoc.importNode(anyOtherInfo.item(i), true));
+    }
+  }
+
+  /**
+   * Add the failed references as <code>FailedReference</code> DOM elements to
+   * the fragment.
+   * 
+   * @param fragment The DOM document fragment to add the
+   * <code>FailedReference</code> elements to.
+   * @param failedReferences The indexes of the failed references.
+   */
+  private void addFailedReferences(
+    DocumentFragment fragment,
+    int[] failedReferences) {
+    Element failedReferenceElem;
+    int i;
+
+    for (i = 0; i < failedReferences.length; i++) {
+      failedReferenceElem =
+        responseDoc.createElementNS(MOA_NS_URI, "FailedReference");
+      failedReferenceElem.appendChild(
+        responseDoc.createTextNode(Integer.toString(failedReferences[i])));
+      fragment.appendChild(failedReferenceElem);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfile.java
new file mode 100644
index 0000000..4b40b9c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfile.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * Base class for signature environment profile data used in XML signature 
+ * creation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CreateSignatureEnvironmentProfile {
+  /**
+   * Indicates that the profile data is given explicitly.
+   */
+  public static int EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE = 0;
+  /**
+   * Indicates that the profile data is stored in the configuration and resolved 
+   * using an ID.
+   */
+  public static int ID_CREATESIGNATUREENVIRONMENTPROFILE = 1;
+  
+  /**
+   * Gets the type of this object.
+   * 
+   * @return The type of <code>CreateSignatureEnvironmentProfile</code> denoted
+   * by this object. Either 
+   * <code>EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE</code> or
+   * <code>ID_CREATESIGNATUREENVIRONMENTPROFILE</code>.
+   */
+  public int getCreateSignatureEnvironmentProfileType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileExplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileExplicit.java
new file mode 100644
index 0000000..0bce94c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileExplicit.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+/**
+ * A <code>CreateSignatureEnvironmentProfile</code> containing the profile
+ * data explicitly.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CreateSignatureEnvironmentProfileExplicit
+  extends CreateSignatureEnvironmentProfile {
+  
+  /**
+   * Gets the location and index of where to insert the signature into the
+   * signature environment.
+   * 
+   * @return The location and index of the signature in the signature 
+   * environment.
+   */
+  public CreateSignatureLocation getCreateSignatureLocation();
+  /**
+   * Gets the supplemental information.
+   * 
+   * @return The supplemental information.
+   */
+  public List getSupplements();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileID.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileID.java
new file mode 100644
index 0000000..73e4f52
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureEnvironmentProfileID.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * A <code>CreateSignatureEnvironmentProfile</code> containing a profile ID
+ * pointing to locally stored profile data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CreateSignatureEnvironmentProfileID
+  extends CreateSignatureEnvironmentProfile {
+
+  /**
+   * Gets the profile ID.
+   * 
+   * @return The profile ID.
+   */
+  public String getCreateSignatureEnvironmentProfileID();
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureInfo.java
new file mode 100644
index 0000000..9363408
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureInfo.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+
+/**
+ * Encapsulates a signature object used during signature creation.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateSignatureInfo {
+  /**
+   * Gets the XML structure where the signature will be inserted.
+   *
+   * @return The XML structure where the signature will be inserted.
+   */
+  public Content getCreateSignatureEnvironment();
+  /**
+   * Gets the supplemental data for the signature environment.
+   *
+   * @return The supplemental data for the signature envoronment.
+   */
+  public CreateSignatureEnvironmentProfile getCreateSignatureEnvironmentProfile();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureLocation.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureLocation.java
new file mode 100644
index 0000000..9a0b798
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateSignatureLocation.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import at.gv.egovernment.moa.spss.api.common.ElementSelector;
+
+/**
+ * Specifies where to insert the newly created signature.
+ * 
+ * An XPath expression is used to select the signature parent element. An
+ * additional index specifies the node index after which to insert the 
+ * signature into the parent element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface CreateSignatureLocation extends ElementSelector {
+  /**
+   * Gets the node index, after which the signature will be inserted into the
+   * parent elemen.
+   * 
+   * @return The index of the node after which the signature will be inserted.
+   */
+  public int getIndex();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfo.java
new file mode 100644
index 0000000..fbb0000
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfo.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+
+/**
+ * Encapsulates information used for the transformation of the data object.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateTransformsInfo {
+  /**
+   * Gets the XMLDSig transforms.
+   * 
+   * @return A <code>List</code> of <code>Transform</code> objects.
+   */
+  public List getTransforms();
+  /**
+   * Gets meta information about the data resulting from the transformation.
+   * 
+   * @return Meta information about the resulting data.
+   */
+  public MetaInfo getFinalDataMetaInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfile.java
new file mode 100644
index 0000000..5babdae
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfile.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * Base class for transformation informations used in signature creation.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateTransformsInfoProfile {
+  /**
+   * Indicates transformation information given explicitly.
+   */
+  public static final int EXPLICIT_CREATETRANSFORMSINFOPROFILE = 0;
+  /**
+   * Indicates transformation information given as an ID.
+   */
+  public static final int ID_CREATETRANSFORMSINFOPROFILE = 1;
+  
+  /**
+   * Gets the type of profile information this object contains.
+   * 
+   * @return The type of transformation information, either
+   * <code>EXPLICIT_CREATETRANSFORMSINFOPROFILE</code> or 
+   * <code>ID_CREATETRANSFORMSINFOPROFILE</code>.
+   */
+  public int getCreateTransformsInfoProfileType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileExplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileExplicit.java
new file mode 100644
index 0000000..9aae8cb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileExplicit.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+/**
+ * Encapsulates explicit transformation informations.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateTransformsInfoProfileExplicit
+  extends CreateTransformsInfoProfile {
+  /**
+   * Gets the transformation information of the data object.
+   * 
+   * @return Transformation information of the data object.
+   */
+  public CreateTransformsInfo getCreateTransformsInfo();
+  /**
+   * Gets the supplemental information.
+   * 
+   * @return The supplemental information.
+   */
+  public List getSupplements();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileID.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileID.java
new file mode 100644
index 0000000..69c3629
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateTransformsInfoProfileID.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * Encapsulates transformation information given via an identifier.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateTransformsInfoProfileID
+  extends CreateTransformsInfoProfile {
+  /**
+   * Gets the ID of the transformation.
+   * 
+   * @return The transformation profile ID.
+   */
+  public String getCreateTransformsInfoProfileID();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureRequest.java
new file mode 100644
index 0000000..351b16e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureRequest.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+
+/**
+ * Object that encapsulates a request to create an XML Signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateXMLSignatureRequest {
+  /**
+   * Gets the identifier for the keys to be used for the signature.
+   * 
+   * @return The identifier for the keys to be used.
+   */
+  public String getKeyIdentifier();
+  /**
+   * Gets the information of the singleSignatureInfo elements. 
+   * 
+   * @return The information of singleSignatureInfo elements.
+   */
+  public List getSingleSignatureInfos();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponse.java
new file mode 100644
index 0000000..c1b1c30
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponse.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+/**
+ * Object that encapsulates the response on to a 
+ * <code>CreateXMLSignatureRequest</code> to create an XML signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateXMLSignatureResponse {
+  /**
+   * Gets the response elements.
+   * 
+   * @return The response elements.
+   */
+  public List getResponseElements();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponseElement.java
new file mode 100644
index 0000000..b9bd334
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/CreateXMLSignatureResponseElement.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+/**
+ * Base class for <code>SignatureEnvironmentResponse</code> and 
+ * <code>ErrorResponse</code> elements in a 
+ * <code>CreateXMLSignatureResponse</code>.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface CreateXMLSignatureResponseElement {
+  /**
+   * Indicates that this object contains a <code>SignatureEnvironment</code>.
+   */
+  public static final int SIGNATURE_ENVIRONMENT_RESPONSE = 0;
+  /**
+   * Indicates that this objet contains an <code>ErrorResponse</code>.
+   */
+  public static final int ERROR_RESPONSE = 1;
+  
+  /**
+   * Gets the type of response object.
+   * 
+   * @return The type of response object, either 
+   * <code>SIGNATURE_ENVIRONMENT_RESPONSE</code> or <code>ERROR_RESPONSE</code>.
+   */
+  public int getResponseType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/DataObjectInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/DataObjectInfo.java
new file mode 100644
index 0000000..620e3b3
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/DataObjectInfo.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+
+/**
+ * Encapsulates information required to create a single signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface DataObjectInfo {
+  /**
+   * Indicates that a detached signature will be created.
+   */
+  public static final String STRUCTURE_DETACHED = "detached"; 
+  /**
+   * Indicates that an enveloping signature will be created.
+   */
+  public static final String STRUCTURE_ENVELOPING = "enveloping";
+
+  /**
+   * Gets the structure of the signature.
+   * 
+   * @return The structure of the signature.
+   */
+  public String getStructure();
+  /**
+   * Checks whether a refercence will be placed in the signature itself or
+   * in the manifest.
+   * 
+   * @return <code>true</code> if a reference will be placed in the manifest,
+   * <code>false</code> if it will be placed in the signature.
+   */
+  public boolean isChildOfManifest();
+  /**
+   * Gets information related to a single data object.
+   * 
+   * @return Information related to a single data object.
+   */
+  public Content getDataObject();
+  /**
+   * Gets information for the transformation of the data object.
+   * 
+   * @return The transformation information.
+   */
+  public CreateTransformsInfoProfile getCreateTransformsInfoProfile();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/ErrorResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/ErrorResponse.java
new file mode 100644
index 0000000..6dfa843
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/ErrorResponse.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+
+/**
+ * Object containing detailed error information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ErrorResponse extends CreateXMLSignatureResponseElement {
+  /**
+   * Gets the error code.
+   * 
+   * @return The error code.
+   */
+  public int getErrorCode();
+  /**
+   * Gets verbose error information.
+   * 
+   * @return Verbose error information.
+   */
+  public String getInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SignatureEnvironmentResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SignatureEnvironmentResponse.java
new file mode 100644
index 0000000..47c4ce7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SignatureEnvironmentResponse.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import org.w3c.dom.Element;
+
+/**
+ * Contains the signature if the signature creation was successful.
+ *  
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SignatureEnvironmentResponse
+  extends CreateXMLSignatureResponseElement {
+  /** 
+   * Gets the XML structure which contains the signature.
+   * 
+   * @return A general XML structure containing the signature.
+   */
+  public Element getSignatureEnvironment();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SingleSignatureInfo.java
new file mode 100644
index 0000000..3355739
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlsign/SingleSignatureInfo.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlsign;
+
+import java.util.List;
+
+/**
+ * Encapsulates data to create a single signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SingleSignatureInfo {
+  /**
+   * Gets the dataObjectInfo information.
+   * 
+   * @return The dataObjectInfo information.
+   */
+  public List getDataObjectInfos();
+  /**
+   * Gets the signature object.
+   * 
+   * @return The signature object used during signature creation.
+   */
+  public CreateSignatureInfo getCreateSignatureInfo();
+  /**
+   * Check whether a Security Layer conform signature manifest will be created.
+   * 
+   * @return <code>true</code>, if a Security Layer conform signature manifest 
+   * will be created, <code>false</code> otherwise.
+   */
+  public boolean isSecurityLayerConform();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResult.java
new file mode 100644
index 0000000..8ff4617
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResult.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+
+/**
+ * Contains the results of manifest checks according to XMLDsig.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ManifestRefsCheckResult {
+  /**
+   * Gets the check code.
+   * 
+   * @return A numerical representation of the result of the manifest check.
+   */
+  public int getCode();
+  /**
+   * Gets the reference to the manifest.
+   * 
+   * @return The reference to the manifest.
+   */
+  public ManifestRefsCheckResultInfo getInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResultInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResultInfo.java
new file mode 100644
index 0000000..4b0a4fb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ManifestRefsCheckResultInfo.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+
+/**
+ * Encapsulates information referring to the manifest of the check.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ManifestRefsCheckResultInfo extends ReferencesCheckResultInfo {
+  /**
+   * Gets the position of the signature reference containing the
+   * reference to the manifest being described by this object.
+   * 
+   * @return The position of the signature reference.
+   */
+  public int getReferringSignatureReference();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferenceInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferenceInfo.java
new file mode 100644
index 0000000..95a2b92
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferenceInfo.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.List;
+
+/**
+ * Contains transformation parameters which are locally available.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface ReferenceInfo {
+  /**
+   * Gets the transformation info.
+   * 
+   * @return The transformation info.
+   */
+  public List getVerifyTransformsInfoProfiles();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResult.java
new file mode 100644
index 0000000..dd1f482
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResult.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Contains information about the verification status of references contained
+ * in the signature. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ReferencesCheckResult {
+  /**
+   * Gets the check code.
+   * 
+   * @return A numerical representation of the result of the reference check.
+   */
+  public int getCode();
+  /**
+   * Gets the additional information about the result.
+   * 
+   * @return Additional information about the result.
+   */
+  public ReferencesCheckResultInfo getInfo();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResultInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResultInfo.java
new file mode 100644
index 0000000..fc87c98
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/ReferencesCheckResultInfo.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Additional information contained in a <code>ReferencesCheckResult</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface ReferencesCheckResultInfo {
+  /**
+   * Gets the additional info of the failed <code>dsig:reference</code> element.
+   * 
+   * @return The info elements.
+   */
+  public NodeList getAnyOtherInfo();
+  /**
+   * Gets the positions of the failed signature references containing the
+   * references to the manifests being described by this object.
+   * 
+   * @return The positions of the failed signature references. 
+   */
+  public int[] getFailedReferences();  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SignatureManifestCheckParams.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SignatureManifestCheckParams.java
new file mode 100644
index 0000000..524d4b8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SignatureManifestCheckParams.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.List;
+
+/**
+ * Contains parameters used to check the signature manifest.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SignatureManifestCheckParams {
+  /**
+   * Gets the referential information.
+   * 
+   * @return The referential information.
+   */
+  public List getReferenceInfos();
+  /**
+   * Gets information on whether signature source data should be returned.
+   * 
+   * @return <code>true</code>, if signature source data should be returned,
+   * otherwise <code>false</code>.
+   */
+  public boolean getReturnReferenceInputData();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfile.java
new file mode 100644
index 0000000..934e7c6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfile.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Base class for supplementary information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SupplementProfile {
+  /**
+   * Indicates that this object contains explicit supplementary information.
+   */
+  public static final int EXPLICIT_SUPPLEMENTPROFILE = 0;
+  /**
+   * Indicates that this object contains a profile id where supplementary
+   * information can be found.
+   */
+  public static final int ID_SUPPLEMENTPROFILE = 1;
+
+  /**
+   * Gets the type of supplementary information contained in this object.
+   * 
+   * @return The type of supplementary information contained in this object,
+   * either <code>EXPLICIT_SUPPLEMENT</code> or <code>ID_SUPPLEMENT</code>.
+   */
+  public int getSupplementProfileType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileExplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileExplicit.java
new file mode 100644
index 0000000..d01abec
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileExplicit.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+
+/**
+ * Encapsulates explicit supplementary information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SupplementProfileExplicit extends SupplementProfile {
+  /**
+   * Gets the supplemental object.
+   * 
+   * @return The supplemental object.
+   */
+  public XMLDataObjectAssociation getSupplementProfile();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileID.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileID.java
new file mode 100644
index 0000000..beeb2f0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/SupplementProfileID.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Encapsulates supplementary information stored in a profile.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface SupplementProfileID extends SupplementProfile {
+  /**
+   * Gets the id of the profile where the supplementary information can be
+   * found.
+   * 
+   * @return The profile id.
+   */
+  public String getSupplementProfileID();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameter.java
new file mode 100644
index 0000000..7ecd1b8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameter.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Object encapsulating transform parameters either as a URI, binary or
+ * hashed.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface TransformParameter {
+  /**
+   * Indicates that this object contains a transform parameter given as
+   * a URI.
+   */
+  public static final int URI_TRANSFORMPARAMETER = 0;
+  /**
+   * Indicates that this object contains binary transform parameter.
+   */
+  public static final int BINARY_TRANSFORMPARAMETER = 1;
+  /**
+   * Indicatest that this object contains a binary hash of the transform
+   * parameter.
+   */
+  public static final int HASH_TRANSFORMPARAMETER = 2;
+  
+  /**
+   * Gets the type of transform parameter contained in this object.
+   * 
+   * @return The type of transform parameter, being one of 
+   * <code>URI_TRANSFORMPARAMETER</code>, <code>BINARY_TRANSFORMPARAMETER</code>
+   * or <code>HASH_TRANSFORMPARAMETER</code>.
+   */
+  public int getTransformParameterType();
+  /**
+   * Gets the transform parameter URI.
+   * 
+   * @return The transform parameter URI.
+   */
+  public String getURI();}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterBinary.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterBinary.java
new file mode 100644
index 0000000..388c5d0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterBinary.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.io.InputStream;
+
+/**
+ * Encapsulates a binary transform parameter.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface TransformParameterBinary extends TransformParameter {
+  /**
+   * Gets the binary transform parameter.
+   * 
+   * @return An <code>InputStream</code> from which the binary content can
+   * be read.
+   */
+  public InputStream getBinaryContent();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterHash.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterHash.java
new file mode 100644
index 0000000..2ff6f39
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterHash.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+
+/**
+ * Contains a hash of the transform parameter.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface TransformParameterHash extends TransformParameter {
+  /**
+   * Gets the method used for calculating the digest value.
+   * 
+   * @return The digest method.
+   */
+  public String getDigestMethod();
+  /**
+   * Gets the binary hash of the transform parameter.
+   * 
+   * @return A binary representation of the hash.
+   */
+  public byte[] getDigestValue();
+  
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterURI.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterURI.java
new file mode 100644
index 0000000..bc73e95
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/TransformParameterURI.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Encapsulates a transform parameter given as a URI.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface TransformParameterURI extends TransformParameter {
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureInfo.java
new file mode 100644
index 0000000..5d6e0eb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureInfo.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import at.gv.egovernment.moa.spss.api.common.Content;
+
+/**
+ * Encapsulates a signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifySignatureInfo {
+  /**
+   * Gets the content of the <code>VerifySignatureEnvironment</code> element.
+   * 
+   * @return A <code>MOAElement</code> containing the 
+   * <code>VerifySignatureEnvironment</code> in a DOM-like structure.
+   */
+  public Content getVerifySignatureEnvironment();
+  /**
+   * Gets the location of the signature.
+   * 
+   * @return The location of the signature within the signature environment.
+   */ 
+  public VerifySignatureLocation getVerifySignatureLocation();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureLocation.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureLocation.java
new file mode 100644
index 0000000..56a2567
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifySignatureLocation.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import at.gv.egovernment.moa.spss.api.common.ElementSelector;
+
+/**
+ * Specifies where to find the signature to be verified.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public interface VerifySignatureLocation extends ElementSelector {
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfile.java
new file mode 100644
index 0000000..a55d55e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfile.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Object for explicitly specifying a transformation path.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyTransformsInfoProfile {
+  /**
+   * Indicates that this object contains the transformation path explicitly.
+   */
+  public static final int EXPLICIT_VERIFYTRANSFORMSINFOPROFILE = 0;
+  /**
+   * Indicatest that this object contains a transformation info id.
+   */
+  public static final int ID_VERIFYTRANSFORMSINFOPROFILE = 1;
+  
+  /**
+   * Gets the type of transformation information contained in this object.
+   * 
+   * @return The type of transformation information, either 
+   * <code>EXPLICIT_VERIFYTRANSFORMSINFOPROFILE</code> or
+   * <code>ID_VERIFYTRANSFORMSINFOPROFILE</code>.
+   */
+  public int getVerifyTransformsInfoProfileType();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileExplicit.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileExplicit.java
new file mode 100644
index 0000000..cc29ace
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileExplicit.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.List;
+
+/**
+ * Encapsulates explicit transformation information.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyTransformsInfoProfileExplicit extends VerifyTransformsInfoProfile {
+  /**
+   * Gets the XMLDSig transforms element.
+   * 
+   * @return The <code>List</code> of <code>Transform</code>s.
+   */
+  public List getTransforms();
+  /**
+   * Gets the transformation parameters.
+   * 
+   * @return The transformation parameters.
+   */
+  public List getTransformParameters();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileID.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileID.java
new file mode 100644
index 0000000..eeb28da
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyTransformsInfoProfileID.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+/**
+ * Encapsulates transformation info id for signature verification.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyTransformsInfoProfileID extends VerifyTransformsInfoProfile {
+  /**
+   * Gets the identifier referencing the transformation info.
+   * 
+   * @return The identifier referencing the transformation info.
+   */
+  public String getVerifyTransformsInfoProfileID();
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java
new file mode 100644
index 0000000..a6272d5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureRequest.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.Date;
+import java.util.List;
+
+
+/**
+ * Object that encapsulates a request to verify an XML signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyXMLSignatureRequest {
+  /**
+   * Gets the date and time for which the signature verification has to
+   * be performed.
+   * 
+   * @return Date and time for which the signature verification has
+   * to be performed.
+   */
+  public Date getDateTime();
+  /**
+   * Gets the signature to be verified.
+   * 
+   * @return The signature to be verified.
+   */
+  public VerifySignatureInfo getSignatureInfo();
+  /**
+   * Gets the supplemental information.
+   * 
+   * @return The supplemental information.
+   */  
+  public List getSupplementProfiles();
+  /**
+   * Gets parameters for Security Layer signature verification.
+   * 
+   * @return Parameters for Security Layer signature verification.
+   */
+  public SignatureManifestCheckParams getSignatureManifestCheckParams();
+  /**
+   * Checks, whether actually signed data shall be returned.
+   * 
+   * @return <code>true</code>, if signed data will be returned,
+   * otherwise <code>false</code>.
+   */
+  public boolean getReturnHashInputData();
+  /**
+   * Gets the profile id of the set of trusted certificates to be used for
+   * signature verification.
+   * 
+   * @return The id of the trusted certificates.
+   */
+  public String getTrustProfileId();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
new file mode 100644
index 0000000..d107dc9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+
+/**
+ * Object that encapsulates the response on a request to verify an XML
+ * signature.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id$
+ */
+public interface VerifyXMLSignatureResponse {
+  /**
+   * Gets a <code>SignerInfo</code> element according to XMLDSig.
+   * 
+   * @return A <code>SignerInfo</code> element according to XMLDSig.
+   */
+  public SignerInfo getSignerInfo();
+  /**
+   * Gets datas signed by the signatory.
+   * 
+   * @return The signed datas.
+   */
+  public List getHashInputDatas();
+  /**
+   * Gets source datas elements.
+   * 
+   * @return The source datas elements.
+   */
+  public List getReferenceInputDatas();
+  /**
+  * Gets the result of the signature verification.
+  * 
+  * @return The result of the signature verification.
+  */
+  public ReferencesCheckResult getSignatureCheck();
+  /**
+   * Gets the result of the signature manifest verification.
+   * 
+   * @return The result of the signature manifest verification.
+   */
+  public ReferencesCheckResult getSignatureManifestCheck();
+  /**
+   * Gets XMLDSigManifestCheck elements.
+   * 
+   * @return The XMLDSigManifestCheck elements.
+   */
+  public List getXMLDsigManifestChecks();
+  /**
+   * Gets the result of the certification verification.
+   * 
+   * @return The result of the certificate verification.
+   */
+  public CheckResult getCertificateCheck();
+  
+  
+  
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
new file mode 100644
index 0000000..bb2589a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.asn1.structures.Name;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.utils.RFC2253NameParserException;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * A class representing a CRL distribution point.
+ * 
+ * @author Sven Aigner
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CRLDistributionPoint extends DistributionPoint implements iaik.pki.revocation.CRLDistributionPoint {
+
+	private static Map RC_MAPPING = new HashMap();
+
+	static {
+
+		// create the mapping between reason code strings and their integer
+		// values
+		RC_MAPPING.put("unused", new Integer(iaik.asn1.structures.DistributionPoint.unused));
+		RC_MAPPING.put("keyCompromise", new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise));
+		RC_MAPPING.put("cACompromise", new Integer(iaik.asn1.structures.DistributionPoint.cACompromise));
+		RC_MAPPING.put("affiliationChanged", new Integer(iaik.asn1.structures.DistributionPoint.affiliationChanged));
+		RC_MAPPING.put("superseded", new Integer(iaik.asn1.structures.DistributionPoint.superseded));
+		RC_MAPPING.put("cessationOfOperation",
+				new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
+		RC_MAPPING.put("certificateHold", new Integer(iaik.asn1.structures.DistributionPoint.certificateHold));
+		RC_MAPPING.put("privilegeWithdrawn", new Integer(iaik.asn1.structures.DistributionPoint.privilegeWithdrawn));
+		RC_MAPPING.put("aACompromise", new Integer(iaik.asn1.structures.DistributionPoint.aACompromise));
+	}
+
+	/**
+	 * The name of the CA issuing the CRL referred to by this DP.
+	 */
+	private String issuerName_;
+
+	/**
+	 * The reason codes applicable for the distribution point.
+	 */
+	private int reasonCodes;
+
+	/**
+	 * Create a <code>CRLDistributionPoint</code>.
+	 * 
+	 * @param issuerName
+	 *            The name of the CA issuing the CRL referred to by this DP.
+	 * 
+	 * @param uri
+	 *            The URI of the distribution point.
+	 * 
+	 * @param reasonCodeStr
+	 *            A list of reason codes (a space-separated enumeration).
+	 */
+	public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) {
+		super(uri);
+		issuerName_ = issuerName;
+		this.reasonCodes = extractReasonCodes(reasonCodeStr);
+	}
+
+	/**
+	 * @see DistributionPoint#getType()
+	 */
+	public String getType() {
+		return RevocationSourceTypes.CRL;
+	}
+
+	/**
+	 * Convert a list of reason codes provided as a <code>String</code> to a
+	 * binary representation.
+	 * 
+	 * @param reasonCodeStr
+	 *            A <code>String</code> containing a blank-separated, textual
+	 *            representation of reason codes.
+	 * @return int A binary representation of reason codes.
+	 * @see iaik.asn1.structures.DistributionPoint
+	 */
+	private int extractReasonCodes(String reasonCodeStr) {
+		int codes = 0;
+		StringTokenizer tokenizer = new StringTokenizer(reasonCodeStr);
+		String token;
+		Integer reasonCode;
+
+		while (tokenizer.hasMoreTokens()) {
+			token = tokenizer.nextToken();
+			reasonCode = (Integer) RC_MAPPING.get(token);
+			if (reasonCode != null) {
+				codes |= reasonCode.intValue();
+			} else {
+				MessageProvider msg = MessageProvider.getInstance();
+				Logger.warn(new LogMsg(msg.getMessage("config.07", new Object[] { token })));
+			}
+		}
+
+		// If reasonCodeStr is empty, set all possible reason codes
+		if (codes == 0)
+			codes = iaik.asn1.structures.DistributionPoint.unused | iaik.asn1.structures.DistributionPoint.keyCompromise
+					| iaik.asn1.structures.DistributionPoint.cACompromise
+					| iaik.asn1.structures.DistributionPoint.affiliationChanged
+					| iaik.asn1.structures.DistributionPoint.superseded
+					| iaik.asn1.structures.DistributionPoint.cessationOfOperation
+					| iaik.asn1.structures.DistributionPoint.certificateHold
+					| iaik.asn1.structures.DistributionPoint.privilegeWithdrawn
+					| iaik.asn1.structures.DistributionPoint.aACompromise;
+
+		return codes;
+	}
+
+	/**
+	 * Return a binary representation of the reason codes of this distribution
+	 * point.
+	 * 
+	 * @return The binary representation of the reason codes.
+	 */
+	public int getReasonCodes() {
+		return reasonCodes;
+	}
+
+	/**
+	 * Return a <code>String</code> representation of this distribution point.
+	 * 
+	 * @return The <code>String</code> representation of this distribution
+	 *         point.
+	 * @see java.lang.Object#toString()
+	 */
+	public String toString() {
+		return "(DistributionPoint - " + ("URI<" + getUri()) + ("> REASONCODES<" + getReasonCodes() + ">)");
+	}
+
+	/**
+	 * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName()
+	 */
+	public String getIssuerName() {
+		return issuerName_;
+	}
+
+	@Override
+	public Name getIssuerDN() {
+		try {
+			return new Name(this.issuerName_);
+		} catch (RFC2253NameParserException e) {
+			throw new RuntimeException(e);
+		}
+	}
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java
new file mode 100644
index 0000000..6546e88
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import at.gv.egovernment.moa.spss.MOASystemException;
+
+/**
+ * Exception signalling an error in the configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationException extends MOASystemException {
+
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = -1934466124930228755L;
+
+/**
+   * Create a <code>ConfigurationException</code>.
+   * 
+   * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[])
+   */
+  public ConfigurationException(String messageId, Object[] parameters) {
+    super(messageId, parameters);
+  }
+
+  /**
+   * Create a <code>ConfigurationException</code>.
+   * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[], Throwable)
+   */
+  public ConfigurationException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+
+    super(messageId, parameters, wrapped);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
new file mode 100644
index 0000000..af67d30
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -0,0 +1,1825 @@
+/*
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.asn1.structures.Name;
+//import iaik.ixsil.exceptions.URIException;
+//import iaik.ixsil.util.URI;
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.server.modules.xml.BlackListEntry;
+import iaik.server.modules.xml.ExternalReferenceChecker;
+import iaik.server.modules.xml.WhiteListEntry;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.net.MalformedURLException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.xml.bind.DatatypeConverter;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
+import at.gv.egovernment.moa.spss.api.impl.TSLConfigurationImpl;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A class that builds configuration data from a DOM based representation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationPartsBuilder {
+
+  //
+  // XPath namespace prefix shortcuts
+  //
+
+  private static final String CONF = Constants.MOA_CONFIG_PREFIX + ":";
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+
+  //
+  // chaining mode constants appearing in the configuration file
+  //
+
+  private static final String CM_CHAINING = "chaining";
+  private static final String CM_PKIX = "pkix";
+
+  //
+  // XPath expressions to select certain parts of the configuration
+  //
+
+  private static final String ROOT = "/" + CONF + "MOAConfiguration/";
+  
+  private static final String PDFAS_CONFIGURATION_XPATH =
+		    ROOT + CONF + "PDFASConfig";
+  
+  private static final String DIGEST_METHOD_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "XMLDSig/" 
+    + CONF + "DigestMethodAlgorithm";
+  private static final String XADES_VERSION_XPATH =
+		    ROOT + CONF + "SignatureCreation/" 
+		    + CONF + "XAdES/" 
+		    + CONF + "Version";
+  private static final String C14N_ALGORITHM_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "XMLDSig/" 
+    + CONF + "CanonicalizationAlgorithm";
+  private static final String HARDWARE_CRYPTO_MODULE_XPATH =
+    ROOT + CONF + "Common/"
+    + CONF + "HardwareCryptoModule";
+  private static final String PERMIT_EXTERNAL_URIS_XPATH =
+	    ROOT + CONF + "Common/"
+	    + CONF + "PermitExternalUris";
+  private static final String BLACK_LIST_URIS_XPATH =
+	    ROOT + CONF + "Common/"
+	    + CONF + "PermitExternalUris/"
+	    + CONF + "BlackListUri";
+  private static final String FORBID_EXTERNAL_URIS_XPATH =
+		    ROOT + CONF + "Common/"
+		    + CONF + "ForbidExternalUris";
+  private static final String WHITE_LIST_URIS_XPATH =
+		    ROOT + CONF + "Common/"
+		    + CONF + "ForbidExternalUris/"
+		    + CONF + "WhiteListUri";
+  
+  private static final String HARDWARE_KEY_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "KeyModules/" 
+    + CONF + "HardwareKeyModule";
+  private static final String SOFTWARE_KEY_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "KeyModules/" 
+    + CONF + "SoftwareKeyModule";
+  private static final String KEYGROUP_XPATH = 
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "KeyGroup";
+  private static final String KEYGROUP_MAPPING_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "KeyGroupMapping";
+  private static final String ISSUER_XPATH = 
+    DSIG + "X509IssuerName";
+  private static final String SERIAL_XPATH = 
+    DSIG + "X509SerialNumber";
+  private static final String CERTSTORE_LOCATION_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathConstruction/"
+    + CONF + "CertificateStore/"
+    + CONF + "DirectoryStore/"
+    + CONF + "Location";
+  private static final String AUTO_ADD_CERTIFICATES_XPATH_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathConstruction/"
+    + CONF + "AutoAddCertificates";
+  private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathConstruction/"
+    + CONF + "UseAuthorityInformationAccess";
+  private static final String CHAINING_MODES_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathValidation/"
+    + CONF + "ChainingMode";
+  private static final String CHAINING_MODES_DEFAULT_XPATH =
+    CHAINING_MODES_XPATH + "/"
+    + CONF + "DefaultMode";
+  private static final String TRUST_ANCHOR_XPATH =
+    CHAINING_MODES_XPATH + "/"
+    + CONF + "TrustAnchor";
+  private static final String TRUST_PROFILE_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "PathValidation/"
+    + CONF + "TrustProfile";
+  private static final String DISTRIBUTION_POINTS_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "DistributionPoint";
+  private static final String CRL_RETENTION_INTERVALS_CA_XPATH =
+     ROOT + CONF + "SignatureVerification/" 
+     + CONF + "CertificateValidation/"
+     + CONF + "RevocationChecking/"
+     + CONF + "CrlRetentionIntervals/"
+     + CONF + "CA";
+  private static final String ENABLE_REVOCATION_CHECKING_XPATH_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "EnableChecking";
+  private static final String MAX_REVOCATION_AGE_XPATH_ =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "MaxRevocationAge";
+  private static final String REVOCATION_SERVICEORDER_XPATH_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "ServiceOrder/" 
+    + CONF + "Service";
+  private static final String ENABLE_ARCHIVING_XPATH = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "Archiving/"
+    + CONF + "EnableArchiving";
+  private static final String CRL_ARCHIVE_DURATION_XPATH = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "Archiving/"
+    + CONF + "ArchiveDuration";
+  private static final String ACHIVE_JDBC_URL_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "Archiving/"
+    + CONF + "Archive/"
+    + CONF + "DatabaseArchive/"
+    + CONF + "JDBCURL";
+  private static final String ACHIVE_JDBC_DRIVER_CLASS_ = 
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "CertificateValidation/"
+    + CONF + "RevocationChecking/"
+    + CONF + "Archiving/"
+    + CONF + "Archive/"
+    + CONF + "DatabaseArchive/"
+    + CONF + "JDBCDriverClassName";
+  private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "CreateTransformsInfoProfile";
+  private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH =
+    ROOT + CONF + "SignatureCreation/" 
+    + CONF + "CreateSignatureEnvironmentProfile";
+  private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "VerifyTransformsInfoProfile";
+  private static final String SUPPLEMENT_PROFILE_XPATH =
+    ROOT + CONF + "SignatureVerification/" 
+    + CONF + "SupplementProfile";
+  private static final String PERMIT_FILE_URIS_XPATH =
+	    ROOT + CONF + "SignatureVerification/" 
+	    + CONF + "PermitFileURIs";
+  
+  private static final String TSL_CONFIGURATION_XPATH = 
+	  ROOT + CONF + "SignatureVerification/"
+	  + CONF + "CertificateValidation/" 
+	  + CONF + "TSLConfiguration/";
+  //
+  // default values for configuration parameters 
+  //
+
+  /** The accepted canonicalization algorithm URIs, as an array */
+  private static final String[] ACCEPTED_C14N_ALGORITHMS_ARRAY =
+    {
+      Constants.C14N_URI,
+      Constants.C14N_WITH_COMMENTS_URI,
+      Constants.EXC_C14N_URI,
+      Constants.EXC_C14N_WITH_COMMENTS_URI };
+
+  /** The accepted canonicalization algorithm URIs, as a Set */
+  private static final Set ACCEPTED_C14N_ALGORITHMS =
+    new HashSet(Arrays.asList(ACCEPTED_C14N_ALGORITHMS_ARRAY));
+
+  /** Default canonicalization algorithm, if none/illegal has been configured */
+  private static final String C14N_ALGORITHM_DEFAULT = Constants.C14N_URI;
+
+  /** The accepted digest method algorithm URIs, as an array */
+  private static final String[] ACCEPTED_DIGEST_ALGORITHMS_ARRAY =
+    { Constants.SHA1_URI,
+	  Constants.SHA256_URI,
+	  Constants.SHA384_URI,
+	  Constants.SHA512_URI};
+
+  /** The accepted digest method algorithm URIs, as a Set */
+  private static final Set ACCEPTED_DIGEST_ALGORITHMS =
+    new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY));
+  
+  
+  /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.1.1) */
+  private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 = Constants.SHA1_URI;
+  
+  /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.4.2) */
+  private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 = Constants.SHA256_URI;
+  
+  /** The root element of the MOA configuration */
+  private Element configElem;
+  
+  /**
+   * The directory containing the underlying configuration file.
+   */
+  private File configRoot_;
+
+  /** Whether any warnings were encountered building the configuration. */
+  private List warnings = new ArrayList();
+
+  /**
+   * Create a new <code>ConfigurationPartsBuilder</code>.
+   * 
+   * @param configElem The root element of the MOA configuration.
+   * 
+   * @param configRoot The directory containing the underlying configuration file.
+   */
+  public ConfigurationPartsBuilder(Element configElem, File configRoot)
+  {
+    this.configElem = configElem;
+    configRoot_ = configRoot;
+  }
+
+  /**
+   * Returns the root element of the MOA configuration. 
+   * 
+   * @return The root element of the MOA configuration.
+   */
+  public Element getConfigElem() {
+    return configElem;
+  }
+  
+  /** 
+   * Returns the directory containing the underlying configuration file.
+   * 
+   * @return the directory containing the underlying configuration file.
+   */
+  public File getConfigRoot()
+  {
+    return configRoot_;
+  }
+
+  /**
+   * Returns the warnings encountered during building the configuration.
+   * 
+   * @return A <code>List</code> of <code>String</code>s, containing the
+   * warning messages.
+   */
+  public List getWarnings() {
+    return warnings;
+  }
+
+  /**
+   * Returns the digest method algorithm name.
+   * 
+   * @return The digest method algorithm name from the configuration.
+   */
+  public String getDigestMethodAlgorithmName() 
+  {
+    String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null);
+    
+    if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod))
+    {
+    	String xadesVersion = this.getXAdESVersion();
+    	if (xadesVersion == null) {
+    		info(
+    		        "config.23",
+    		        new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 });
+    		      digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1;	
+    	}
+    	else {
+    		info(
+    		        "config.23",
+    		        new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 });
+    		      digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2;
+    	}
+    	
+      
+    }
+
+    return digestMethod;
+  }
+  
+  /**
+   * Returns the digest method algorithm name.
+   * 
+   * @return The digest method algorithm name from the configuration.
+   */
+  public String getXAdESVersion() 
+  {
+    String xadesVersion = getElementValue(getConfigElem(), XADES_VERSION_XPATH, null);
+    
+    return xadesVersion;
+  }
+  
+  /**
+   * Returns the digest method algorithm name.
+   * 
+   * @return The digest method algorithm name from the configuration.
+   */
+  public String getPDFASConfiguration() 
+  {
+    String pdfasConfiguration = getElementValue(getConfigElem(), PDFAS_CONFIGURATION_XPATH, null);
+    
+    return pdfasConfiguration;
+  }
+  
+  
+  /**
+   * Returns the canonicalization algorithm name.
+   * 
+   * @return The canonicalization algorithm name from the configuration.
+   */
+  public String getCanonicalizationAlgorithmName() 
+  {
+    String c14nAlgorithm = getElementValue(getConfigElem(), C14N_ALGORITHM_XPATH, null);
+
+    if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) 
+    {
+      info(
+        "config.23",
+        new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT });
+      c14nAlgorithm = C14N_ALGORITHM_DEFAULT;
+    }
+
+    return c14nAlgorithm;
+  }
+
+  /**
+   * Build the configured hardware crypto modules.
+   * 
+   * @return The hardware crypto modules from the configuration.
+   */
+  public List buildHardwareCryptoModules() 
+  {
+    List modules = new ArrayList();
+    NodeIterator modIter = XPathUtils.selectNodeIterator(
+      getConfigElem(),
+      HARDWARE_CRYPTO_MODULE_XPATH);
+
+    Element modElem;
+    while ((modElem = (Element) modIter.nextNode()) != null) {
+      String name = getElementValue(modElem, CONF + "Name", null);
+      String slotId = getElementValue(modElem, CONF + "SlotId", null);
+      String userPIN = getElementValue(modElem, CONF + "UserPIN", null);
+      HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN);
+      modules.add(module);
+    }
+
+    return modules;
+  }
+  
+  /**
+   * 
+   * @return
+   */
+  public boolean allowExternalUris() {
+	  Element permitExtUris = (Element)XPathUtils.selectSingleNode(getConfigElem(), PERMIT_EXTERNAL_URIS_XPATH);
+	  
+	  // if PermitExternalUris element does not exist - don't allow external uris
+	  if (permitExtUris == null)  {
+		  // set permitExtUris for iaik-moa
+		  ExternalReferenceChecker.setPermitExternalURLs(false);
+		  return false;
+	  }		  	    
+	  else {
+		// set permitExtUris for iaik-moa
+		  ExternalReferenceChecker.setPermitExternalURLs(true);
+		  return true;
+	  }
+  }
+  
+  
+  /**
+   * 
+   * @return
+   */
+  public List buildPermitExternalUris() {
+	    
+	  info("config.33", null);
+	  
+	  List blacklist = new ArrayList();
+	  List blackListIaikMoa = new ArrayList();
+	  
+	  NodeIterator permitExtIter = XPathUtils.selectNodeIterator(
+			  getConfigElem(),
+			  BLACK_LIST_URIS_XPATH);
+	  
+	  Element permitExtElem = null;
+	  while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) {
+	      String host = getElementValue(permitExtElem, CONF + "IP", null);
+	      String port = getElementValue(permitExtElem, CONF + "Port", null);
+	      
+	      BlackListEntry entry =null;
+	      if (port == null) {
+	    	  entry = new BlackListEntry(host, -1);
+	    	  info("config.34", new Object[]{host});
+	      }
+	      else {	    	  
+	    	  entry = new BlackListEntry(host, new Integer(port).intValue());
+	    	  info("config.34", new Object[]{host + ":" + port});
+	      }
+	      
+	      // add entry to iaik-moa blacklist	      
+	      blackListIaikMoa.add(entry);
+	      	       
+	      
+	      String array[] = new String[2];
+	      array[0] = host;
+	      array[1] = port;
+	      blacklist.add(array);
+	      
+	  }
+	  
+	  
+	  // set blacklist for iaik-moa
+	  ExternalReferenceChecker.setBlacklist(blackListIaikMoa);
+
+	  
+	  if(blacklist.isEmpty()) // no blacklisted uris given
+		  info("config.36", null);
+		  
+	  
+	  return blacklist;
+  }
+  
+  /**
+   * 
+   * @return
+   */
+  public List buildForbidExternalUris() {
+	    
+	  //info("config.47", null);
+	  
+	  List whitelist = new ArrayList();
+	  List whiteListIaikMoa = new ArrayList();
+	  
+	  NodeIterator forbidExtIter = XPathUtils.selectNodeIterator(
+			  getConfigElem(),
+			  WHITE_LIST_URIS_XPATH);
+	  
+	  Element permitExtElem = null;
+	  while ((permitExtElem = (Element) forbidExtIter.nextNode()) != null) {
+	      String host = getElementValue(permitExtElem, CONF + "IP", null);
+	      String port = getElementValue(permitExtElem, CONF + "Port", null);
+	      
+	      // WhiteListeEntry
+	      WhiteListEntry entry =null;
+	      if (port == null) {
+	    	  entry = new WhiteListEntry(host, -1);
+	    	  info("config.49", new Object[]{host});
+      }
+	      else {	    	  
+	    	  entry = new WhiteListEntry(host, new Integer(port).intValue());
+	    	  info("config.49", new Object[]{host + ":" + port});
+	      }
+	      
+	      // add entry to iaik-moa whitelist	      
+	      whiteListIaikMoa.add(entry);
+	      	       
+	      
+	      String array[] = new String[2];
+	      array[0] = host;
+	      array[1] = port;
+	      whitelist.add(array);
+	      
+	  }
+	  
+	  
+	  // set whitelist for iaik-moa
+	  ExternalReferenceChecker.setWhitelist(whiteListIaikMoa);
+
+	  
+	  if(whitelist.isEmpty()) // no whitelisted uris given
+		  info("config.48", null);
+		  
+	  
+	  return whitelist;
+  }
+
+ 
+  
+  /**
+   * Build the configured hardware keys. 
+   * 
+   * @param keyModules The keyModules that the configuration already knows about. To 
+   * prevent multiple key modules with the same ID.
+   * @return The hardware keys contained in the configuration.
+   */
+  public List buildHardwareKeyModules(List keyModules) 
+  {
+    Set existingIds = toIdSet(keyModules);
+    List hardwareKeys = new ArrayList();
+    NodeIterator hkIter =
+      XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH);
+    Element keyElem;
+
+    while ((keyElem = (Element) hkIter.nextNode()) != null) 
+    {
+      String id = getElementValue(keyElem, CONF + "Id", null);
+      String name = getElementValue(keyElem, CONF + "Name", null);
+      String slotId = getElementValue(keyElem, CONF + "SlotId", null);
+      String userPIN = getElementValue(keyElem, CONF + "UserPIN", null);
+
+      if (existingIds.contains(id)) 
+      {
+        warn(
+          "config.04",
+          new Object[] { "Hardware- oder SoftwareKeyModule", id });
+      } 
+      else
+      {
+        KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN);
+        hardwareKeys.add(key);
+        existingIds.add(id);
+      }
+
+    }
+
+    return hardwareKeys;
+  }
+
+  /**
+   * Build the configured software keys.
+   * 
+   * @param keyModules The keyModules that the configuration already knows about. To 
+   *        prevent multiple key modules with the same ID.
+   *
+   * @return The software keys contained in the configuration.
+   */
+  public List buildSoftwareKeyModules(List keyModules) 
+  {
+    Set existingIds = toIdSet(keyModules);
+    List softwareKeys = new ArrayList();
+    NodeIterator skIter =
+      XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH);
+
+    Element keyElem;
+    while ((keyElem = (Element) skIter.nextNode()) != null)
+    {
+      String id = getElementValue(keyElem, CONF + "Id", null);
+      String fileName = getElementValue(keyElem, CONF + "FileName", null);
+      String passWord = getElementValue(keyElem, CONF + "Password", null);
+
+      if (existingIds.contains(id)) 
+      {
+        warn(
+          "config.04",
+          new Object[] { "Hardware- oder SoftwareKeyModule", id });
+      } 
+      else
+      {
+        File keyFile;
+        KeyModule key;
+
+        // make keyFile absolute
+        keyFile = new File(fileName);
+        if (!keyFile.isAbsolute()) {
+          keyFile = new File(configRoot_, fileName);
+        }
+
+        // check for existence
+        if (!keyFile.exists() || keyFile.isDirectory()) {
+          warn("config.25", new Object[] { id, keyFile.getAbsolutePath()});
+        } else {
+          // create a new key module
+          key = new SoftwareKeyModule(id, keyFile.getAbsolutePath(), passWord);
+          softwareKeys.add(key);
+          existingIds.add(id);
+        }
+      }
+    }
+
+    return softwareKeys;
+  }
+
+  /**
+   * Build the key group configuration.
+   * 
+   * @param keyModules The <code>KeyModule</code>s that the configuration
+   * knows about. Used to check for errors in the configuration.
+   * @return The mapping between key group IDs and key groups.
+   */
+  public Map buildKeyGroups(List keyModules) 
+  {
+    Set keyModuleIds = toIdSet(keyModules);
+    Map keyGroups = new HashMap();
+    NodeIterator kgIter;
+    Element keyGroupElem;
+
+    // select all KeyGroup elements and build the KeyGroup objects from them
+    kgIter = XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_XPATH);
+    while ((keyGroupElem = (Element) kgIter.nextNode()) != null) 
+    {
+      String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null);
+      String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null);
+      Set keyGroupEntries =
+        buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
+      KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm);
+
+      if (keyGroups.containsKey(keyGroupId)) 
+      {
+        warn("config.04", new Object[] { "KeyGroup", keyGroupId });
+      } 
+      else
+      {
+        keyGroups.put(keyGroup.getId(), keyGroup);
+      }
+    }
+
+    return keyGroups;
+  }
+
+  /**
+   * Return the set of IDs contained in the given <code>KeyModule</code>s.
+   * 
+   * @param keyModules The <code>KeyModule</code>s from which to extract the
+   * IDs.
+   * @return The IDs from the given <code>KeyModule</code>s.
+   */
+  private Set toIdSet(List keyModules) {
+    Set ids = new HashSet();
+    Iterator iter;
+
+    for (iter = keyModules.iterator(); iter.hasNext();) {
+      KeyModule keyModule = (KeyModule) iter.next();
+      ids.add(keyModule.getId());
+    }
+
+    return ids;
+  }
+
+  /**
+   * Build the key entries belonging to a key group.
+   * 
+   * @param keyGroupId The ID of the key group we are building here. Passed
+   * for logging purposes.
+   * @param keyModuleIds The IDs of the <code>HardwareKeyModule</code>s and
+   * <code>SoftwareKeyModule</code>s that exist in the configuration. 
+   * @param keyGroupElem The <code>KeyGroup</code> DOM element to parse.
+   * @return A <code>Set</code> of <code>KeyGroupEntry</code> objects.
+   */
+  private Set buildKeyGroupEntries(
+    String keyGroupId,
+    Set keyModuleIds,
+    Element keyGroupElem) {
+
+    Set entries = new HashSet();
+    NodeIterator keyEntryIter;
+    Element keyEntryElem;
+
+    // select all Key elements and put them into the Map
+    keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, CONF + "Key");
+    while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) 
+    {
+      String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", "");
+      Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + "KeyCertIssuerSerial");
+      IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem);
+
+      if (!keyModuleIds.contains(keyModuleId)) {
+        warn("config.26", new Object[] { keyGroupId, keyModuleId });
+      } else if (issuerSerial != null) {
+        KeyGroupEntry entry = new KeyGroupEntry(keyModuleId, issuerSerial);
+        entries.add(entry);
+      }
+    }
+    return entries;
+  }
+
+  /**
+   * Build the key group mapping.
+   * 
+   * @param keyGroups The available key groups.
+   * @param anonymous The <code>IssuerAndSerial</code> to be used for key group
+   * mappings not protected by a certificate.
+   * @return The key group mapping.
+   */
+  public Map buildKeyGroupMappings(Map keyGroups, IssuerAndSerial anonymous) {
+    Map mappings = new HashMap();
+    NodeIterator mappingIter;
+    Element mappingElem;
+
+    // select all KeyGroupMapping elements
+    mappingIter =
+      XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH);
+
+    // build the mapping for each KeyGroupMapping element
+    while ((mappingElem = (Element) mappingIter.nextNode()) != null) 
+    {
+      Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + "CustomerId");
+
+      // build the IssuerAndSerial who has access to the key groups
+      IssuerAndSerial issuerAndSerial;
+      if (issuerSerialElem != null) 
+      {
+        issuerAndSerial = buildIssuerAndSerial(issuerSerialElem);
+      } 
+      else
+      {
+        // IssuerSerial element: the keygroup is generally available
+        issuerAndSerial = anonymous;
+      }
+
+      // add the key groups to the mappings
+      if (issuerAndSerial != null) {
+        Map groups = (Map) mappings.get(issuerAndSerial);
+        NodeIterator keyGroupIter;
+        Element keyGroupElem;
+
+        if (groups == null) 
+        {
+          // no mapping exist -> build one
+          groups = new HashMap();
+          mappings.put(issuerAndSerial, groups);
+        }
+
+        // select the available key groups and add them to the mapping
+        keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId");
+        while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) 
+        {
+          String keyGroupId = getElementValue(keyGroupElem, ".", null);
+          KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
+
+          if (keyGroup != null) 
+          {
+            groups.put(keyGroupId, keyGroup);
+          } else
+          {
+            warn("config.00", new Object[] { keyGroupId });
+          }
+        }
+      }
+    }
+
+    return mappings;
+  }
+
+  /**
+   * Returns the default chaining mode from the configuration.
+   * 
+   * @return The default chaining mode.
+   */
+  public String getDefaultChainingMode() 
+  {
+    String defaultChaining = getElementValue(
+      getConfigElem(),
+      CHAINING_MODES_DEFAULT_XPATH,
+      CM_PKIX);
+
+    return translateChainingMode(defaultChaining);
+
+  }
+
+  /**
+   * Build the chaining modes for all configured trust anchors.
+   * 
+   * @return The mapping from trust anchors to chaining modes.
+   */
+  public Map buildChainingModes()
+  {
+    Map chainingModes = new HashMap();
+    NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
+
+    Element trustAnchorElem;
+    while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) 
+    {
+      IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(
+        (Element)XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification"));
+      String mode = getElementValue(trustAnchorElem, CONF + "Mode", null);
+
+      if (issuerAndSerial != null) 
+      {
+        chainingModes.put(issuerAndSerial, translateChainingMode(mode));
+      }
+    }
+
+    return chainingModes;
+  }
+
+  /**
+   * Build an <code>IssuerAndSerial</code> from the DOM representation.
+   * 
+   * @param root The root element (being of type <code>dsig:
+   * X509IssuerSerialType</code>.
+   * @return The issuer and serial number contained in the <code>root</code>
+   * element or <code>null</code> if could not be built for any reason.
+   */
+  private IssuerAndSerial buildIssuerAndSerial(Element root) {
+    String issuer = getElementValue(root, ISSUER_XPATH, null);
+    String serial = getElementValue(root, SERIAL_XPATH, null);
+
+    if (issuer != null && serial != null) {
+      try {
+        RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
+        Principal issuerDN = nameParser.parse();
+
+        return new IssuerAndSerial(issuerDN, new BigInteger(serial));
+      } catch (RFC2253NameParserException e) {
+        warn("config.16", new Object[] { issuer, serial }, e);
+        return null;
+      } catch (NumberFormatException e) {
+        warn("config.16", new Object[] { issuer, serial }, e);
+        return null;
+      }
+    }
+    return null;
+  }
+
+  /**
+   * Translate the chaining mode from the configuration file to one used in the
+   * IAIK MOA API.
+   * 
+   * @param chainingMode The chaining mode from the configuration.
+   * @return The chaining mode as provided by the <code>ChainingModes</code>
+   * interface.
+   * @see iaik.pki.pathvalidation.ChainingModes
+   */
+  private String translateChainingMode(String chainingMode) {
+    if (chainingMode.equals(CM_CHAINING)) {
+      return ChainingModes.CHAIN_MODE;
+    } else if (chainingMode.equals(CM_PKIX)) {
+      return ChainingModes.PKIX_MODE;
+    } else {
+      return ChainingModes.PKIX_MODE;
+    }
+  }
+
+  /**
+   * Build the distribution points mapping.
+   * 
+   * @return The mapping from certificate authorities to distribution points.
+   */
+  public Map buildDistributionPoints()
+  {
+    Map dPs = new HashMap();
+    NodeIterator dPIter;
+    Element dPElem;
+
+    // select all DistributionPoint elements 
+    dPIter = XPathUtils.selectNodeIterator(getConfigElem(), DISTRIBUTION_POINTS_XPATH);
+
+    // build the mapping of CA name to distribution points 
+    while ((dPElem = (Element) dPIter.nextNode()) != null) {
+      String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", "");
+      RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText);
+      NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP");
+      NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP");
+
+      try 
+      {
+        String caIssuerDN = nameParser.parse().getName();
+
+        // check, if a mapping exists or make a new mapping      
+        Set dPsForCA = (Set) dPs.get(caIssuerDN);
+        if (dPsForCA == null) 
+        {
+          dPsForCA = new HashSet();
+          dPs.put(caIssuerDN, dPsForCA);
+        }
+
+        // add the CRL distribution points of this CA to the set
+        Element cRLDPElem;
+        while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null) 
+        {
+          CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, caIssuerDN);
+          dPsForCA.add(cRLDP);
+        }
+
+        // add the OCSP distribution points of this CA to the set
+        Element oCSPPElem;
+        while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null) 
+        {
+          OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(oCSPPElem, null);
+          dPsForCA.add(oCSPDP);
+        }
+} 
+      catch (RFC2253NameParserException e) 
+      {
+        warn("config.13", new Object[] { caIssuerDNText }, e);
+      }
+
+    }
+
+    return dPs;
+  }
+
+  /**
+   * Build a distribution point from the DOM representation.
+   * 
+   * @param dpElem The root element of the distribution point.
+   * 
+   * @param issuerName The name of the CA issuing the CRL referred to by this DP, or <code>null</code>
+   *                   if this DP refers to an OCSP responder. 
+   * 
+   * @return The distribution point.
+   */
+  private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName) 
+  {
+    String uri = getElementValue(dpElem, CONF + "Location", null);
+    
+    if ("CRLDP".equals(dpElem.getLocalName()))
+    {
+      NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode");
+      Element reasonCodeElem;
+      StringBuffer reasonCodesSB = new StringBuffer();
+      while ((reasonCodeElem = (Element)reasonCodesIter.nextNode()) != null)
+      {
+        if (reasonCodesSB.length() > 0) reasonCodesSB.append(" ");  
+        reasonCodesSB.append(getElementValue(reasonCodeElem, ".", "").trim());
+      }
+      return new CRLDistributionPoint(issuerName, uri, reasonCodesSB.toString());
+    }
+    else
+    {
+      return new OCSPDistributionPoint(uri);
+    }
+  }
+
+  /**
+   * Return the CRL archive duration.
+   * 
+   * @return The value of the CRL archive duration setting from the configuration, or <code>0</code> if
+   *         no value is set in the configuration.
+   */
+  public int getRevocationArchiveDuration() 
+  {
+    String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null);
+    try 
+    {
+      return Integer.parseInt(archiveDuration);
+    } 
+    catch (NumberFormatException e) 
+    {
+      warn("config.01", null);
+      return 365;
+    }
+  }
+
+  /**
+   * Build the <code>CreateTransformsInfoProfile</code>s. 
+   * 
+   * @return The mapping from profile ID to profile.
+   */
+  public Map buildCreateTransformsInfoProfiles() 
+  {
+    return loadProfiles(CREATE_TRANSFORMS_INFO_PROFILE_XPATH, "CreateTransformsInfoProfile");
+  }
+
+  /**
+   * Build the <code>CreateSignatureEnvironmentProfile</code>s.
+   *  
+   * @return The mapping from profile ID to profile.
+   */
+  public Map buildCreateSignatureEnvironmentProfiles() 
+  {
+    return loadProfiles(CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, "CreateSignatureEnvironmentProfile");
+  }
+
+  /**
+   * Build the <code>VerifyTransformsInfoProfile</code>s.
+   * 
+   * @return The mapping from profile ID to profile.
+   */
+  public Map buildVerifyTransformsInfoProfiles() 
+  {
+    return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile");
+  }
+
+  /**
+   * Build the <code>SupplementProfile</code>s.
+   * 
+   * @return The mapping from profile ID to profile.
+   */
+  public Map buildSupplementProfiles()
+  {
+    return loadProfiles(SUPPLEMENT_PROFILE_XPATH, "SupplementProfile");
+  }
+
+  /**
+   * Load a profile mapping.
+   * 
+   * @param xpath The XPath to select the profiles from the configuration.
+   * 
+   * @param profileRoot The name of the profile root element.
+   * 
+   * @return Map The profile ID to profile mapping.
+   */
+  private Map loadProfiles(String xpath, String profileRoot) 
+  {
+    Map profiles = new HashMap();
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileIter.nextNode()) != null) 
+    {
+      String id = getElementValue(profileElem, CONF + "Id", null);
+      String fileName = getElementValue(profileElem, CONF + "Location", null);
+
+      if (profiles.containsKey(id)) 
+      {
+        warn("config.04", new Object[] { profileRoot, id });
+      } 
+      else 
+      {
+        try 
+        {
+          File profileFile = new File(fileName);
+
+          // make profileFile absolute
+          if (!profileFile.isAbsolute()) profileFile = new File(configRoot_, fileName);
+
+          // load the profile
+          info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile()});
+          Element profile = loadProfile(profileFile);
+
+          if (Constants.MOA_NS_URI.equals(profile.getNamespaceURI()) && 
+        		  profile.getLocalName().equals(profileRoot)) 
+          {
+            profiles.put(id, profile);
+          } 
+          else
+          {
+            warn("config.02", new Object[] { profileRoot, id, fileName });
+          }
+        } catch (ConfigurationException e) {
+          warn("config.03", new Object[] { profileRoot, id });
+        }
+      }
+    }
+
+    return profiles;
+  }
+
+  /**
+   * Load a profile from a file.
+   * 
+   * @param root The absolute directory path of the main configuration file.
+   * @param profileFile The file containing the profile.
+   * @return The profile in its DOM representation.
+   * @throws ConfigurationException An error occurred loading the profile.
+   */
+  private Element loadProfile(File profileFile) throws ConfigurationException {
+
+    Element profile;
+
+    try {
+      profile = parseXml(new FileInputStream(profileFile));
+    } catch (Exception e) {
+      throw new ConfigurationException("config.12", null, e);
+    }
+
+    return profile;
+  }
+
+  /**
+   * Build the trust profile mapping.
+   * 
+   * @return The profile ID to profile mapping.
+   */
+  public Map buildTrustProfiles(String tslWorkingDir) 
+  {
+    Map trustProfiles = new HashMap();
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileIter.nextNode()) != null)
+    {
+      String id = getElementValue(profileElem, CONF + "Id", null);
+      String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+      String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);      
+      Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL");
+      boolean tslEnabled = false;
+      if (eutslElem != null) //EUTSL element found --> TSL enabled
+    	  tslEnabled = true;
+
+      String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", null);
+      
+      URI trustAnchorsLocURI = null;
+      try
+      {
+        trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+        if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+          trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
+        }
+      }
+      catch (URIException e) {
+        warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
+        continue;
+      }
+      catch (MalformedURLException e)
+      {
+        warn("config.15", new Object[] {id}, e);
+        continue;
+      }
+
+      File profileDir = new File(trustAnchorsLocURI.getPath());
+      if (!profileDir.exists() || !profileDir.isDirectory()) {
+        warn("config.27", new Object[] { "uri", id });
+        continue;
+      }
+      
+      
+      
+      if (trustProfiles.containsKey(id)) {
+        warn("config.04", new Object[] { "TrustProfile", id });
+        continue;
+      } 
+      
+      URI signerCertsLocURI = null;
+      if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
+      {
+        try
+        {
+          signerCertsLocURI = new URI(signerCertsLocStr);
+          if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
+          
+          File signerCertsDir = new File(signerCertsLocURI.getPath());
+          if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
+            warn("config.27", new Object[] { "signerCertsUri", id });
+            continue;
+          }
+        }
+        catch (URIException e) {
+          warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
+          continue;
+        }
+        catch (MalformedURLException e) {
+          warn("config.15", new Object[] {id}, e);
+          continue;
+        }
+      }
+      
+      signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+      
+      TrustProfile profile = null;
+      
+      if (tslEnabled) {
+    	  // create new trust anchor location (=tslworking trust profile)
+    	  File fTslWorkingDir = new File(tslWorkingDir);
+    	  File tp = new File(fTslWorkingDir, "trustprofiles");
+    	  if (!tp.exists())
+    		  tp.mkdir();
+    	  if (!tp.isDirectory()) {
+        	  error("config.50", new Object[] { tp.getPath() });
+          }
+    	  
+    	  File tpid = new File(tp, id);        	 
+    	  if (!tpid.exists())
+              tpid.mkdir();
+    	  if (!tpid.isDirectory()) {
+        	  error("config.50", new Object[] { tpid.getPath() });
+          }
+
+        	  
+    	  // create profile
+    	  profile = new TrustProfile(id, tpid.getAbsolutePath(), signerCertsLocStr, tslEnabled, countries);
+    	  
+    	  // set original uri (save original trust anchor location)    	    
+    	  profile.setUriOrig(trustAnchorsLocURI.getPath());
+    	  
+    	  // delete files in tslworking trust profile
+    	  File[] files = tpid.listFiles();
+			for (File file : files) 
+	              file.delete();
+    	  
+    	  // copy files from trustAnchorsLocURI into tslworking trust profile kopieren
+    	  File src = new File(trustAnchorsLocURI.getPath());
+    	  files = src.listFiles();                    
+          for (File file : files) { 
+              FileUtils.copyFile(file, new File(tpid, file.getName()));  
+          } 
+          
+          
+      } else {
+      
+    	  profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries);
+      
+      }
+      
+      trustProfiles.put(id, profile);
+      
+    }
+
+    return trustProfiles;
+  }
+  
+  /**
+   * Build the trust profile mapping.
+   * 
+   * @return The profile ID to profile mapping.
+   */
+  public Map buildTrustProfiles() 
+  {
+    Map trustProfiles = new HashMap();
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileIter.nextNode()) != null)
+    {
+      String id = getElementValue(profileElem, CONF + "Id", null);
+      String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+      String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);      
+     
+      URI trustAnchorsLocURI = null;
+      try
+      {
+        trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+        if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+          trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
+        }
+      }
+      catch (URIException e) {
+        warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
+        continue;
+      }
+      catch (MalformedURLException e)
+      {
+        warn("config.15", new Object[] {id}, e);
+        continue;
+      }
+
+      File profileDir = new File(trustAnchorsLocURI.getPath());
+      if (!profileDir.exists() || !profileDir.isDirectory()) {
+        warn("config.27", new Object[] { "uri", id });
+        continue;
+      }
+      
+      
+      
+      if (trustProfiles.containsKey(id)) {
+        warn("config.04", new Object[] { "TrustProfile", id });
+        continue;
+      } 
+      
+      URI signerCertsLocURI = null;
+      if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
+      {
+        try
+        {
+          signerCertsLocURI = new URI(signerCertsLocStr);
+          if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
+          
+          File signerCertsDir = new File(signerCertsLocURI.getPath());
+          if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
+            warn("config.27", new Object[] { "signerCertsUri", id });
+            continue;
+          }
+        }
+        catch (URIException e) {
+          warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
+          continue;
+        }
+        catch (MalformedURLException e) {
+          warn("config.15", new Object[] {id}, e);
+          continue;
+        }
+      }
+      
+      signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+      
+      TrustProfile profile = null;
+      
+      profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null);
+      
+      trustProfiles.put(id, profile);
+      
+    }
+
+    return trustProfiles;
+  }
+  
+  /**
+   * checks if a trustprofile with TSL support is enabled
+   * 
+   * @return true if TSL support is enabled in at least one trustprofile, else false
+   */
+  public boolean checkTrustProfilesTSLenabled() 
+  {
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+    Element profileElem;
+
+    boolean tslSupportEnabled = false;
+    while ((profileElem = (Element) profileIter.nextNode()) != null)    {
+      Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL");
+      if (eutslElem != null) //EUTSL element found --> TSL enabled
+    	  tslSupportEnabled = true;
+    }
+
+    return tslSupportEnabled;
+  }
+  
+  /**
+   * Returns the location of the certificate store.
+   * 
+   * @return the location of the certificate store.
+   */
+  public String getCertStoreLocation()
+  {
+    String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null);
+    File certStoreLocFile;
+    
+    //  No value specified in configuration file: Set it to a reasonable (absolute) default
+    if (certStoreLocStr == null)
+      return new File(configRoot_, "certstore").getAbsolutePath();    
+    
+    // Make cert store location an absolute value
+    certStoreLocFile = new File(certStoreLocStr);
+    if (!certStoreLocFile.isAbsolute())
+    {
+      certStoreLocFile = new File(configRoot_, certStoreLocStr);
+    }
+    
+    // Check if cert store location exists, eventually try to create it
+    if (!certStoreLocFile.isDirectory())
+    {
+      boolean created = false;
+      try 
+      {
+        created = certStoreLocFile.mkdirs();
+      }
+      finally
+      {
+        if (!created)
+        {
+          warn("config.32", new Object[] { certStoreLocFile.getAbsolutePath() });
+        }
+      }
+    }
+    
+    return certStoreLocFile.getAbsolutePath();
+  }
+
+  //
+  // various utility methods
+  //
+
+  /**
+   * Parse a configuration XML file.
+   * 
+   * @param inputStream The stream from which to read the XML data.
+   * @return The DOM representation of the XML data.
+   * @throws ParserConfigurationException XML parser not configured properly.
+   * @throws SAXException An error parsing the XML file.
+   * @throws IOException An error reading the stream.
+   */
+  private static Element parseXml(InputStream inputStream)
+    throws ParserConfigurationException, SAXException, IOException {
+    return DOMUtils
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .getDocumentElement();
+  }
+
+  /**
+   * Return the value of an element located by an XPath.
+   * 
+   * @param root The root element from which to evaluate the <code>xpath</code>.
+   * @param xpath The XPath pointing to the element.
+   * @param def The default value, if no element can be found with the given
+   * <code>xpath</code>.
+   * @return The element value or <code>def</code>, if the element cannot be
+   * found.
+   */
+  private String getElementValue(Element root, String xpath, String def) {
+
+    Element elem = (Element) XPathUtils.selectSingleNode(root, xpath);
+    return elem != null ? DOMUtils.getText(elem) : def;
+  }
+
+  /**
+   * Return the value of an attribute located by an XPath.
+   * 
+   * @param root The root element from which to evaluate the <code>xpath</code>.
+   * @param xpath The XPath pointing to the attribute.
+   * @param def The default value, if no attribute can be found with the given
+   * <code>xpath</code>.
+   * @return The element value or <code>def</code>, if the attribute cannot be
+   * found.
+   */
+  private String getAttributeValue(Element root, String xpath, String def) {
+    Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath);
+    return attr != null ? attr.getValue() : def;
+  }
+
+  /**
+   * Log an info message.
+   * 
+   * @param messageId The message ID.
+   * @param parameters Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private static void info(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+    Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void warn(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt));
+    warnings.add(txt);
+  }
+  
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void debug(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.debug(new LogMsg(txt));
+  
+  }
+  
+
+  /**
+   * Log a debug message.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void debug(String message) {
+    Logger.debug(new LogMsg(message));
+
+  }
+  
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @param t An exception being the cause of the warning.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void warn(String messageId, Object[] args, Throwable t) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt), t);    
+    warnings.add(txt);
+  }
+
+  /**
+   * Log an error.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void error(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.error(new LogMsg(txt));
+    warnings.add(txt);
+  }
+  
+  /**
+   * Log an error.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @param t An exception being the cause of the warning.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void error(String messageId, Object[] args, Throwable t) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.error(new LogMsg(txt), t);    
+    warnings.add(txt);
+  }
+  
+  /**
+   * Returns whether revocation information should be archived.
+   * 
+   * @return whether revocation information should be archived.
+   */
+  public boolean getEnableRevocationArchiving()
+  {
+    String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null);
+    return Boolean.valueOf(enableArchiving).booleanValue();
+  }
+
+  /**
+   * Returns the JDBC URL for the revocation archive database.
+   * 
+   * @return the JDBC URL for the revocation archive database, or <code>null</code, if the corresponding
+   *         parameter is not set in the configuration.
+   */
+  public String getRevocationArchiveJDBCURL()
+  {
+    String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null);
+    return jDBCURL;
+  }
+
+  /**
+   * Returns the JDBC driver class name for the revocation archive database.
+   *  
+   * @return the JDBC driver class name for the revocation archive database, or <code>null</code, 
+   *         if the corresponding parameter is not set in the configuration.
+   */
+  public String getRevocationArchiveJDBCDriverClass()
+  {
+    String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null);
+    return jDBCDriverClass;
+  }
+
+  /**
+   * Returns whether revocation information should be archived.
+   */
+  public boolean getEnableRevocationChecking()
+  {
+    String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null);
+    return Boolean.valueOf(enableChecking).booleanValue();
+  }
+
+  /**
+   * Returns the maximum age of a revocation information for considering it 
+   * still as valid.
+   * 
+   * @return the maximum age of a revocation information for considering it 
+   *         still as valid.
+   */
+  public long getMaxRevocationAge()
+  {
+    String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null);
+    if (maxRevocationAge == null) return 0;
+    return Long.valueOf(maxRevocationAge).longValue();
+  }
+
+  /**
+   * Returns the service order for revocation checking.
+   * 
+   * @return the service order for revocation checking. Valid array entries are
+   *         {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}.
+   *         An empty array will be returned if no service order is specified in the
+   *         configuration.
+   */
+  public String[] getServiceOrder()
+  {
+    ArrayList list = new ArrayList();
+    NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), REVOCATION_SERVICEORDER_XPATH_);
+    Element currentServiceNode;
+    while ((currentServiceNode = (Element)serviceIter.nextNode()) != null)
+    {
+      list.add(getElementValue(currentServiceNode, ".", null));
+    }
+    Object[] serviceOrder = list.toArray();
+    String[] returnValue = new String[serviceOrder.length];
+    for (int i = 0; i < serviceOrder.length; i++)
+    {
+      if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.CRL)) {
+        returnValue[i] = RevocationSourceTypes.CRL;
+      } else if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.OCSP)) {
+        returnValue[i] = RevocationSourceTypes.OCSP;
+      }
+      
+    }
+    return returnValue;
+  }
+
+  /**
+   * Returns whether the certificate extension Authority Info Access should 
+   * be used during certificate path construction.
+   * 
+   * @return whether the certificate extension Authority Info Access should 
+   *         be used during certificate path construction.
+   */
+  public boolean getUseAuthorityInfoAccess()
+  {
+    String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null);
+    return Boolean.valueOf(useAIA).booleanValue();
+  }
+
+  /**
+   * Returns whether certificates found during certificate path construction 
+   * should be added to the certificate store.
+   * 
+   * @return whether certificates found during certificate path construction 
+   *         should be added to the certificate store.
+   */
+  public boolean getAutoAddCertificates()
+  {
+    String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null);
+    return Boolean.valueOf(autoAdd).booleanValue();
+  }
+  
+  /**
+   * Returns whether file URIs are permitted  
+   * @return whether file URIs are permitted
+   */
+  public boolean getPermitFileURIs()
+  {
+    String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false");
+    return Boolean.valueOf(permitFileURIs).booleanValue();
+  }
+  
+  /**
+   * Returns the TSL configuration from the config file
+   * @return
+   */
+  public TSLConfiguration getTSLConfiguration() {
+	  TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl();
+	  
+	  	  
+	  String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
+	  if (StringUtils.isEmpty(euTSLUrl)) {
+		  euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL;
+		  debug("config.39", new Object[] { "EUTSL", euTSLUrl });
+	  }
+	  
+	  String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null);
+	  
+	  if (StringUtils.isEmpty(updateSchedulePeriod)) {
+		  updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD;
+		  debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod });
+	  }
+	  
+	  String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "StartTime", null);
+	  if (StringUtils.isEmpty(updateScheduleStartTime)) {
+		  updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME;
+		  debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime });
+		
+	  }
+	  
+	  String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "WorkingDirectory", null);
+	  if (StringUtils.isEmpty(workingDirectoryStr)) {
+		  workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR;
+		  debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
+	  }
+	  
+	  // convert update schedule starting time to Date object
+	  Calendar Cal = DatatypeConverter.parseDateTime(updateScheduleStartTime);
+	  Date updateScheduleStartTimeDate = Cal.getTime();
+		
+	  // convert working directory	  
+	  URI workingDirectoryURI = null;
+      try
+      {
+    	  workingDirectoryURI = new URI(workingDirectoryStr);
+        if (!workingDirectoryURI.isAbsolute()) { // make it absolute to the config file
+        	workingDirectoryURI = new URI(configRoot_.toURL() + workingDirectoryStr);
+        }
+      }
+      catch (URIException e) {
+        warn("config.37", new Object[] { workingDirectoryStr }, e);
+        workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR;
+        warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
+      }
+      catch (MalformedURLException e)
+      {
+    	warn("config.37", new Object[] { workingDirectoryStr }, e);
+    	workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR;
+		warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr });
+      }
+
+      File tslWorkingDir = new File(workingDirectoryURI.getPath());
+      if (!tslWorkingDir.exists()) {
+    	  tslWorkingDir.mkdir();
+      }
+      if (!tslWorkingDir.isDirectory()) {
+    	  error("config.38", new Object[] { workingDirectoryStr });
+          return null;  
+      }
+      
+      
+      debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl);
+      debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod);
+      debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime);
+      debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath());
+      
+      
+	  // set TSL configuration
+	  tslconfiguration.setEuTSLUrl(euTSLUrl);
+	  tslconfiguration.setUpdateSchedulePeriod(Long.valueOf(updateSchedulePeriod).longValue());
+	  tslconfiguration.setUpdateScheduleStartTime(updateScheduleStartTimeDate);
+	  tslconfiguration.setWorkingDirectory(tslWorkingDir.getAbsolutePath());
+	  tslconfiguration.setWorkingDirectoryURI(workingDirectoryURI);
+	  
+	  return tslconfiguration;
+  }
+  
+  /**
+   * Returns a map of CRL retention intervals
+   * @return
+   */
+  public Map getCrlRetentionIntervals() {
+     Map map = new HashMap();
+     NodeIterator modIter = XPathUtils.selectNodeIterator(
+           getConfigElem(),
+           CRL_RETENTION_INTERVALS_CA_XPATH);
+
+     Element modElem;
+     while ((modElem = (Element) modIter.nextNode()) != null) {
+        String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null);
+        String i = getElementValue(modElem, CONF + "Interval", null);
+        Integer interval = new Integer(i);
+        try {
+           RFC2253NameParser parser = new RFC2253NameParser(x509IssuerName);
+           Name name = parser.parse();
+           map.put(name.getRFC2253String(), interval);
+        } catch (RFC2253NameParserException e) {
+           map.put(x509IssuerName, interval);
+        }
+
+     }
+
+     return map;
+  }
+  
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
new file mode 100644
index 0000000..6c1a192
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -0,0 +1,975 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.asn1.structures.Name;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.URL;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * A class providing access to the MOA configuration data.
+ * 
+ * <p>Configuration data is read from an XML file, whose location is given by
+ * the <code>moa.spss.server.configuration</code> system property.</p>
+ * <p>This class implements the Singleton pattern. The <code>reload()</code>
+ * method can be used to update the configuration data. Therefore, it is not
+ * guaranteed that consecutive calls to <code>getInstance()</code> will return
+ * the same <code>ConfigurationProvider</code> all the time. During the
+ * processing of a web service request, the current
+ * <code>TransactionContext</code> should be used to obtain the
+ * <code>ConfigurationProvider</code> local to that request.</p>
+ * 
+ * @author Patrick Peck
+ * @author Sven Aigner
+ * @version $Id$
+ */
+public class ConfigurationProvider 
+{
+  /** 
+   * The name of the system property which contains the file name of the 
+   * configuration file.
+   */
+  public static final String CONFIG_PROPERTY_NAME =
+    "moa.spss.server.configuration";
+
+  /** 
+   * A fake <code>IssuerAndSerial</code> object for storing KeyGroup information
+   * accessible by all clients.
+   */
+  private static final IssuerAndSerial ANONYMOUS_ISSUER_SERIAL =
+    new IssuerAndSerial(new Name(), new BigInteger("0"));
+
+  /** Singleton instance. <code>null</code>, if none has been created. */
+  private static ConfigurationProvider instance;
+
+  //
+  // configuration data
+  //
+
+  /** The warnings generated when building the configuration. */
+  private List warnings = new ArrayList();
+
+  /** The default digest method algorithm name */
+  private String digestMethodAlgorithmName;
+
+  /** The default canonicalization algorithm name */
+  private String canonicalizationAlgorithmName;
+  
+  /** The XAdES version used for signature creation */
+  private String xadesVersion;
+  
+  /** PDF AS Configuration */
+  private String pdfAsConfiguration;
+  
+  /** 
+   * A <code>List</code> of <code>HardwareCryptoModule</code> objects for 
+   * configuring hardware modules.
+   */
+  private List hardwareCryptoModules;
+
+  /** 
+   * A <code>List</code> of <code>HardwareKey</code> objects containing the
+   * configuration data for hardware keys.
+   */
+  private List hardwareKeyModules;
+
+  /**
+   * A <code>List</code> of <code>SoftwareKey</code> objects containing the
+   * configuration data for software keys.
+   */
+  private List softwareKeyModules;
+
+  /**
+   * A <code>Map</code> which contains a KeyGroupId (a <code>String</code>) to
+   * KeyGroup mapping.
+   */
+  private Map keyGroups;
+
+  /**
+   * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
+   * <code>KeyGroup</code> mapping.
+   */
+  private Map keyGroupMappings;
+
+  /** The default chaining mode. */
+  private String defaultChainingMode;
+
+  /** 
+   * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
+   * chaining mode (a <code>String</code>) mapping.
+   */
+  private Map chainingModes;
+
+  /**
+   * A <code>Map</code> which contains the CAIssuerDN (a <code>String</code>)
+   * to distribution points (a <code>Set</code> of
+   * <code>DistributionPoint</code>s) mapping.
+   */
+
+  private Map distributionPoints;
+  /** 
+   * The CRL archive duration. 
+   */
+  private int cRLArchiveDuration;
+  
+  /**
+   * Indicates whether revocation information should be archived.
+   */
+  private boolean enableRevocationArchiving_;
+  
+  /**
+   * The location of the certificate store.
+   */
+  private String certStoreLocation_;
+
+  /**
+   * A <code>Map</code> which contains a mapping from
+   * CreateSignatureEnvironmentProfile Ids (<code>String</code>) to
+   * CreateSignatureEnvironmentProfile elements (an <code>Element</code>).
+   */
+  private Map createSignatureEnvironmentProfiles;
+
+  /**
+   * A <code>Map</code> which contains a mapping from
+   * CreateTransformsInfoProfile Ids (<code>String</code>) to
+   * CreateTransformsInfoProfile elements (an <code>Element</code>).
+   */
+  private Map createTransformsInfoProfiles;
+
+  /**
+   * A <code>Map</code> which contains a mapping from
+   * VerifyTransformsInfoProfile Ids (<code>String</code>) to
+   * VerifyTransformsInfoProfile elements (an <code>Element</code>).
+   */
+  private Map verifyTransformsInfoProfiles;
+
+  /**
+   * A <code>Map</code> which contains a mapping from
+   * SupplementProfile Ids (<code>String</code>) to SupplementProfile elements
+   * (an <code>Element</code>).
+   */
+  private Map supplementProfiles;
+
+  /**
+   * A <code>Map</code> which contains a TrustProfile Id (a <code>String</code>
+   * to trust profile (a <code>TrustProfile</code>) mapping.
+   */
+  private Map trustProfiles;
+
+  /**
+   * The JDBC URL for the revocation archive database.
+   */
+  private String revocationArchiveJDBCURL_;
+
+  /**
+   * The JDBC driver class name for the revocation archive database.
+   */
+  private String revocationArchiveJDBCDriverClass_;
+
+  /**
+   * Indicates whether revocation checking should be done.
+   */
+  private boolean enableRevocationChecking_;
+
+  /**
+   * The maximum age of a revocation information for considering it still as valid.
+   */
+  private long maxRevocationAge_;
+
+  /**
+   * The service order for revocation checking.
+   */
+  private String[] serviceOrder_;
+
+  /**
+   * Indicates whether certificates found during certificate path construction 
+   * should be added to the certificate store.
+   */
+  private boolean autoAddCertificates_;
+
+  /**
+   * Indicates whether the certificate extension Authority Info Access should 
+   * be used during certificate path construction.
+   */
+  private boolean useAuthorityInfoAccess_;
+  /**
+   * Indicates whether file URIs are allowed or not 
+   */
+  private boolean permitFileURIs;
+  
+  /**
+   * Indicates the CRL retention intervals
+   */
+  private Map crlRetentionIntervals;
+  
+  /**
+   * Indicates wether external URIs are allowed or not
+   */
+  private boolean allowExternalUris_;
+  
+  /**
+   * A <code>List</code> of black listed URIs (host and port)
+   */
+  private List blackListedUris_;
+  
+  /**
+   * A <code>List</code> of white listed URIs (host and port)
+   */
+  private List whiteListedUris_;
+  
+  /**
+   * A <code>TSLConfiguration</code> that represents the global TSL configuration
+   */
+  private TSLConfiguration tslconfiguration_;
+  
+  
+  /**
+   * Return the single instance of configuration data.
+   * 
+   * @return MOAConfigurationProvider The current configuration data.
+   * @throws ConfigurationException Failure to load the configuration data.
+   */
+  public static synchronized ConfigurationProvider getInstance()
+    throws ConfigurationException {
+
+    if (instance == null) {
+      reload();
+    }
+    return instance;
+  }
+
+  /**
+   * Reload the configuration data and set it if successful.
+   * 
+   * @return MOAConfigurationProvider The loaded configuration data.
+   * @throws ConfigurationException Failure to load the configuration data.
+   */
+  public static synchronized ConfigurationProvider reload()
+    throws ConfigurationException {
+    String fileName = System.getProperty(CONFIG_PROPERTY_NAME);
+
+    if (fileName == null) {
+      // find out where we are running and use the configuration provided
+      // under WEB-INF/conf/moa-spss/MOA-SPSSConfiguration
+      URL url = ConfigurationProvider.class.getResource("/");
+      fileName =
+        new File(url.getPath()).getParent()
+          + "/conf/moa-spss/MOA-SPSSConfiguration.xml";
+      info("config.05", new Object[] { CONFIG_PROPERTY_NAME });
+    }
+
+    instance = new ConfigurationProvider(fileName);
+    return instance;
+  }
+
+  /**
+   * Constructor for ConfigurationProvider.
+   * 
+   * @param fileName The name of the configuration file.
+   * @throws ConfigurationException An error occurred loading the configuration.
+   */
+  public ConfigurationProvider(String fileName) throws ConfigurationException {
+    load(fileName);
+  }
+
+  /**
+   * Load the configuration data from XML file with the given name and build
+   * the internal data structures representing the MOA configuration.
+   * 
+   * @param fileName The name of the XML file to load.
+   * @throws ConfigurationException The MOA configuration could not be
+   * read/built.
+   */
+  private void load(String fileName) throws ConfigurationException {
+    FileInputStream stream = null;
+    File configFile;
+    File configRoot;
+    Element configElem;
+    ConfigurationPartsBuilder builder;
+    List allKeyModules;
+    
+
+    // load the main config file
+    try {
+      configFile = new File(fileName);
+      configRoot = new File(configFile.getParent());
+      info("config.21", new Object[] { configFile.getAbsoluteFile()});
+      stream = new FileInputStream(fileName);
+      configElem = DOMUtils.parseXmlValidating(new FileInputStream(fileName));
+    } catch (Throwable t) {
+      throw new ConfigurationException("config.10", null, t);
+    }
+
+    // build the internal datastructures
+    try {
+      builder = new ConfigurationPartsBuilder(configElem, configRoot);
+      
+      if (builder.checkTrustProfilesTSLenabled()) {
+    	  debug("TSL support enabled for at least one trustprofile.");
+    	  tslconfiguration_ = builder.getTSLConfiguration();
+    	  trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+      }
+      else {
+    	  tslconfiguration_ = null;
+    	  trustProfiles = builder.buildTrustProfiles();
+      }
+      
+      digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
+      canonicalizationAlgorithmName =
+        builder.getCanonicalizationAlgorithmName();
+      hardwareCryptoModules = builder.buildHardwareCryptoModules();
+      hardwareKeyModules =
+        builder.buildHardwareKeyModules(Collections.EMPTY_LIST);
+      softwareKeyModules =
+        builder.buildSoftwareKeyModules(hardwareKeyModules);
+      allKeyModules = new ArrayList(hardwareKeyModules);
+      allKeyModules.addAll(softwareKeyModules);
+      keyGroups = builder.buildKeyGroups(allKeyModules);
+      keyGroupMappings =
+        builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
+      
+      pdfAsConfiguration = builder.getPDFASConfiguration();
+      xadesVersion = builder.getXAdESVersion();
+      defaultChainingMode = builder.getDefaultChainingMode();
+      chainingModes = builder.buildChainingModes();
+      useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
+      autoAddCertificates_ = builder.getAutoAddCertificates();
+      //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+      
+      
+      distributionPoints = builder.buildDistributionPoints();
+      enableRevocationChecking_ = builder.getEnableRevocationChecking();
+      maxRevocationAge_ = builder.getMaxRevocationAge();
+      serviceOrder_ = builder.getServiceOrder();
+      enableRevocationArchiving_ = builder.getEnableRevocationArchiving();
+      cRLArchiveDuration = builder.getRevocationArchiveDuration();
+      revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL();
+      revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
+      
+      
+      
+      //check TSL configuration
+      checkTSLConfiguration();
+      
+      
+      
+      certStoreLocation_ = builder.getCertStoreLocation();
+      createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles();
+      createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles();
+      verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles();
+      supplementProfiles = builder.buildSupplementProfiles();
+      warnings = new ArrayList(builder.getWarnings());
+      permitFileURIs = builder.getPermitFileURIs();
+      crlRetentionIntervals = builder.getCrlRetentionIntervals();
+
+      allowExternalUris_= builder.allowExternalUris();
+      
+      if (allowExternalUris_) { 
+    	  blackListedUris_ = builder.buildPermitExternalUris();
+    	  whiteListedUris_ = null;
+      }
+      else {
+    	  info("config.35", null);
+    	  blackListedUris_ = null;
+    	  whiteListedUris_ = builder.buildForbidExternalUris();
+      }
+    	
+      
+      
+//      Set set = crlRetentionIntervals.entrySet();
+//      Iterator i = set.iterator();
+//      while(i.hasNext()){
+//        Map.Entry me = (Map.Entry)i.next();
+//        System.out.println("Key: " + me.getKey() + " - Value: " + me.getValue() );
+//      }
+      
+            
+    } catch (Throwable t) {
+      throw new ConfigurationException("config.11", null, t);
+    } finally {
+      try {
+        if (stream != null) {
+          stream.close();
+        }
+      } catch (IOException e) {
+        // don't complain about this
+      }
+    }
+  }
+  
+  private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException {
+	  boolean bTSLEnabledTPExist = false;
+	  Iterator it = trustProfiles.entrySet().iterator();
+	  while (it.hasNext()) {
+	      Map.Entry pairs = (Map.Entry)it.next();
+	      TrustProfile tp = (TrustProfile) pairs.getValue();
+	      if (tp.isTSLEnabled())
+	    	  bTSLEnabledTPExist = bTSLEnabledTPExist || true;
+	  }
+	  
+	  return bTSLEnabledTPExist;
+	  
+  }
+  
+  private void  checkTSLConfiguration() throws ConfigurationException {
+	  boolean bTSLEnabledTPExist = false;
+	  Iterator it = trustProfiles.entrySet().iterator();
+	  while (it.hasNext()) {
+	      Map.Entry pairs = (Map.Entry)it.next();
+	      TrustProfile tp = (TrustProfile) pairs.getValue();
+	      if (tp.isTSLEnabled())
+	    	  bTSLEnabledTPExist = bTSLEnabledTPExist || true;
+	  }
+	  
+	  if (!bTSLEnabledTPExist) {
+		  // if no trustprofile has TSL support enabled, delete TSL configuration
+		  tslconfiguration_ = null;
+		  return;
+	  }
+	  
+	  if (bTSLEnabledTPExist && (tslconfiguration_ == null)) {
+		  error("config.40", null);
+		  throw new ConfigurationException("config.40", null);
+	  }
+	  
+	  File workingDir = new File(tslconfiguration_.getWorkingDirectory());
+	  File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu");
+	  if (!eu_trust.exists()) {
+		  error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+		  throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+	  }
+	  else {
+		  File[] eutrustFiles = eu_trust.listFiles();
+		  if (eutrustFiles == null) {
+			  error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+			  throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+		  }
+		  else {
+			  if (eutrustFiles.length == 0) {
+				  error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+				  throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+			  }
+		  }
+			  
+	  }
+	  
+	  File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache");
+      if (!hashcache.exists()) {
+    	  hashcache.mkdir();
+      }
+      if (!hashcache.isDirectory()) {
+    	  error("config.38", new Object[] { hashcache.getAbsolutePath() });
+          return;  
+      }
+
+      System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
+//    String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+//    System.out.println("Hashcache: " + hashcachedir);
+
+
+      Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+	  
+      
+  }
+  
+
+  /**
+   * Returns the warnings encountered during building the configuration.
+   * 
+   * @return A <code>List</code> of <code>String</code>s, containing the
+   * warning messages.
+   */
+  public List getWarnings() {
+    return warnings;
+  }
+
+  /**
+   * Return the name of the digest algorithm used during signature creation.
+   * 
+   * @return The digest method algorithm name, or an empty <code>String</code>,
+   * if none has been configured.
+   */
+  public String getDigestMethodAlgorithmName() {
+    return digestMethodAlgorithmName;
+  }
+  
+  /**
+   * Return the XAdES version used for signature creation.
+   * 
+   * @return The XAdES version used for signature creation, or an empty <code>String</code>,
+   * if none has been configured.
+   */
+  public String getXAdESVersion() {
+    return xadesVersion;
+  }
+  
+  public String getPDFASConfiguration() {
+	    return pdfAsConfiguration;
+	  }
+ 
+  public boolean getAllowExternalUris() {
+	  return this.allowExternalUris_;
+  }
+  
+  public List getBlackListedUris() {
+	  return this.blackListedUris_;
+  }
+  public List getWhiteListedUris() {
+	  return this.whiteListedUris_;
+  }
+  
+  /**
+   * Return the name of the canonicalization algorithm used during signature
+   * creation.
+   * 
+   * @return The canonicalization algorithm name, or an empty
+   * <code>String</code> if none has been configured.
+   */
+  public String getCanonicalizationAlgorithmName() {
+    return canonicalizationAlgorithmName;
+  }
+
+  /**
+   * Return the configured hardware crypto modules.
+   * 
+   * @return A <code>List</code> of <code>HardwareCryptoModule</code> objects
+   * containing the hardware crypto module configurations.
+   */
+  public List getHardwareCryptoModules() {
+    return hardwareCryptoModules;
+  }
+
+  /**
+   * Return the hardware key modules configuration.
+   * 
+   * @return A <code>List</code> of <code>HardwareKeyModule</code> objects
+   * containing the configuration of the hardware key modules.
+   */
+  public List getHardwareKeyModules() {
+    return hardwareKeyModules;
+  }
+
+  /**
+   * Return the software key module configuration.
+   * 
+   * @return A <code>List</code> of <code>SoftwareKeyModule</code> objects
+   * containing the configuration of the software key modules.
+   */
+  public List getSoftwareKeyModules() {
+    return softwareKeyModules;
+  }
+
+  /**
+   * Return the key group mapping.
+   * 
+   * @return A mapping from key group ID (a <code>String</code>) to 
+   * <code>KeyGroup</code> mapping.
+   */
+  public Map getKeyGroups() {
+    return keyGroups;
+  }
+  
+  public KeyGroup getKeyGroup(String keyGroupId) {	  
+	  KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
+	  return keyGroup;
+  }
+
+  /**
+   * Return the set of <code>KeyGroupEntry</code>s of a given key group, which a
+   * client (identified by an issuer/serial pair) may access.
+   * 
+   * @param issuer The issuer of the client certificate.
+   * @param serial The serial number of the client certificate.
+   * @param keyGroupId The ID of the key group.
+   * @return A <code>Set</code> of all the <code>KeyGroupEntry</code>s in the
+   * given key group, if the user may access them. Returns <code>null</code>, if
+   * the user may not access the given key group or if the key group does not
+   * exist.
+   */
+  public Set getKeyGroupEntries(
+    Principal issuer,
+    BigInteger serial,
+    String keyGroupId) {
+
+    IssuerAndSerial issuerAndSerial;
+    Map mapping;
+
+    if (issuer == null && serial == null) {
+      issuerAndSerial = ANONYMOUS_ISSUER_SERIAL;
+    } else {
+      issuerAndSerial = new IssuerAndSerial(issuer, serial);
+    }
+
+//    System.out.println("Issuer: " + issuer);
+//    System.out.println("serial: " + serial);
+//    
+//    Iterator entries = keyGroupMappings.entrySet().iterator();
+//    while (entries.hasNext()) {
+//      Entry thisEntry = (Entry) entries.next();
+//      System.out.println("Entry: " + thisEntry.getKey());
+//      System.out.println("Value: " + thisEntry.getValue());
+//    }      
+    
+    mapping = (Map) keyGroupMappings.get(issuerAndSerial);
+    if (mapping != null) {
+      KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId);
+
+      if (keyGroup != null) {
+        return keyGroup.getKeyGroupEntries();
+      }
+    }
+    
+    // If no key group is available for a client identified by a certificate,
+    // try to find a key group in the anonymous key group mapping
+    if (issuer != null || serial != null)
+    {
+      mapping = (Map) keyGroupMappings.get(ANONYMOUS_ISSUER_SERIAL);
+      if (mapping != null)
+      {
+        KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId);
+        if (keyGroup != null) return keyGroup.getKeyGroupEntries();
+      }
+    }
+    
+    return null;
+  }
+
+  /**
+   * Return the chaining mode for a given trust anchor.
+   * 
+   * @param trustAnchor The trust anchor for which the chaining mode should be
+   * returned.
+   * @return The chaining mode for the given trust anchor. If the trust anchor
+   * has not been configured separately, the system default will be returned.
+   */
+  public String getChainingMode(X509Certificate trustAnchor) {
+    Principal issuer = trustAnchor.getIssuerDN();
+    BigInteger serial = trustAnchor.getSerialNumber();
+    IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
+
+    String mode = (String) chainingModes.get(issuerAndSerial);
+    return mode != null ? mode : defaultChainingMode;
+  }
+
+  /**
+   * Return the distribution points for a given CA.
+   * 
+   * @param cert The certificate for which the distribution points should be
+   *             looked up. The issuer information is used to perform the lookup.
+   * 
+   * @return A <code>Set</code> of <code>DistributionPoint</code> objects. The
+   *         set will be empty, if no distribution points have been configured 
+   *         for this certificate.
+   */
+  public Set getDistributionPoints(X509Certificate cert) 
+  {
+    try {
+      RFC2253NameParser nameParser =
+        new RFC2253NameParser(cert.getIssuerDN().toString());
+      String caIssuerDN = nameParser.parse().getName();
+      Set dps = (Set) distributionPoints.get(caIssuerDN);
+
+      if (dps == null) {
+        return Collections.EMPTY_SET;
+      }
+      return dps;
+    } catch (RFC2253NameParserException e) {
+      return Collections.EMPTY_SET;
+    }
+  }
+
+  /**
+   * Return the CRL archive duration.
+   * 
+   * @return The duration of how long to keep CRL archive entries (measured in
+   * days).
+   */
+  public int getCRLArchiveDuration() {
+    return cRLArchiveDuration;
+  }
+  
+  /**
+   * Returns whether revocation information should be archived.
+   * 
+   * @return whether revocation information should be archived.
+   */
+  public boolean getEnableRevocationArchiving()
+  {
+    return enableRevocationArchiving_;
+  }
+  
+  /**
+   * Returns the location of the certificate store.
+   * 
+   * @return the location of the certificate store.
+   */
+  public String getCertStoreLocation()
+  {
+    return certStoreLocation_;
+  }
+
+  /**
+   * Return a <code>CreateTransformsInfoProfile</code> with the given ID.
+   * 
+   * @param id The <code>CreateTransformsInfoProfile</code> ID.
+   * @return The <code>CreateTransformsInfoProfile</code> with the given
+   * ID or <code>null</code>, if none exists.
+   */
+  public Element getCreateTransformsInfoProfile(String id) {
+    return (Element) createTransformsInfoProfiles.get(id);
+  }
+
+  /**
+   * Return a <code>CreateSignatureEnvironmentProfile</code> with the given ID.
+   * 
+   * @param id The <code>CreateSignatureEnvironmentProfile</code> ID.
+   * @return The <code>CreateSignatureEnvironmentProfile</code> with the given
+   * ID or <code>null</code>, if none exists.
+   */
+  public Element getCreateSignatureEnvironmentProfile(String id) {
+    return (Element) createSignatureEnvironmentProfiles.get(id);
+  }
+
+  /**
+   * Return a <code>VerifyTransformsInfoProfile</code> with the given ID.
+   * 
+   * @param id The <code>VerifyTransformsInfoProfile</code> ID.
+   * @return The <code>VerifyTransformsInfoProfile</code> with the given ID or
+   * <code>null</code>, if none exists.
+   */
+  public Element getVerifyTransformsInfoProfile(String id) {
+    return (Element) verifyTransformsInfoProfiles.get(id);
+  }
+
+  /**
+   * Return a <code>SupplementProfile</code> with the given ID.
+   * 
+   * @param id The <code>SupplementProfile</code> ID.
+   * @return The <code>SupplementProfile</code> with the given ID or
+   * <code>null</code>, if none exists.
+   */
+  public Element getSupplementProfile(String id) {
+    return (Element) supplementProfiles.get(id);
+  }
+
+  /**
+   * Return a <code>TrustProfile</code> with the given ID.
+   * 
+   * @param id The <code>TrustProfile</code> ID.
+   * @return The <code>TrustProfile</code> with the given ID or
+   * <code>null</code>, if none exists.
+   */
+  public TrustProfile getTrustProfile(String id) {
+    return (TrustProfile) trustProfiles.get(id);
+  }
+  
+  /**
+   * Returns a map of <code>TrustProfiles</code>
+   * @return
+   */
+  public Map getTrustProfiles() {
+	  return trustProfiles;
+  }
+
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param parameters Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private static void info(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+    Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+  
+  /**
+   * Log a debug message.
+   * 
+   * @param messageId The message ID.
+   * @param parameters Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private static void debug(String message) {
+    Logger.debug(message);
+  }
+  
+     /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void warn(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt));
+    warnings.add(txt);
+  }
+
+  /**
+   * Log an error.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void error(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt));
+//    warnings.add(txt);
+  }
+  
+  /**
+   * Returns the JDBC URL for the revocation archive database.
+   * 
+   * @return the JDBC URL for the revocation archive database.
+   */
+  public String getRevocationArchiveJDBCURL()
+  {
+    return revocationArchiveJDBCURL_;
+  }
+
+  /**
+   * Returns the JDBC driver class name for the revocation archive database.
+   * 
+   * @return the JDBC driver class name for the revocation archive database.
+   */
+  public String getRevocationArchiveJDBCDriverClass()
+  {
+    return revocationArchiveJDBCDriverClass_;
+  }
+
+  /**
+   * Returns whether revocation checking should be done.
+   * 
+   * @return whether revocation checking should be done.
+   */
+  public boolean getEnableRevocationChecking()
+  {
+    return enableRevocationChecking_;
+  }
+
+  /**
+   * Returns the maximum age of a revocation information for considering it 
+   * still as valid.
+   * 
+   * @return the maximum age of a revocation information for considering it 
+   *         still as valid.
+   */
+  public long getMaxRevocationAge()
+  {
+    return maxRevocationAge_;
+  }
+
+  /**
+   * Returns the service order for revocation checking.
+   * 
+   * @return the service order for revocation checking. Valid array entries are
+   *         {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}.
+   */
+  public String[] getServiceOrder()
+  {
+    return serviceOrder_;
+  }
+
+  /**
+   * Returns whether certificates found during certificate path construction 
+   * should be added to the certificate store.
+   * 
+   * @return whether certificates found during certificate path construction 
+   *         should be added to the certificate store.
+   */
+  public boolean getAutoAddCertificates()
+  {
+    return autoAddCertificates_;
+  }
+
+  /**
+   * Returns whether the certificate extension Authority Info Access should 
+   * be used during certificate path construction.
+   * 
+   * @return whether the certificate extension Authority Info Access should 
+   *         be used during certificate path construction.
+   */
+  public boolean getUseAuthorityInfoAccess()
+  {
+    return useAuthorityInfoAccess_;
+  }
+  
+  /**
+   * Returns whether the file URIs are permitted or not
+   * @return whether the file URIs are permitted or not
+   */
+  public boolean getPermitFileURIs()
+  {
+    return permitFileURIs; 
+  }
+  
+  /**
+   * Returns the map of retention intervals
+   * @return The map of retention intervals
+   */
+  public Map getCrlRetentionIntervals() {
+     return crlRetentionIntervals;
+  }
+ 
+  /**
+   * Returns the global TSL configuration
+   * @return The global TSL configuration
+   */
+  public TSLConfiguration getTSLConfiguration() {
+	  return tslconfiguration_;
+  }
+ 
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java
new file mode 100644
index 0000000..a2e5b93
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * Abstract base class for distribution points.
+ * 
+ * @author Gregor Karlinger
+ * @version $Id$
+ * */
+public abstract class DistributionPoint implements iaik.pki.revocation.DistributionPoint
+{
+  /** 
+   * The distribution point URI. 
+   */
+  private String uri_;
+
+  /**
+   * Create a <code>DistributionPoint</code> with a URI.
+   * 
+   * @param uri The URI of the distribution point.
+   */
+  public DistributionPoint(String uri)
+  {
+    uri_ = uri;
+  }
+  
+  /**
+   * @see iaik.pki.revocation.DistributionPoint#getType()
+   */
+  public abstract String getType();
+
+  /**
+   * @see iaik.pki.revocation.DistributionPoint#getUri()
+   */
+  public String getUri()
+  {
+    return uri_;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java
new file mode 100644
index 0000000..c0487f6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * Contains configuration data for a hardware crypto module.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareCryptoModule {
+  /** The name of the module. */
+  private String name;
+  /** The slod ID of the module. */
+  private String slotID;
+  /** The user PIN of the module. */
+  private String userPIN;
+  
+  /**
+   * Create a new <code>HardwareCryptoModule</code>.
+   * 
+   * @param name The name of this <code>HardwareCryptoModule</code>.
+   * @param slotID The slot ID of this <code>HardwareCryptoModule</code>.
+   * @param userPIN The user PIN to access this
+   * <code>HardwareCryptoModule</code>.
+   */
+  public HardwareCryptoModule(String name, String slotID, String userPIN) {
+    this.name = name;
+    this.slotID = slotID;
+    this.userPIN = userPIN;
+  }
+  
+  /**
+   * Returns the name of this <code>HardwareCryptoModule</code>.
+   * 
+   * @return The name of this <code>HardwareCryptoModule</code>.
+   */
+  public String getName() {
+    return name;
+  }
+
+  /**
+   * Returns the slot ID of this <code>HardwareCryptoModule</code>.
+   * 
+   * @return The slot ID.
+   */
+  public String getSlotID() {
+    return slotID;
+  }
+
+
+  /**
+   * Returns the user PIN of this <code>HardwareCryptoModule</code>.
+   * 
+   * @return The user PIN used to access the module.
+   */
+  public String getUserPIN() {
+    return userPIN;
+  }
+
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java
new file mode 100644
index 0000000..18fd085
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * A class that contains information about a hardware key module.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareKeyModule extends KeyModule {
+  /** The name of the module. */
+  private String name;
+  /** The slod ID of the module. */
+  private String slotID;
+  /** The user PIN of the module. */
+  private String userPIN;
+  
+  /**
+   * Create a new <code>HardwareKey</code>.
+   * 
+   * @param id The key module ID.
+   * @param name The name of the key.
+   * @param slotID The slot ID of the key within the hardware module. May be
+   * <code>null</code>.
+   * @param userPIN The user PIN to access the key.
+   */
+  public HardwareKeyModule(String id, String name, String slotID, String userPIN) {
+    super(id);
+    this.name = name;
+    this.slotID = slotID;
+    this.userPIN = userPIN;   
+  }
+  
+  /**
+   * Return the name of this <code>HardwareKey</code>.
+   * 
+   * @return The name of this <code>HardwareKey</code>.
+   */
+  public String getName() {
+    return name;
+  }
+  
+  /**
+   * Return the slot ID of this <code>HardwareKey</code>.
+   * 
+   * @return The slot ID of this <code>HardwareKey</code>.
+   */
+  public String getSlotID() {
+    return slotID;
+  }
+  
+  /**
+   * Return the user PIN to access this <code>HardwareKey</code>.
+   * 
+   * @return The user PIN to access this <code>HardwareKey</code>.
+   */
+  public String getUserPIN() {
+    return userPIN;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java
new file mode 100644
index 0000000..38a3ae9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import java.math.BigInteger;
+import java.security.Principal;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+/**
+ * A class containing the issuer and serial number of a certificate, which can
+ * be used to uniquely identify the certificate.
+ * 
+ * The issuer is contained as an RFC2253 encoded <code>String</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IssuerAndSerial {
+
+  /** The issuer distinguished name. */
+  private String issuerDN;
+  /** The certificate serial number. */
+  private BigInteger serial;
+
+  /**
+   * Create an <code>IssuerAndSerial</code> object.
+   * 
+   * The name of the issuer is converted to RFC2253. If it cannot be parsed, the
+   * DN contained in the <code>issuer</code> is set. 
+   * 
+   * @param issuer The isser of a certificate.
+   * @param serial The serial number of the certificate.
+   */
+  public IssuerAndSerial(Principal issuer, BigInteger serial) {
+    String issuerDN = null;
+    if (issuer instanceof Name) {
+      try {
+        issuerDN = ((Name)issuer).getRFC2253String();
+      } catch (RFC2253NameParserException e) {
+        // do nothing
+      }
+    }
+    if (issuerDN == null) {
+      RFC2253NameParser parser = new RFC2253NameParser(issuer.getName());
+      try {
+        issuerDN = ((Name)parser.parse()).getRFC2253String();
+      } catch (RFC2253NameParserException e) {
+        issuerDN = issuer.getName();
+      }
+    }
+    this.serial = serial;
+    this.issuerDN = issuerDN;
+  }
+  
+  /**
+   * Create an <code>IssuerAndSerial</code> object.
+   * 
+   * @param issuerDN The issuer distinguished name. Should be an RFC2253 name.
+   * @param serial The serial number of the certificate.
+   */
+  public IssuerAndSerial(String issuerDN, BigInteger serial) {
+    this.issuerDN = issuerDN;
+    this.serial = serial;
+  }
+
+  /**
+   * Return the issuer DN in RFC2253 format.
+   * 
+   * @return The issuer part of this object.
+   */
+  public String getIssuerDN() {
+    return issuerDN;
+  }
+
+  /**
+   * Return the serial number.
+   * 
+   * @return The serial number of this object.
+   */
+  public BigInteger getSerial() {
+    return serial;
+  }
+
+  /**
+   * Compare this <code>IssuerAndSerial</code> to another object.
+   * 
+   * @param other The object to compare this <code>IssuerAndSerial</code> to.
+   * @return <code>true</code>, if <code>other</code> is an
+   * <code>IssuerAndSerial</code> object and the <code>issuer</code> and
+   * <code>serial</code> fields are both equal. <code>false</code> otherwise.
+   * @see java.lang.Object#equals(java.lang.Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof IssuerAndSerial) {
+      IssuerAndSerial ias = (IssuerAndSerial) other;
+      return getIssuerDN().equals(ias.getIssuerDN())
+        && getSerial().equals(ias.getSerial());
+    }
+    return false;
+  }
+
+  /**
+   * Return the hash code of this <code>IssuerAndSerial</code>.
+   * 
+   * @return The hash code of this <code>IssuerAndSerial</code>.
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return issuerDN.hashCode() ^ serial.hashCode();
+  }
+
+  /**
+   * Return a <code>String</code> representation of this
+   * <code>IssuerAndSerial</code> object.
+   * 
+   * @return The <code>String</code> representation.
+   * @see java.lang.Object#toString()
+   */
+  public String toString() {
+    return ("(IssuerAndSerial - Issuer<" + getIssuerDN())
+      + ("> Serial<" + serial.toString() + ">)");
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
new file mode 100644
index 0000000..c2490f9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * A collection of <code>KeyGroupEntry</code>s with its own ID.
+ * 
+ * @author Sven Aigner
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class KeyGroup {
+
+  /** The keys belonging to this key group. */
+  private Set keyGroupEntries;
+  /** The key group ID. */
+  private String id;
+  /** The digest method algorithm for the key group */
+  private String digestMethodAlgorithm;
+
+  /**
+   * Create a <code>KeyGroup</code>.
+   * 
+   * @param id The ID of this <code>KeyGroup</code>.
+   * @param keyGroupEntries The keys belonging to this <code>KeyGroup</code>.
+   * @param digestMethodAlgorithm The signature algorithm used for this key group
+   */
+  public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm) {
+    this.id = id;
+    this.keyGroupEntries = keyGroupEntries;
+    this.digestMethodAlgorithm = digestMethodAlgorithm; 
+  }
+
+  /**
+   * Return the <code>KeyEntry</code>s contained in this <code>KeyGroup</code>.
+   * 
+   * @return The <code>KeyEntry</code>s contained in this <code>KeyGroup</code>.
+   */
+  public Set getKeyGroupEntries() {
+    return keyGroupEntries;
+  }
+  
+  /**
+   * Returnd the digest method algorithm used for this key group
+   * @return The digest method signature algorithm used for this key group
+   */
+  public String getDigestMethodAlgorithm() {
+	  return digestMethodAlgorithm;
+  }
+
+  /**
+   * Return the ID of this <code>KeyGroup</code>.
+   * 
+   * @return The <code>KeyGroup</code> ID.
+   */
+  public String getId() {
+    return id;
+  }
+
+  /** 
+   * Return a <code>String</code> representation of this <code>KeyGroup</code>.
+   * 
+   * @return The <code>String</code> representation.
+   * @see java.lang.Object#toString()
+   */
+  public String toString() {
+    StringBuffer sb = new StringBuffer();
+    Iterator i;
+
+    if (getKeyGroupEntries() != null) {
+      i = getKeyGroupEntries().iterator();
+
+      while (i.hasNext()) {
+        sb.append(" " + i.next());
+      }
+    }
+    return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: " + digestMethodAlgorithm;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java
new file mode 100644
index 0000000..fcedfb0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import java.math.BigInteger;
+
+/**
+ * A class containing information about an entry in a key group.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class KeyGroupEntry {
+  /** The module ID of the key. */
+  private String moduleID;
+  /** The issuer DN of the certificate identifying the key. */
+  private String issuerDN;
+  /** The serial number of the certificate identifying the key. */
+  private BigInteger serialNumber;
+
+  /**
+   * Create a new <code>KeyGroupEntry</code>.
+   * 
+   * @param moduleID The key module ID to which this entry belongs to.
+   * @param issuerAndSerial The issuer and serial number which uniquely
+   * identifies a certificate within the key module.
+   */
+  public KeyGroupEntry(String moduleID, IssuerAndSerial issuerAndSerial) {
+    this.moduleID = moduleID;
+    this.issuerDN = issuerAndSerial.getIssuerDN();
+    this.serialNumber = issuerAndSerial.getSerial();
+  }
+
+  /**
+   * Create a new <code>KeyGroupEntry</code>.
+   * 
+   * @param moduleID The key module ID to which this entry belongs to.
+   * @param issuerDN The isser DN of the certificate within the key module.
+   * @param serialNumber The serial number of the certificate within the key
+   * module.
+   */
+  public KeyGroupEntry(
+    String moduleID,
+    String issuerDN,
+    BigInteger serialNumber) {
+    this.moduleID = moduleID;
+    this.issuerDN = issuerDN;
+    this.serialNumber = serialNumber;
+  }
+
+  /**
+   * Return the key module ID to which this <code>KeyGroupEntry</code> belongs
+   * to.
+   * 
+   * @return The key module ID.
+   */
+  public String getModuleID() {
+    return moduleID;
+  }
+
+  /**
+   * Return the issuer DN of this <code>KeyGroupEntry</code> for identifying the
+   * certificate within the key module.
+   * 
+   * @return The issuer DN of the certificate.
+   */
+  public String getIssuerDN() {
+    return issuerDN;
+  }
+
+  /**
+   * Return the serial number of this <code>KeyGroupEntry</code> for identifying
+   * the certificate within the key module.
+   * 
+   * @return The serial number of the certificate.
+   */
+  public BigInteger getSerialNumber() {
+    return serialNumber;
+  }
+
+  /**
+   * Compare this <code>KeyGroupEntry</code> to another.
+   *
+   * @param other The <code>KeyGroupEntry</code> to compare to.
+   * @return <code>true</code>, if module ID, isser DN and serial number of
+   * <code>other</code> match the ones contained in this object, otherwise
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof KeyGroupEntry) {
+      KeyGroupEntry entry = (KeyGroupEntry) other;
+      return getModuleID().equals(entry.getModuleID())
+        && getIssuerDN().equals(entry.getIssuerDN())
+        && getSerialNumber().equals(entry.getSerialNumber());
+    }
+    return false;
+  }
+  
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getModuleID().hashCode()
+      ^ getIssuerDN().hashCode()
+      ^ getSerialNumber().hashCode();
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java
new file mode 100644
index 0000000..45d8d7e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * A class that contains information about a key module.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class KeyModule {
+
+  /** The key module ID. */
+  private String id;
+
+  /**
+   * Create a <code>Key</code> object.
+   * 
+   * @param id The key module ID.
+   */
+  public KeyModule(String id) {
+    this.id = id;
+  }
+
+  /**
+   * Return the key ID.
+   * 
+   * @return The key ID.
+   */
+  public String getId() {
+    return id;
+  }
+
+  /**
+   * Return a <code>String</code> representation of this <code>Key</code>.
+   * 
+   * @return The <code>String</code> representation.
+   * @see java.lang.Object#toString()
+   */
+  public String toString() {
+    return "(Key - Id<" + id + ">)";
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java
new file mode 100644
index 0000000..2e91c6b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.pki.revocation.RevocationSourceTypes;
+
+/**
+ * A class representing a CRL distribution point.
+ * 
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class OCSPDistributionPoint 
+  extends DistributionPoint 
+  implements iaik.pki.revocation.DistributionPoint
+{
+  /**
+   * Create a <code>OCSPDistributionPoint</code> with a URI.
+   * 
+   * @param uri The URI of the ocsp distribution point.
+   */
+  public OCSPDistributionPoint(String uri)
+  {
+    super(uri);
+  }
+
+  /**
+   * @see iaik.pki.revocation.DistributionPoint#getType()
+   */
+  public String getType()
+  {
+    return RevocationSourceTypes.OCSP;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java
new file mode 100644
index 0000000..0ed83bb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+/**
+ * A class containing information about a software key, stored in PKCS12 format.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SoftwareKeyModule extends KeyModule {
+  /** The name of the file containing the keys. */
+  private String fileName;
+  /** The password for accessing the file. */
+  private String passWord;
+  
+  /**
+   * Create a new <code>SoftwareKey</code>.
+   * 
+   * @param id The key ID.
+   * @param fileName The name of the PKCS12 keystore file containing the key.
+   * @param passWord The password to access the keystore file.
+   */
+  public SoftwareKeyModule(String id, String fileName, String passWord) {
+    super(id);
+    this.fileName = fileName;
+    this.passWord = passWord;
+  }
+  
+  /**
+   * Return the name of the PKCS12 keystore file containing this
+   * <code>SoftwareKey</code>.
+   * 
+   * @return The name of the PKCS12 keystore file.
+   */
+  public String getFileName() {
+    return fileName;
+  }
+  
+  /**
+   * Return the password to access the keystore file.
+   * 
+   * @return The password to access the keystore file.
+   */
+  public String getPassWord() {
+    return passWord;
+  }
+  
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
new file mode 100644
index 0000000..21063c7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.x509.X509Certificate;
+
+/**
+ * Information about a trust profile.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TrustProfile {
+  /** The ID of the trust profile. */
+  private String id;
+  /** The URI giving the location of the trust profile. */
+  private String uri;
+  /** The URI giving the location of the allowed signer certificates. */
+  private String signerCertsUri;
+  /** Defines if Trustprofile makes use of EU TSL*/
+  private boolean tslEnabled;
+  /** The original URI (out of the configuration) giving the location of the trust profile (used when TSL is enabled) */
+  private String uriOrig;
+  /** The countries given */  
+  private String countries;
+  /** */
+  private X509Certificate[] certificatesToBeRemoved;
+  
+  /**
+   * Create a <code>TrustProfile</code>.
+   * 
+   * @param id The ID of the <code>TrustProfile</code> to create.
+   * @param uri The URI of the <code>TrustProfile</code> to create.
+   * @param signerCertsUri The URI of the location of the allowed signer
+   *        certificates of the <code>TrustProfile</code> to create.
+   */
+  public TrustProfile(String id, String uri, String signerCertsUri, boolean tslEnabled, String countries) {
+    this.id = id;
+    this.uri = uri;
+    this.signerCertsUri = signerCertsUri;
+    this.tslEnabled = tslEnabled;
+    this.countries = countries;
+    this.certificatesToBeRemoved = new X509Certificate[0];
+  }
+
+  /**
+   * Return the ID of this <code>TrustProfile</code>.
+   * 
+   * @return The <code>TrustProfile</code> ID.
+   */
+  public String getId() {
+    return id;
+  }
+
+  /**
+   * Return the URI of this <code>TrustProfile</code>.
+   * 
+   * @return The URI of <code>TrustProfile</code>.
+   */
+  public String getUri() {
+    return uri;
+  }
+  
+  /**
+   * Return the original URI of this <code>TrustProfile</code>.
+   * 
+   * @return The original URI of <code>TrustProfile</code>.
+   */
+  public String getUriOrig() {
+    return uriOrig;
+  }
+
+  /**
+   * Return the URI giving the location of the allowed signer certificates
+   * of this <code>TrustProfile</code>.
+   * 
+   * @return The URI of <code>TrustProfile</code>.
+   */
+  public String getSignerCertsUri() {
+    return signerCertsUri;
+  }
+  /**
+   * Returns if Trustprofile is TSL enabled
+   * @return
+   */
+  public boolean isTSLEnabled() {
+	  return tslEnabled;
+  }
+  /**
+   * Returns the given countries
+   * @return Given countries
+   */
+  public String getCountries() {
+	  if (!tslEnabled)
+		  return null;
+	  else
+		  return countries;
+  }
+  
+     
+  /**
+   * Sets the original URI of this <code>TrustProfile</code>.
+   * 
+   * @return The original URI of <code>TrustProfile</code>.
+   */
+  public void setUriOrig(String uriOrig) {
+    this.uriOrig = uriOrig;
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
new file mode 100644
index 0000000..49e5ecc
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.cmssign;
+
+import iaik.server.modules.algorithms.SignatureAlgorithms;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.AlgorithmUnavailableException;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * An object providing auxiliary information for creating a CMS signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureCreationProfileImpl
+  implements CMSSignatureCreationProfile {
+
+  /** The set of keys available to the signing process. */
+  private Set keySet;
+  /** The MIME type of the data to be signed*/
+  private String mimeType;
+  /** Whether the created signature is to be Security Layer conform. */ 
+  private boolean securityLayerConform;
+  /** Properties to be signed during signature creation. */ 
+  private List signedProperties;
+  /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */
+  private boolean includeData;
+  /** Digest Method algorithm  */
+  private String digestMethod;
+  
+  
+  /**
+   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * 
+   * @param createProfileCount Provides external information about the 
+   * number of calls to the signature creation module, using the same request.
+   * @param reservedIDs The set of IDs that must not be used while generating
+   * new IDs.
+   */
+  public CMSSignatureCreationProfileImpl(
+    Set keySet,
+    String digestMethod,
+    List signedProperties,
+    boolean securityLayerConform,
+    boolean includeData,
+    String mimeType) {
+	  this.keySet = keySet;
+	  this.signedProperties = signedProperties;
+	  this.securityLayerConform = securityLayerConform;
+	  this.includeData = includeData;
+	  this.mimeType = mimeType;
+	  this.digestMethod = digestMethod;
+
+  }
+
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
+   */
+  public Set getKeySet() {
+    return keySet;
+  }
+
+  /**
+   * Set the set of <code>KeyEntryID</code>s which may be used for signature
+   * creation.
+   * 
+   * @param keySet The set of <code>KeyEntryID</code>s to set.
+   */
+  public void setKeySet(Set keySet) {
+    this.keySet = keySet;
+  }
+
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
+   */
+  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
+    throws AlgorithmUnavailableException {
+
+	  
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    TransactionId tid = new TransactionId(context.getTransactionID());
+    KeyModule module = KeyModuleFactory.getInstance(tid);
+    Set algorithms;
+
+    try {
+      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
+    } catch (UnknownKeyException e) {
+      throw new AlgorithmUnavailableException(
+        "Unknown key entry: " + selectedKeyID,
+        e,
+        null);
+    }
+    
+      	if (digestMethod.compareTo("SHA-1") == 0) {
+    		Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
+             }
+    		
+    	} else if (digestMethod.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethod.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethod,
+         			null,
+         	        null);
+         }
+  
+
+  }
+
+
+ 
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   * 
+   * @param securityLayerConform <code>true</code>, if the created signature
+   * is to be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+ 
+  public void setDigestMethod(String digestMethod) {
+	  this.digestMethod = digestMethod;
+  }
+ 
+
+  public String getMimeType() {
+	  return mimeType;
+  }
+
+  public boolean includeData() {
+	return this.includeData;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
new file mode 100644
index 0000000..972b540
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.cmsverify;
+
+import iaik.pki.PKIProfile;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
+
+/**
+ * An implementation of the <code>CMSSignatureVerificationProfile</code>
+ * interface.
+ * 
+ * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureVerificationProfileImpl
+  implements CMSSignatureVerificationProfile {
+    
+  /** The profile for validating the certificate. */
+  private PKIProfile certificateValidationProfile;
+
+  /**
+   * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile#getCertificateValidationProfile()
+   */
+  public PKIProfile getCertificateValidationProfile() {
+    return certificateValidationProfile;
+  }
+
+  /**
+   * Sets the profile for validating the signer certificate.
+   * 
+   * @param certificateValidationProfile The certificate validation profile to
+   * set.
+   */
+  public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) {
+    this.certificateValidationProfile = certificateValidationProfile;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java
new file mode 100644
index 0000000..90e6793
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.server.modules.keys.KeyModuleConfiguration;
+
+/**
+ * Base implementation class for the <code>KeyModuleConfiguration</code>
+ * interface and the interfaces derived from it.
+ * 
+ * @see iaik.server.modules.keys.KeyModuleConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class AbstractKeyModuleConfigurationImpl
+  implements KeyModuleConfiguration {
+
+  /** The module ID. */    
+  private String moduleID;
+  
+  /**
+   * Creata new <code>AbstractKeyModuleConfigurationImpl</code>.
+   * 
+   * @param moduleID The key module ID of this
+   * <code>KeyModuleConfiguration</code>.
+   */
+  public AbstractKeyModuleConfigurationImpl(String moduleID) {
+    this.moduleID = moduleID;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.KeyModuleConfiguration#getModuleID()
+   */
+  public String getModuleID() {
+    return moduleID;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java
new file mode 100644
index 0000000..e2d828b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pki.store.observer.NotificationData;
+import iaik.pki.store.observer.Observable;
+import iaik.pki.store.observer.Observer;
+
+/**
+ * A base class for observable configuration data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class AbstractObservableConfiguration implements Observable {
+
+  /** The observers registered with this <code>Observable</code>. */
+  private List observers = new ArrayList();
+
+  /**
+   * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
+   */
+  public void addObserver(Observer observer) {
+    observers.add(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
+   */
+  public boolean removeObserver(Observer observer) {
+    return observers.remove(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
+   */
+  public void notify(NotificationData data) {
+    Iterator iter = observers.iterator();
+
+    for (iter = observers.iterator(); iter.hasNext();) {
+      Observer observer = (Observer) iter.next();
+      observer.notify(data);
+    }
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java
new file mode 100644
index 0000000..4a300a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveParameters;
+import iaik.pki.store.revocation.archive.ArchiveTypes;
+
+import java.sql.Driver;
+import java.sql.DriverManager;
+import java.util.Enumeration;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>ArchiveConfiguration</code> interface
+ * using configuration data provided by the MOA configuration file.
+ * 
+ * @see iaik.pki.store.revocation.archive.ArchiveConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ArchiveConfigurationImpl
+  extends AbstractObservableConfiguration
+  implements ArchiveConfiguration {
+    
+  /** The configuration parameters of the archive. */
+  private ArchiveParameters archiveParameters;
+
+  /**
+   * Create a new <code>ArchiveConfigurationImpl</code>.
+   * 
+   * @param config The MOA configuration from which the configuration data is being read.
+   */
+  public ArchiveConfigurationImpl(ConfigurationProvider config) 
+  {
+    String jdbcUrl = config.getRevocationArchiveJDBCURL();
+    this.archiveParameters = new DataBaseArchiveParameterImpl(jdbcUrl);
+    
+    // Register JDBC driver class 
+    if (jdbcUrl != null)
+    {
+      String jdbcDriverClass = config.getRevocationArchiveJDBCDriverClass();
+      try
+      {
+        Class.forName(jdbcDriverClass);
+      }
+      catch (ClassNotFoundException e)
+      {
+        // TODO 20030709 GK Improve exception handling
+        throw new RuntimeException("JDBC driver class \"" + jdbcDriverClass + " could not be found.");       
+      }
+      
+      Enumeration regDrivers = DriverManager.getDrivers();
+      boolean isRegistered = false;
+      while (regDrivers.hasMoreElements())
+      {
+        Object currentDriver = regDrivers.nextElement();
+        if (jdbcDriverClass.equals(currentDriver.getClass().getName())) isRegistered = true;
+      }
+      if (!isRegistered)
+      {
+        // Workaround for a driver which does not register itselve at invocation of Class.forName(drvname)
+        try
+        {
+          DriverManager.registerDriver((Driver)Class.forName(jdbcDriverClass).newInstance()); 
+        }
+        catch (Exception e)
+        {
+          // TODO 20030709 GK Improve exception handling
+          throw new RuntimeException("Registering JDBC driver \"" + jdbcDriverClass + " failed.");       
+        }
+      }
+    }
+  }
+
+  /**
+   * Return the type of archive.
+   * 
+   * This will always return <code>ArchiveTypes.DATABASE</code>.
+   * @return <code>ArchiveTypes.DATABASE</code>.
+   * @see iaik.pki.store.revocation.archive.ArchiveConfiguration#getType()
+   */
+  public String getType() {
+    return ArchiveTypes.DATABASE;
+  }
+
+  /**
+   * Return the <code>ArchiveParameters</code> describing this
+   * <code>ArchiveConfiguration</code>.
+   * 
+   * @return The archive parameters.
+   * @see iaik.pki.store.revocation.archive.ArchiveConfiguration#getArchiveParameters()
+   */
+  public ArchiveParameters getArchiveParameters() {
+    return archiveParameters;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
new file mode 100644
index 0000000..981ea05
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.logging.TransactionId;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.revocation.RevocationInfoRetriever;
+import iaik.pki.store.revocation.RevocationSource;
+import iaik.pki.store.revocation.RevocationStoreException;
+import iaik.pki.ldap.Handler;
+
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLStreamHandler;
+import java.util.Collection;
+import java.util.Date;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * A customized implementation of
+ * {@link iaik.pki.store.revocation.RevocationInfoRetriever}. Will be used
+ * instead of the default implementation
+ * {@link iaik.pki.store.revocation.CRLRetriever} to overcome a classloader
+ * problem in connection with the {@link java.net.URL} class in a Tomcat
+ * deployment environment.
+ * 
+ * @author Gregor Karlinger
+ * @version $$
+ */
+public class CRLRetriever implements RevocationInfoRetriever {
+	public void update(RevocationSource source, Collection supplementalRequestData, TransactionId tid)
+			throws RevocationStoreException {
+		if (source == null) {
+			throw new NullPointerException("RevocationSource parameter mustn't be null.");
+		}
+		Logger.info("Downloading crl from " + source.getUri());
+		if (!source.getType().equals(RevocationSourceTypes.CRL)) {
+			throw new RevocationStoreException(source.getType() + " not supported", null, getClass().getName() + ":1");
+		}
+		try {
+			URL crlUrl;
+			try {
+				crlUrl = new URL(source.getUri());
+			} catch (MalformedURLException e) {
+				// Workaround for classloader problem with deployment in Tomcat
+				// 4.1
+				URLStreamHandler handler = new Handler();
+				crlUrl = new URL(null, source.getUri(), handler);
+			}
+
+			InputStream crlInputStream = crlUrl.openStream();
+			source.readFrom(crlInputStream, tid);
+			source.setDownloadTime(new Date());
+			crlInputStream.close();
+		} catch (Exception iox) {
+			Logger.warn("Cannot retrieve crl", iox);
+			throw new RevocationStoreException("Cannot retrieve CRL", iox, getClass().getName() + ":1");
+		}
+	}
+
+	@Override
+	public void setConnectTimeout(int arg0) {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+	}
+
+	@Override
+	public void setReadTimeout(int arg0) {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+	}
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
new file mode 100644
index 0000000..a4f7660
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.commons.io.FileUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import iaik.logging.Log;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+import iaik.pki.store.certstore.directory.DirectoryStoreException;
+import iaik.pki.store.certstore.utils.DirectoryCertStoreConverter;
+
+/**
+ * An implementation of the <code>CertStoreConfiguration</code> interface based
+ * on MOA configuration data.
+ * 
+ * @see iaik.pki.store.certstore.CertStoreConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CertStoreConfigurationImpl extends AbstractObservableConfiguration implements CertStoreConfiguration {
+
+	private static final Logger logger = LoggerFactory.getLogger(CertStoreConfigurationImpl.class);
+
+	/** The configuration parameters of the <code>CertStore</code>. */
+	private CertStoreParameters[] parameters;
+
+	/**
+	 * Create a new <code>CertStoreConfigurationImpl</code>.
+	 * 
+	 * @param config
+	 *            The MOA configuration from which the configuration data is
+	 *            being read.
+	 */
+	public CertStoreConfigurationImpl(ConfigurationProvider config) {
+		String certStoreRoot = config.getCertStoreLocation();
+
+		DirectoryCertStoreParameters dirParameters = new DirectoryCertStoreParametersImpl("MOA Directory CertStore",
+				certStoreRoot, true, false);
+
+		parameters = new CertStoreParameters[] { dirParameters };
+	}
+
+	/**
+	 * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
+	 */
+	public CertStoreParameters[] getParameters() {
+		return parameters;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java
new file mode 100644
index 0000000..dff78d6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.logging.LoggerConfig;
+import iaik.pki.PKIConfiguration;
+import iaik.server.ConfigurationData;
+
+import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule;
+import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule;
+
+/**
+ * An implementation of the <code>ConfigurationData</code> interface using
+ * MOA configuration data.
+ * 
+ * @see iaik.server.ConfigurationData
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationDataImpl implements ConfigurationData {
+  /** PKI configuration data. */
+  private PKIConfiguration pkiConfiguration;
+  /** Crypto modules configuration data. */
+  private List cryptoModuleConfigurations;
+  /** Key modules configuration data. */
+  private List keyModuleConfigurations;
+  /** Logging configuration data. */
+  private LoggerConfig loggerConfig;
+
+  /**
+   * Create a new <code>ConfigurationDataImpl</code>.
+   * 
+   * @param config The underlying MOA configuration data.
+   */
+  public ConfigurationDataImpl(ConfigurationProvider config) {
+    this.pkiConfiguration = new PKIConfigurationImpl(config);
+    this.cryptoModuleConfigurations = buildCryptoModuleConfigurations(config);
+    this.keyModuleConfigurations = buildKeyModuleConfigurations(config);
+    this.loggerConfig = new LoggerConfigImpl();
+  }
+
+  /**
+   * Build the list of <code>CryptoModuleConfiguration</code>s.
+   * 
+   * @param config The underlying MOA configuration data.
+   * @return The list of <code>CryptoModuleConfiguration</code>s configured in
+   * the MOA configuration.
+   */
+  private List buildCryptoModuleConfigurations(ConfigurationProvider config) {
+    List modules = new ArrayList();
+    Iterator iter = config.getHardwareCryptoModules().iterator();
+    
+    while (iter.hasNext()) {
+      HardwareCryptoModule module = (HardwareCryptoModule) iter.next();
+      modules.add(new HardwareCryptoModuleConfigurationImpl(module));
+    }
+    
+    return modules;
+  }
+  
+  /**
+   * Build the list of <code>KeyModuleConfiguration</code>s.
+   * 
+   * @param config The underlying MOA configuration data.
+   * @return The list of <code>KeyModuleConfiguration</code>s configured in the
+   * MOA configuration.
+   */
+  private List buildKeyModuleConfigurations(ConfigurationProvider config) {
+    List keys = new ArrayList();
+    Iterator iter;
+    
+    // add the hardware keys
+    iter = config.getHardwareKeyModules().iterator();
+    while (iter.hasNext()) {
+      HardwareKeyModule key = (HardwareKeyModule) iter.next();
+      keys.add(new HardwareKeyModuleConfigurationImpl(key));
+    }
+    
+    // add the software keys
+    iter = config.getSoftwareKeyModules().iterator();
+    while (iter.hasNext()) {
+      SoftwareKeyModule key = (SoftwareKeyModule) iter.next();
+      keys.add(new SoftwareKeyModuleConfigurationImpl(key));
+    }
+    
+    return keys;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getPKIConfiguration()
+   */
+  public PKIConfiguration getPKIConfiguration() {
+    return pkiConfiguration;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getCryptoModuleConfigurations()
+   */
+  public List getCryptoModuleConfigurations() {
+    return cryptoModuleConfigurations;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getKeyModuleConfigurations()
+   */
+  public List getKeyModuleConfigurations() {
+    return keyModuleConfigurations;
+  }
+
+  /**
+   * @see iaik.server.ConfigurationData#getLoggerConfig()
+   */
+  public LoggerConfig getLoggerConfig() {
+    return loggerConfig;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
new file mode 100644
index 0000000..f4658a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.store.revocation.archive.DataBaseArchiveParameters;
+
+/**
+ * An implementation of the <code>DataBaseArchiveParameter</code> interface.
+ * 
+ * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DataBaseArchiveParameterImpl implements DataBaseArchiveParameters {
+
+  /** The JDBC URL for accessing the archive. */
+  private String jDBCUrl;
+
+  /**
+   * Create a new <code>DataBaseArchiveParameterImpl</code>.
+   * 
+   * @param jDBCUrl The JDBC URL of the archive.
+   */
+  public DataBaseArchiveParameterImpl(String jDBCUrl) {
+    this.jDBCUrl = jDBCUrl;
+  }
+
+  /**
+   * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter#getJDBCUrl()
+   */
+  public String getJDBCUrl() {
+    return jDBCUrl;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java
new file mode 100644
index 0000000..9dd0ffe
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.Collections;
+import java.util.Set;
+
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.CertStoreTypes;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+
+/**
+ * An implementation of the <code>DirectoryCertStoreParameters</code> interface.
+ * 
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DirectoryCertStoreParametersImpl
+  implements DirectoryCertStoreParameters {
+
+  /** The root directory of the <code>CertStore</code>. */
+  private String rootDirectory;
+  /** Whether a new directory may be created. */
+  private boolean createNew;
+  /** The <code>CertStore</code> ID. */
+  private String id;
+  /** Whether the <code>CertStore</code> is read-only. */
+  private boolean readOnly;
+
+  /**
+   * Create a new <code>DirectoryCertStoreParameterImpl</code>.
+   * 
+   * @param id The <code>CertStore</code> ID.
+   * @param rootDirectory The root directory of the <code>CertStore</code>.
+   * @param createNew Whether a new directory may be created.
+   * @param readOnly Whether the <code>CertStore</code> is read-only.
+   */
+  public DirectoryCertStoreParametersImpl(
+    String id,
+    String rootDirectory,
+    boolean createNew,
+    boolean readOnly) {
+    
+    this.id = id;  
+    this.rootDirectory = rootDirectory;
+    this.createNew = createNew;
+    this.readOnly = readOnly;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+   */
+  public String getRootDirectory() {
+    return rootDirectory;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+   */
+  public boolean createNew() {
+    return createNew;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+   */
+  public String getId() {
+    return id;
+  }
+
+  /**
+   * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+   */
+  public boolean isReadOnly() {
+    return readOnly;
+  }
+
+  /**
+   * @return <code>CertStoreTypes.DIRECTORY</code>
+   * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+   */
+  public String getType() {
+    return CertStoreTypes.DIRECTORY;
+  }
+
+@Override
+public Set getVirtualStores() {
+	// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+	return Collections.EMPTY_SET;
+}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java
new file mode 100644
index 0000000..c9904c5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.server.modules.crypto.HardwareCryptoModuleConfiguration;
+
+import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule;
+
+/**
+ * An implementation of the <code>HardwareCryptoModuleConfiguration</code>
+ * wrapping a <code>HardwareCryptoModule</code> from the MOA configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareCryptoModuleConfigurationImpl
+  implements HardwareCryptoModuleConfiguration {
+  
+  /** The wrapped <code>HardwareCryptoModule</code>. */  
+  private HardwareCryptoModule module;
+  
+  /**
+   * Create a new <code>HardwareCryptoModuleConfigurationImpl</code>.
+   * 
+   * @param module The <code>HardwareCryptoModule</code> from the underlying MOA
+   * configuration.
+   */  
+  public HardwareCryptoModuleConfigurationImpl(HardwareCryptoModule module) {
+    this.module = module;
+  }
+
+  /**
+   * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getModuleName()
+   */
+  public String getModuleName() {
+    return module.getName();
+  }
+
+  /**
+   * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getSlotID()
+   */
+  public String getSlotID() {
+    return module.getSlotID();
+  }
+
+  /**
+   * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getUserPIN()
+   */
+  public char[] getUserPIN() {
+    return module.getUserPIN().toCharArray();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java
new file mode 100644
index 0000000..05f5633
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.server.modules.keys.HardwareKeyModuleConfiguration;
+
+import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule;
+
+/**
+ * An implementation of the <code>HardwareKeyModuleConfiguration</code>
+ * interface wrapping a <code>HardwareKeyModule</code> from the MOA
+ * configuration.
+ * 
+ * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class HardwareKeyModuleConfigurationImpl
+  extends AbstractKeyModuleConfigurationImpl
+  implements HardwareKeyModuleConfiguration {
+
+  /** The wrapped <code>HardwareKeyModule</code>. */
+  private HardwareKeyModule keyModule;
+
+  /**
+   * Create a new <code>HardwareKeyModuleConfigurationImpl</code>.
+   * 
+   * @param keyModule The <code>HardwareKeyModule</code> from the underlying
+   * MOA configuration.
+   */
+  public HardwareKeyModuleConfigurationImpl(HardwareKeyModule keyModule) {
+    super(keyModule.getId());
+    this.keyModule = keyModule;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getModuleName()
+   */
+  public String getModuleName() {
+    return keyModule.getName();
+  }
+
+  /**
+   * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getSlotID()
+   */
+  public String getSlotID() {
+    return keyModule.getSlotID();
+  }
+
+  /**
+   * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getUserPIN()
+   */
+  public char[] getUserPIN() {
+    return keyModule.getUserPIN().toCharArray();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
new file mode 100644
index 0000000..87dd572
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.store.revocation.RevocationFactory;
+import iaik.pki.store.revocation.RevocationSourceStore;
+import iaik.pki.store.truststore.TrustStoreFactory;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.server.ConfigurationData;
+import iaik.server.Configurator;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroup;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.util.CertStoreConverter;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.SecProviderUtils;
+
+/**
+ * A class responsible for configuring the IAIK MOA modules.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikConfigurator {
+
+  /** The warnings encountered during configuration. */
+  private List warnings = new ArrayList();
+
+  /**
+   * Configure the IAIK MOA subsystem.
+   * 
+   * 
+   * @param moaConfig The underlying MOA configuration.
+   * @return Returns the config data of the underlying MOA subsystem
+   * @throws ConfigurationException An error occurred configuring the IAIK
+   * MOA subsystem.
+   */
+  public ConfigurationData configure(ConfigurationProvider moaConfig)
+    throws ConfigurationException {
+    ConfigurationData configData = new ConfigurationDataImpl(moaConfig);
+    
+    warnings = new ArrayList();
+
+    try {
+      TransactionId transId = new TransactionId("IaikConfigurator");
+      
+      //SecProviderUtils.dumpSecProviders("Starting configuration");
+      
+      try {
+    	  iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), 
+    			  transId);
+    	  //SecProviderUtils.dumpSecProviders("initCommon");
+    	  String certStoreRoot = moaConfig.getCertStoreLocation();
+    	  CertStoreConverter.convert(certStoreRoot, transId);
+      } finally {
+    	  //Security.removeProvider(ECCelerate.getInstance().getName());
+      }
+      
+      Configurator.init(configData, transId);
+      
+      SecProviderUtils.dumpSecProviders("Fully configured!");
+      
+      // Set customized CRL retriever to overcome a classloader problem when MOA is deployed in Tomcat
+      RevocationSourceStore rss = RevocationFactory.getInstance(transId).getRevocationSourceStore();
+      //rss.setRetriever(new CRLRetriever(), RevocationSourceTypes.CRL);
+      if ((moaConfig.getSoftwareKeyModules().size() > 0) || (moaConfig.getHardwareKeyModules().size() > 0)) {
+        dumpKeyEntryIDs();
+      }
+      checkKeyGroupConfig(moaConfig);
+      TrustStoreFactory.reset();
+      
+      return configData;
+    } catch (iaik.server.ConfigurationException e) {
+      throw new ConfigurationException("config.08", null, e);
+    } catch (Throwable t) {
+      throw new ConfigurationException("config.08", null, t);
+    }
+  }
+
+  /**
+   * Return the warnings encountered during configuration.
+   * 
+   * @return The warnings.
+   */  
+  public List getWarnings() {
+    return warnings;
+  }
+
+  /**
+   * Dump all <code>KeyEntryID</code>s contained in the configured
+   * <code>KeyModule</code>s to the log file.
+   */
+  private void dumpKeyEntryIDs() {
+    MessageProvider msg = MessageProvider.getInstance();
+    KeyModule module = KeyModuleFactory.getInstance(new TransactionId("dump"));
+    Set keyEntryIds = module.getPrivateKeyEntryIDs();
+    Iterator iter;
+
+    for (iter = keyEntryIds.iterator(); iter.hasNext();) {
+      KeyEntryID keyEntryId = (KeyEntryID) iter.next();
+      Logger.info(
+        new LogMsg(msg.getMessage("config.19", new Object[] { keyEntryId })));
+    }
+  }
+
+  /**
+   * Check that each key group entry in each key group can be resolved to a 
+   * KeyEntryID.
+   * 
+   * Logs a warning for each key group entry that cannot be resolved.
+   * 
+   * @param moaConfig The MOA configuration to check.
+   */
+  private void checkKeyGroupConfig(ConfigurationProvider moaConfig) {
+    Map keyGroups = moaConfig.getKeyGroups();
+    Iterator iter;
+
+    for (iter = keyGroups.values().iterator(); iter.hasNext();) {
+      KeyGroup keyGroup = (KeyGroup) iter.next();
+      Set keyGroupEntries = keyGroup.getKeyGroupEntries();
+      Iterator kgIter;
+
+      for (kgIter = keyGroupEntries.iterator(); kgIter.hasNext();) {
+        KeyGroupEntry entry = (KeyGroupEntry) kgIter.next();
+
+        if (!findKeyEntryID(entry)) {
+          warn(
+            "config.31",
+            new Object[] {
+              keyGroup.getId(),
+              entry.getModuleID(),
+              entry.getIssuerDN(),
+              entry.getSerialNumber()});
+        }
+      }
+    }
+  }
+
+  /**
+   * Find out that a certain KeyGroupEntry could be resolved to a KeyEntryID
+   * by the Configurator.
+   *
+   * @param keyGroupEntry The key group entry to find.
+   * @return <code>true</code>, if the <code>keyGroupEntry</code> could be
+   * resolved to a <code>KeyEntryID</code>; otherwise <code>false</code>.
+   */
+  private boolean findKeyEntryID(KeyGroupEntry keyGroupEntry) {
+    KeyModule module = KeyModuleFactory.getInstance(new TransactionId("check"));
+    Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+    Iterator iter;
+
+    for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+      KeyEntryID entry = (KeyEntryID) iter.next();
+
+      if (entry.getCertificateIssuer().equals(keyGroupEntry.getIssuerDN())
+        && entry.getCertificateSerialNumber().equals(
+          keyGroupEntry.getSerialNumber())
+        && entry.getModuleID().equals(keyGroupEntry.getModuleID())) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Log a warning.
+   * 
+   * @param messageId The message ID.
+   * @param args Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private void warn(String messageId, Object[] args) {
+    MessageProvider msg = MessageProvider.getInstance();
+    String txt = msg.getMessage(messageId, args);
+
+    Logger.warn(new LogMsg(txt));
+    warnings.add(txt);
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java
new file mode 100644
index 0000000..3fb842f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.util.Properties;
+
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LoggerConfig;
+
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+/**
+ * Default implementation of the <code>LoggerConfig</code> interface.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class LoggerConfigImpl implements LoggerConfig {
+  
+  /** The implementation of iaik.logging.LogFactory. */
+  private static final String DEFAULT_IMPLEMENTATION = 
+    "at.gv.egovernment.moa.spss.server.logging.IaikLogFactory";
+
+  public String getFactory() {
+    return DEFAULT_IMPLEMENTATION;
+  }
+
+  public Properties getProperties() throws LogConfigurationException {
+    return new Properties();
+  }
+
+  public String getNodeId() {
+    return LoggingContextManager.getInstance().getLoggingContext().getNodeID();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java
new file mode 100644
index 0000000..5e29b5c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.pathvalidation.ValidationConfiguration;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>PKIConfiguration</code> interface using data
+ * from the MOA configuration.
+ * 
+ * @see iaik.pki.PKIConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class PKIConfigurationImpl implements PKIConfiguration {
+	/** The <code>CertStore</code> configuration. */
+	private CertStoreConfiguration certStoreConfiguration;
+	/** The revocation checking configuration. */
+	private RevocationConfiguration revocationConfiguration;
+	/** The revocation archive configuration. */
+	private ArchiveConfiguration archiveConfiguration;
+	/** The certificate validation configuration. */
+	private ValidationConfiguration validationConfiguration;
+
+	/**
+	 * Create a new <code>PKIConfigurationImpl</code>.
+	 * 
+	 * @param config
+	 *            The underlying MOA configuration which will be used to build
+	 *            the configuration data contained in this object.
+	 */
+	public PKIConfigurationImpl(ConfigurationProvider config) {
+
+		this.certStoreConfiguration = new CertStoreConfigurationImpl(config);
+		this.revocationConfiguration = new RevocationConfigurationImpl(config);
+
+		boolean archiveInfo = config.getEnableRevocationArchiving();
+		if (archiveInfo) {
+			this.archiveConfiguration = new ArchiveConfigurationImpl(config);
+		} else {
+			this.archiveConfiguration = null;
+		}
+
+		this.validationConfiguration = new ValidationConfigurationImpl(config);
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
+	 */
+	public CertStoreConfiguration getCertStoreConfiguration() {
+		return certStoreConfiguration;
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
+	 */
+	public RevocationConfiguration getRevocationConfiguration() {
+		return revocationConfiguration;
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
+	 */
+	public ArchiveConfiguration getArchiveConfiguration() {
+		return archiveConfiguration;
+	}
+
+	/**
+	 * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
+	 */
+	public ValidationConfiguration getValidationConfiguration() {
+		return validationConfiguration;
+	}
+
+	@Override
+	public int getConnectTimeout() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return 0;
+	}
+
+	@Override
+	public int getReadTimeout() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return 0;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java
new file mode 100644
index 0000000..b03c4a2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
+
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>RevocationConfiguration</code> interface using
+ * MOA configuration data.
+ * 
+ * @see iaik.pki.revocation.RevocationConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RevocationConfigurationImpl extends AbstractObservableConfiguration implements RevocationConfiguration {
+
+	/**
+	 * The <code>ConfigurationProvider</code> to read the configuration data
+	 * from.
+	 */
+	private ConfigurationProvider config;
+
+	/**
+	 * Create a new <code>RevocationConfigurationImpl</code>.
+	 * 
+	 * @param config
+	 *            The underlying MOA configuration containing the configuration
+	 *            data.
+	 */
+	public RevocationConfigurationImpl(ConfigurationProvider config) {
+		this.config = config;
+	}
+
+	/**
+	 * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints
+	 */
+	public Set getAlternativeDistributionPoints(X509Certificate cert, X509Certificate issuer, Date date) {
+		return config.getDistributionPoints(cert);
+	}
+
+	/**
+	 * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String,
+	 *      java.lang.String)
+	 */
+	public boolean archiveRevocationInfo(String type, String uri) {
+		return config.getEnableRevocationArchiving();
+	}
+
+	/**
+	 * @see iaik.pki.revocation.RevocationConfiguration#getCrlRetentionInterval(java.lang.String)
+	 */
+	public Integer getCrlRetentionInterval(String issuername) {
+		Map map = config.getCrlRetentionIntervals();
+		Integer interval = (Integer) map.get(issuername);
+
+		return interval;
+	}
+
+	@Override
+	public DBCrlConfig getDataBaseCRLConfig() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return null;
+	}
+
+	@Override
+	public boolean getKeepRevocationInfo() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return false;
+	}
+
+	@Override
+	public Set getPositiveOCSPResponders() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return null;
+	}
+
+	@Override
+	public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return false;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java
new file mode 100644
index 0000000..937f32f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import iaik.server.modules.keys.ConfigurationException;
+import iaik.server.modules.keys.SoftwareKeyModuleConfiguration;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+
+import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * An implementation of the <code>SoftwareKeyModuleConfiguration</code> wrapping
+ * a <code>SoftwareKeyModule</code> from the MOA configuration.
+ * 
+ * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SoftwareKeyModuleConfigurationImpl
+  extends AbstractKeyModuleConfigurationImpl
+  implements SoftwareKeyModuleConfiguration {
+
+  /** The wrapped <code>SoftwareKeyModule</code>. */
+  private SoftwareKeyModule keyModule;
+
+  /**
+   * Create a new <code>SoftwareKeyModuleConfigurationImpl</code>.
+   * 
+   * @param keyModule The <code>SoftwareKeyModule</code> from the underlying MOA
+   * configuration.
+   */
+  public SoftwareKeyModuleConfigurationImpl(SoftwareKeyModule keyModule) {
+    super(keyModule.getId());
+    this.keyModule = keyModule;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreTypeName()
+   */
+  public String getKeyStoreTypeName() {
+    return KEY_STORE_TYPE_NAME_PKCS12;
+  }
+
+  /**
+   * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreAsStream()
+   */
+  public InputStream getKeyStoreAsStream() {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    try {
+      String message = 
+        msg.getMessage("config.18", new Object[] { keyModule.getFileName()});
+      Logger.info(new LogMsg(message));
+      return new FileInputStream(keyModule.getFileName());
+    } catch (FileNotFoundException e) {
+      String message =
+        msg.getMessage("config.09", new Object[] { keyModule.getFileName()});
+
+      throw new ConfigurationException(message, e, null);
+    }
+  }
+
+  /**
+   * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreAuthenticationData()
+   */
+  public char[] getKeyStoreAuthenticationData() {
+    return keyModule.getPassWord().toCharArray();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java
new file mode 100644
index 0000000..9e26fb8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.config;
+
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+import iaik.pki.pathvalidation.ValidationConfiguration;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>ValidationConfiguration</code> interface using
+ * MOA configuration data.
+ * 
+ * @see iaik.pki.pathvalidation.ValidationConfiguration
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ValidationConfigurationImpl
+  extends AbstractObservableConfiguration
+  implements ValidationConfiguration {
+
+  /** The <code>ConfigurationProvider</code> to read the configuration data
+   * from. */
+  private ConfigurationProvider config;
+
+  /**
+   * Create a new <code>ValidationConfigurationImpl</code>.
+   * 
+   * @param config The underlying MOA configuration data.
+   */
+  public ValidationConfigurationImpl(ConfigurationProvider config) {
+    this.config = config;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
+   */
+  public String getChainingMode(X509Certificate cert) {
+    return config.getChainingMode(cert);
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
+   */
+  public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate cert) {
+    return null;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
+   */
+  public X509Certificate getPublicKeyParamsAsCert(X509Certificate cert) {
+    return null;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
new file mode 100644
index 0000000..491986b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.pki;
+
+import iaik.pki.PKIProfile;
+import iaik.pki.pathvalidation.ValidationProfile;
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+
+/**
+ * Implementation of the <code>PKIProfile</code> interface containing
+ * information needed for certificate path validation. It uses configuration
+ * data from the MOA configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class PKIProfileImpl implements PKIProfile {
+
+	/** Profile information for revocation checking. */
+	private RevocationProfile revocationProfile;
+	/** Profile information about the trust profile to use. */
+	private TrustStoreProfile trustStoreProfile;
+	/** Profile information about the certificate validation. */
+	private ValidationProfile validationProfile;
+	/**
+	 * The <code>ConfigurationProvider</code> to read the MOA configuration data
+	 * from.
+	 */
+	private ConfigurationProvider config;
+
+	/**
+	 * Create a new <code>PKIProfileImpl</code>.
+	 * 
+	 * @param config
+	 *            The MOA configuration providing configuration data about
+	 *            certificate path validation.
+	 * @param trustProfileID
+	 *            The trust profile ID denoting the location of the trust store.
+	 * @throws MOAApplicationException
+	 *             An error occurred building the profile.
+	 */
+	public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException {
+
+		this.config = config;
+		setRevocationProfile(new RevocationProfileImpl(config));
+		setTrustStoreProfile(new TrustStoreProfileImpl(config, trustProfileID));
+		setValidationProfile(new ValidationProfileImpl(config));
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#autoAddCertificates()
+	 */
+	/*public boolean autoAddCertificates() {
+		return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates();
+	}*/
+
+	/**
+	 * @see iaik.pki.PKIProfile#getRevocationProfile()
+	 */
+	public RevocationProfile getRevocationProfile() {
+		return revocationProfile;
+	}
+
+	/**
+	 * Sets the <code>RevocationProfile</code>.
+	 * 
+	 * @param revocationProfile
+	 *            The <code>RevocationProfile</code> used for revocation
+	 *            checking.
+	 */
+	protected void setRevocationProfile(RevocationProfile revocationProfile) {
+		this.revocationProfile = revocationProfile;
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#getTrustStoreProfile()
+	 */
+	public TrustStoreProfile getTrustStoreProfile() {
+		return trustStoreProfile;
+	}
+
+	/**
+	 * Sets the <code>TrustStoreProfile</code>.
+	 * 
+	 * @param trustStoreProfile
+	 *            The <code>TrustStoreProfile</code>.
+	 */
+	protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) {
+		this.trustStoreProfile = trustStoreProfile;
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#getValidationProfile()
+	 */
+	public ValidationProfile getValidationProfile() {
+		return validationProfile;
+	}
+
+	/**
+	 * Sets the <code>ValidationProfile</code>.
+	 * 
+	 * @param validationProfile
+	 *            The <code>ValidationProfile</code> to set.
+	 */
+	protected void setValidationProfile(ValidationProfile validationProfile) {
+		this.validationProfile = validationProfile;
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
+	 */
+	public boolean useAuthorityInfoAccess() {
+		return config.getUseAuthorityInfoAccess();
+	}
+
+	/**
+	 * @see iaik.pki.PKIProfile#autoAddCertificates()
+	 */
+	@Override
+	public int autoAddCertificates() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return 0;
+	}
+
+	@Override
+	public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
+		// TODO AFITZEK TODO IMPLEMENT THIS METHOD
+		return null;
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java
new file mode 100644
index 0000000..7e62d60
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation;
+
+import iaik.pki.pathvalidation.ValidationProfile;
+
+import java.util.Collections;
+import java.util.Set;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>ValidationProfile</code> interface providing
+ * information about certificat path validation. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ValidationProfileImpl implements ValidationProfile {
+
+  /** The <code>ConfigurationProvider</code> to read the configuration data
+   * from. */
+  private ConfigurationProvider config;
+  private boolean initialAnyPolicyInhibit;
+  private boolean initialExplicitPolicy;
+  private boolean initialPolicyMappingInhibit;
+  private Set initialPolicySet;
+  private boolean nameConstraintsProcessing;
+  private boolean policyProcessing;
+
+  /**
+   * Create a new <code>ValidationProfileImpl</code> object.
+   * 
+   * This objects's fields are preset to the following values:
+   * 
+   * <ul>
+   * <li><code>initialAnyPolicyInhibit = true</code></li>
+   * <li><code>initialExplicitPoliy = true</code></li>
+   * <li><code>initialPolicyMappingInhibit = true</code></li>
+   * <li><code>initialPolicySet = empty</code></li>
+   * <li><code>policyProcessing = false</code></li>
+   * <li><code>nameConstraintsProcessing = false</code></li>
+   * <li><code>revocationChecking = false</code></li>
+   * </ul>
+   * 
+   * @param config MOA configuration data for additional configuration
+   * information (currently unused). 
+   */
+  public ValidationProfileImpl(ConfigurationProvider config) {
+    this.config = config;
+    initialAnyPolicyInhibit = true;
+    initialExplicitPolicy = true;
+    initialPolicyMappingInhibit = true;
+    initialPolicySet = Collections.EMPTY_SET;
+    policyProcessing = false;
+    nameConstraintsProcessing = false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
+   */
+  public boolean getInitialAnyPolicyInhibit() {
+    return initialAnyPolicyInhibit;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
+   */
+  public boolean getInitialExplicitPolicy() {
+    return initialExplicitPolicy;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
+   */
+  public boolean getInitialPolicyMappingInhibit() {
+    return initialPolicyMappingInhibit;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
+   */
+  public Set getInitialPolicySet() {
+    return initialPolicySet;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
+   */
+  public boolean getPolicyProcessing() {
+    return policyProcessing;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
+   */
+  public boolean getNameConstraintsProcessing() {
+    return nameConstraintsProcessing;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
+   */
+  public boolean getRevocationChecking() 
+  {
+    return config.getEnableRevocationChecking();
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java
new file mode 100644
index 0000000..14627b2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.pki.revocation;
+
+import java.security.cert.X509Certificate;
+
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.revocation.RevocationSourceTypes;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * An implementation of the <code>RevocationProfile</code> interface providing
+ * information about revocation status checking, based on MOA configuration
+ * data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RevocationProfileImpl implements RevocationProfile {
+  /** The default service order. */
+  private static final String[] DEFAULT_SERVICE_ORDER =
+    { RevocationSourceTypes.CRL, RevocationSourceTypes.OCSP };
+  /** The <code>ConfigurationProvider</code> to read the MOA configuration data
+   * from. */
+  private ConfigurationProvider config;
+  /** The OCSP request hash algorithm. Currently only "SHA" is supported. */
+  private static final String oCSPRequestHashAlgorithm = "SHA";
+
+  /**
+   * Create a new <code>RevocationProfileImpl</code>.
+   * 
+   * @param config The MOA configuration data.
+   */
+  public RevocationProfileImpl(ConfigurationProvider config) {
+    this.config = config;
+    // currently only "SHA" is supported
+//    this.oCSPRequestHashAlgorithm = "";
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(String)
+   */
+  public long getMaxRevocationAge(String distributionPointUri) 
+  {
+    return config.getMaxRevocationAge();
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
+   */
+  public String getOCSPRequestHashAlgorithm() {
+    return oCSPRequestHashAlgorithm;
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
+   */
+  public String[] getPreferredServiceOrder(X509Certificate cert) 
+  {
+    String[] serviceOrder = config.getServiceOrder();
+    if (serviceOrder == null || serviceOrder.length == 0) return DEFAULT_SERVICE_ORDER; 
+    return serviceOrder;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
new file mode 100644
index 0000000..50f237a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+import iaik.pki.store.observer.NotificationData;
+import iaik.pki.store.observer.Observer;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+
+/**
+ * An implementation of the <code>TrustStoreProfile</code> interface, using data
+ * from the MOA configuration.
+ * 
+ * @see iaik.pki.store.truststore.TrustStoreProfile 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TrustStoreProfileImpl implements TrustStoreProfile {
+
+  /** The observers of this profile. */
+  private List observers = new ArrayList();
+  
+  /**
+   * The trust profile identifier. 
+   */
+  private String id_;
+  
+  /** The type of the trust profile. */
+  private String type;
+  /** The URI of the trust profile.*/
+  private String URI;
+
+  /**
+   * Create a new <code>TrustStoreProfileImpl</code>.
+   * 
+   * @param config The MOA configuration data, from which trust store
+   * configuration data is read.
+   * @param trustProfileId The trust profile id on which this
+   * <code>TrustStoreProfile</code> is based.
+   * @throws MOAApplicationException The <code>trustProfileId</code> could not
+   * be found in the MOA configuration.
+   */
+  public TrustStoreProfileImpl(
+    ConfigurationProvider config,
+    String trustProfileId)
+    throws MOAApplicationException {
+
+    TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId);
+    if (tp != null) 
+    {
+      id_ = trustProfileId;
+      setURI(tp.getUri());
+      setType(TrustStoreTypes.DIRECTORY);
+    } 
+    else 
+    {
+      throw new MOAApplicationException("2203", new Object[] { trustProfileId });
+    }
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
+   */
+  public String getType() {
+    return type;
+  }
+
+  /**
+   * Sets the the trust store type.
+   * 
+   * @param type The trust store type to set. 
+   */
+  protected void setType(String type) {
+    this.type = type;
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
+   */
+  public String getURI() {
+    return URI;
+  }
+
+  /**
+   * Sets the trust store URI.
+   * 
+   * @param URI The trust store URI to set.
+   */
+  protected void setURI(String URI) {
+    this.URI = URI;
+  }
+
+  //
+  // Methods of iaik.pki.store.observer.Observable interface
+  //
+
+  /**
+   * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
+   */
+  public void addObserver(Observer observer) {
+    observers.add(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
+   */
+  public boolean removeObserver(Observer observer) {
+    return observers.remove(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
+   */
+  public void notify(NotificationData notificationData) {
+    for (Iterator iter = observers.iterator(); iter.hasNext();) {
+      Observer observer = (Observer) iter.next();
+      observer.notify(notificationData);
+    }
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
+   */
+  public String getId()
+  {
+    return id_;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java
new file mode 100644
index 0000000..cc12861
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.Base64Transformation;
+
+/**
+ * An implementation of the <code>Base64Transformation</code>
+ * <code>Transformation</code> type.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class Base64TransformationImpl
+  extends TransformationImpl
+  implements Base64Transformation {
+  
+  /**
+   * Create a new <code>Base64TransformationImpl</code>.
+   * 
+   * @see java.lang.Object#Object()
+   */  
+  public Base64TransformationImpl() {
+    setAlgorithmURI(Base64Transformation.BASE64_DECODING);
+  }
+
+  /**
+   * Compare this <code>Base64Transformation</code> to another.
+   * 
+   * @param other The object to compare this<code>Base64Transformation</code> 
+   * to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>Base64Transformation</code> and the algorithm URIs match, otherwise
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */  
+  public boolean equals(Object other) {
+    if (other instanceof Base64Transformation) {
+      Base64Transformation transform = (Base64Transformation) other;
+      return getAlgorithmURI().equals(transform.getAlgorithmURI());
+    }
+    return false;
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java
new file mode 100644
index 0000000..4d627d7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import iaik.server.modules.xml.BinaryDataObject;
+
+/**
+ * A <code>BinaryDataObject</code> encapsulating Base64 data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ByteArrayDataObjectImpl
+  extends DataObjectImpl
+  implements BinaryDataObject {
+
+  /** The binary data contained in this <code>BinaryDataObject</code>. */
+  private byte[] bytes;
+
+  /**
+   * Create a new <code>ByteArrayDataObjectImpl</code>.
+   * 
+   * @param bytes The binary data contained in this 
+   * <code>BinaryDataObject</code>.
+   */
+  public ByteArrayDataObjectImpl(byte[] bytes) {
+    setBytes(bytes);
+  }
+
+  /**
+   * Set the Base64 data.
+   * 
+   * @param bytes The binary data contained in this 
+   * <code>BinaryDataObject</code>.
+   */
+  public void setBytes(byte[] bytes) {
+    this.bytes = bytes;
+  }
+
+  /**
+   * Return the binary data encoded in the Base64 <code>String</code> as a
+   * stream.
+   * 
+   * @return The binary data contained in this object, as a
+   * <code>InputStream</code>. Repeated calls to this function will return a
+   * new stream to the Base64 data.
+   * @see iaik.server.modules.xml.BinaryDataObject#getInputStream()
+   */
+  public InputStream getInputStream() {
+    return new ByteArrayInputStream(bytes);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java
new file mode 100644
index 0000000..b982c8e
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.io.InputStream;
+
+import iaik.server.modules.xml.BinaryDataObject;
+
+/**
+ * A <code>BinaryDataObject</code> encapsulating binary data from a stream. 
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ByteStreamDataObjectImpl
+  extends DataObjectImpl
+  implements BinaryDataObject {
+
+  /** The <code>InputStream</code> containing the binary data. */
+  private InputStream inputStream;
+
+  /**
+   * Create a new <code>ByteStreamDataObjectImpl</code>.
+   * 
+   * @param inputStream The stream from which to read the binary data.
+   */
+  public ByteStreamDataObjectImpl(InputStream inputStream) {
+    setInputStream(inputStream);
+  }
+
+  /**
+   * Set the input stream from which to read the binary data.
+   * 
+   * @param inputStream The input stream from which to read the binary data.
+   */
+  public void setInputStream(InputStream inputStream) {
+    this.inputStream = inputStream;
+  }
+
+  /**
+   * Return the binary data from this object as a stream.
+   * 
+   * @return The stream containing the binary data. Calling this function
+   * repeatedly will always return the same <code>InputStream</code>.
+   * @see iaik.server.modules.xml.BinaryDataObject#getInputStream()
+   */
+  public InputStream getInputStream() {
+    return inputStream;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java
new file mode 100644
index 0000000..0c3a8da
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.Canonicalization;
+
+/**
+ * An implementation of the <code>CanonicalizationTransform</code>
+ * <code>Transformation</code> type.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CanonicalizationImpl
+  extends TransformationImpl
+  implements Canonicalization {
+   
+  /**
+   * Create a new <code>CanonicalizationTransformImpl</code> object.
+   * 
+   * @param algorithmURI The canonicalization algorithm URI.
+   */ 
+  public CanonicalizationImpl(String algorithmURI) {
+    setAlgorithmURI(algorithmURI);
+  }
+    
+  /**
+   * Compare this object to another <code>Canonicalization</code>.
+   * 
+   * @param other The object to compare this 
+   * <code>Canonicalization</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>Canonicalization</code> and the algorithm URIs match, otherwise
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof Canonicalization) {
+      Canonicalization c14n = (Canonicalization) other;
+      return getAlgorithmURI().equals(c14n.getAlgorithmURI());
+    }
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java
new file mode 100644
index 0000000..702caaf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.DataObject;
+
+/**
+ * Abstract base implementation for the classes derived from
+ * <code>DataObject</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class DataObjectImpl implements DataObject {
+  
+  /** The MIME type of the data object. */
+  private String mimeType;
+  /** The refernce ID. */
+  private String referenceID;
+  /** The URI of the type. */
+  private String typeURI;
+  /** The URI identifying the data. */
+  private String URI;
+  
+  /**
+   * @see iaik.server.modules.xml.DataObject#getMimeType()
+   */
+  public String getMimeType() {
+    return mimeType;
+  }
+
+  /**
+   * Set the mime type.
+   * 
+   * @param mimeType The mime type to set.
+   */
+  public void setMimeType(String mimeType) {
+    this.mimeType = mimeType;
+  }
+  
+  /**
+   * @see iaik.server.modules.xml.DataObject#getReferenceID()
+   */
+  public String getReferenceID() {
+    return referenceID;
+  }
+  
+  /**
+   * Set the reference ID.
+   * 
+   * @param referenceID The reference ID.
+   */
+  public void setReferenceID(String referenceID) {
+    this.referenceID = referenceID;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.DataObject#getTypeURI()
+   */
+  public String getTypeURI() {
+    return typeURI;
+  }
+
+  /**
+   * Set the type URI.
+   * 
+   * @param typeURI The type URI.
+   */
+  public void setTypeURI(String typeURI) {
+    this.typeURI = typeURI;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.DataObject#getURI()
+   */
+  public String getURI() {
+    return URI;
+  }
+  
+  /**
+   * Set the URI.
+   * 
+   * @param URI The URI.
+   */
+  public void setURI(String URI) {
+    this.URI = URI;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java
new file mode 100644
index 0000000..d582594
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.EnvelopedSignatureTransformation;
+
+/**
+ * An implementation of the <code>EnvelopedSignatureTransformation</code>
+ * <code>Transformation</code> type.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class EnvelopedSignatureTransformationImpl
+  extends TransformationImpl
+  implements EnvelopedSignatureTransformation {
+
+  /**
+   * Create a new <code>EnvelopedSignatureTransformationImpl</code>.
+   */
+  public EnvelopedSignatureTransformationImpl() {
+    setAlgorithmURI(EnvelopedSignatureTransformation.ENVELOPED_SIGNATURE);
+  }
+
+  /**
+   * Compare this object to another <code>EnvelopedSignatureTransformation</code>.
+   * 
+   * @param other The object to compare this 
+   * <code>EnvelopedSignatureTransformation</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>EnvelopedSignatureTransformation</code>, otherwise 
+   * <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof EnvelopedSignatureTransformation) {
+      EnvelopedSignatureTransformation transform =
+        (EnvelopedSignatureTransformation) other;
+      return getAlgorithmURI().equals(transform.getAlgorithmURI());
+    }
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java
new file mode 100644
index 0000000..dfadf0c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.List;
+
+import iaik.server.modules.xml.ExclusiveCanonicalization;
+
+/**
+ * An implementation of the <code>ExclusiveCanonicalization</code> type
+ * of <code>Transformation</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ExclusiveCanonicalizationImpl
+  extends TransformationImpl
+  implements ExclusiveCanonicalization {
+
+  /** The prefixes of the namespaces to treat according to canonical XML. */
+  private List inclusiveNamespacePrefixes;
+
+  /**
+   * Create a new <code>ExclusiveCanonicalizationImpl</code> object.
+   * 
+   * @param algorithmURI The exclusive canonicalization algorithm URI.
+   * @param inclusiveNamespacePrefixes The namespace prefixes to be processed
+   * according to canonical XML.
+   */
+  public ExclusiveCanonicalizationImpl(
+    String algorithmURI,
+    List inclusiveNamespacePrefixes) {
+    setAlgorithmURI(algorithmURI);
+    setInclusiveNamespacePrefixes(inclusiveNamespacePrefixes);
+  }
+
+  /**
+   * Sets the namespace prefixes to be processed according to canonical XML.
+   * 
+   * @param inclusiveNamespacePrefixes The prefixes of the namespaces to treat
+   * according to canonical XML.
+   */
+  protected void setInclusiveNamespacePrefixes(List inclusiveNamespacePrefixes) {
+    this.inclusiveNamespacePrefixes = inclusiveNamespacePrefixes;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.ExclusiveCanonicalization#getInclusiveNamespacePrefixes()
+   */
+  public List getInclusiveNamespacePrefixes() {
+    return inclusiveNamespacePrefixes;
+  }
+
+  /**
+   * Compare this object to another <code>CanonicalizationTransform</code>.
+   * 
+   * @param other The object to compare this 
+   * <code>ExclusiveCanonicalization</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>ExclusiveCanonicalization</code> and the algorithm URIs match, 
+   * otherwise <code>false</code>.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof ExclusiveCanonicalization) {
+      ExclusiveCanonicalization eC14n =
+        (ExclusiveCanonicalization) other;
+      boolean algURIEquals = getAlgorithmURI().equals(eC14n.getAlgorithmURI());
+      boolean inclNSPrefs = 
+        (getInclusiveNamespacePrefixes() == null || getInclusiveNamespacePrefixes().isEmpty())
+        ? eC14n.getInclusiveNamespacePrefixes() == null || eC14n.getInclusiveNamespacePrefixes().isEmpty()
+        : getInclusiveNamespacePrefixes().equals(eC14n.getInclusiveNamespacePrefixes());
+      return algURIEquals && inclNSPrefs;
+    }
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java
new file mode 100644
index 0000000..9026d33
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.Date;
+
+import iaik.server.modules.xml.SigningTime;
+
+/**
+ * An implementation of the <code>SigningTime</code> <code>Property</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SigningTimeImpl implements SigningTime {
+  
+  /** The signing time. */
+  private Date signingTime;
+  
+  /**
+   * Create a new <code>SigningTimeImpl</code>.
+   * 
+   * @param signingTime The signing time.
+   */
+  public SigningTimeImpl(Date signingTime) {
+    this.signingTime = signingTime;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.SigningTime#getSigningTime()
+   */
+  public Date getSigningTime() {
+    return signingTime;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java
new file mode 100644
index 0000000..1595446
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import iaik.server.modules.xml.Transformation;
+
+/**
+ * Base implementation class for <code>Transformation</code> derived classes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public abstract class TransformationImpl implements Transformation {
+
+  /** The algorithm URI identifying the transformation algorithm. */
+  private String algorithmURI;
+  
+  /**
+   * @see iaik.server.modules.xml.Transformation#getAlgorithmURI()
+   */
+  public String getAlgorithmURI() {
+    return algorithmURI;
+  }
+
+  /**
+   * Sets the algorithm URI.
+   * 
+   * @param algorithmURI The algorithm URI to set.
+   */
+  protected void setAlgorithmURI(String algorithmURI) {
+    this.algorithmURI = algorithmURI;
+  }
+  
+  /**
+   * Returns the hash code of the algorithm URI. Should be overridden if a
+   * transformation distinguishes itself from others by more than just the
+   * algorithm URI.
+   * 
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getAlgorithmURI().hashCode();
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java
new file mode 100644
index 0000000..e8444b9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import org.w3c.dom.Element;
+
+import iaik.server.modules.xml.XMLDataObject;
+
+/**
+ * A <code>DataObject</code> containing a single DOM element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLDataObjectImpl
+  extends DataObjectImpl
+  implements XMLDataObject {
+  
+  /** The XML data contained in this <code>XMLDataObject</code>. */  
+  private Element element;
+  
+  /**
+   * Create a new <code>XMLDataObjectImpl</code>.
+   * 
+   * @param element The DOM element contained in this
+   * <code>XMLDataObject</code>.
+   */
+  public XMLDataObjectImpl(Element element) {
+    setElement(element);
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XMLDataObject#getElement()
+   */
+  public Element getElement() {
+    return element;
+  }
+
+  /**
+   * Set the DOM element contained in this <code>XMLDataObject</code>.
+   * 
+   * @param element The DOM element to set.
+   */
+  public void setElement(Element element) {
+    this.element = element;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java
new file mode 100644
index 0000000..2fb9df9
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import org.w3c.dom.NodeList;
+
+import iaik.server.modules.xml.XMLNodeListDataObject;
+
+/**
+ * A <code>DataObject</code> containing a list of DOM nodes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLNodeListDataObjectImpl
+  extends DataObjectImpl
+  implements XMLNodeListDataObject {
+
+  /** The nodes contained in this <code>XMLNodeListDataObject</code>. */
+  private NodeList nodeList;
+
+  /**
+   * Create a new <code>XMLNodeListDataObjectImpl</code>.
+   * 
+   * @param nodeList The list of DOM nodes contained in this
+   * <code>XMLNodeListDataObject</code>.
+   */
+  public XMLNodeListDataObjectImpl(NodeList nodeList) {
+    setNodeList(nodeList);
+  }
+
+  /**
+   * Set the list of DOM nodes contained in this
+   * <code>XMLNodeListDataObject</code>.
+   * 
+   * @param nodeList The list of DOM nodes to set.
+   */
+  public void setNodeList(NodeList nodeList) {
+    this.nodeList = nodeList;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XMLNodeListDataObject#getNodeList()
+   */
+  public NodeList getNodeList() {
+    return nodeList;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java
new file mode 100644
index 0000000..0774726
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import org.w3c.dom.Element;
+
+import iaik.server.modules.xml.XMLSignature;
+
+/**
+ * An object containing an XMLDsig signature in the form of a 
+ * <code>dsig:Signature</code> DOM element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureImpl implements XMLSignature {
+  /** The signature DOM element. */
+  private Element element;
+  
+  /**
+   * Create a new <code>XMLSignatureImpl</code>.
+   * 
+   * @param element The <code>dsig:Signature</code> DOM element.
+   */
+  public XMLSignatureImpl(Element element) {
+    setElement(element);
+  }
+  
+  /**
+   * Set the <code>dsig:Signature</code> DOM element.
+   * 
+   * @param element The <code>dsig:Signature</code> element to set.
+   */
+  public void setElement(Element element) {
+    this.element = element;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XMLSignature#getElement()
+   */
+  public Element getElement() {
+    return element;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java
new file mode 100644
index 0000000..d309302
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.Map;
+
+import iaik.server.modules.xml.XPath2Transformation;
+import iaik.server.modules.xml.XPath2Transformation.XPath2Filter;
+
+/**
+ * An object encapsulating an XPath-Filter2 expression.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPath2FilterImpl implements XPath2Filter {
+
+  /** The type of this filter. */
+  private String filterType;
+  /** The XPath expression of this filter. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to use for evaluating the XPath. */
+  private Map namespaceDeclarations;
+
+  /**
+   * Create a new <code>XPath2FilterImpl</code> object.
+   * 
+   * @param filterType The type of filter. Must be one of the filter type
+   * constants declared in <code>iaik.server.modules.xml.XPath2Transformation.XPath2Filter</code>
+   * @param xPathExpression The XPath expression belonging to this filter.
+   * @param namespaceDeclarations The namespace declarations visible for this
+   * XPath2Filter.
+   */
+  public XPath2FilterImpl(
+    String filterType,
+    String xPathExpression,
+    Map namespaceDeclarations) {
+
+    setFilterType(filterType);
+    setXPathExpression(xPathExpression);
+    setNamespaceDeclarations(namespaceDeclarations);
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getFilterType()
+   */
+  public String getFilterType() {
+    return filterType;
+  }
+
+  /**
+   * Set the filter type.
+   * 
+   * @param filterType The filter type to set.
+   */
+  protected void setFilterType(String filterType) {
+    this.filterType = filterType;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getXPathExpression()
+   */
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * Set the XPath expression.
+   * 
+   * @param xPathExpression The XPath expression to set.
+   */
+  protected void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getNamespaceDeclarations()
+   */
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+  /**
+   * Set the namespace declarations.
+   * 
+   * @param namespaceDeclarations The mapping between namespace prefixes and
+   * their associated URI.
+   */
+  protected void setNamespaceDeclarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  /**
+   * Compare this object to another.
+   * 
+   * @param other The object to compare this <code>XPath2Filter</code> to.
+   * @return <code>true</code>, if <code>other</code> is a
+   * <code>XPath2Filter</code> and the filter types match and the XPath
+   * expressions match. Otherwise <code>false</code> is returned.
+   * @see java.lang.Object#equals(java.lang.Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof XPath2Transformation.XPath2Filter) {
+      XPath2Filter filter = (XPath2Transformation.XPath2Filter) other;
+      return getFilterType().equals(filter.getFilterType())
+        && getXPathExpression().equals(filter.getXPathExpression());
+    }
+    return false;
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getXPathExpression().hashCode() * 31 + getFilterType().hashCode();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java
new file mode 100644
index 0000000..f483b18
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.server.modules.xml.XPath2Transformation;
+
+/**
+ * An object encapsulating a <code>Transformation</code> containing several
+ * XPath-Filter2 expressions.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPath2TransformationImpl
+  extends TransformationImpl
+  implements XPath2Transformation {
+
+  /** The filters contained in this <code>XPath2Transformation</code> */
+  private List xPathFilters = new ArrayList();
+
+  /**
+   * Create a new <code>XPath2TransformationImpl</code>.
+   * 
+   * The list of XPath-Filter2 expression is initially empty.
+   */
+  public XPath2TransformationImpl() {
+    setAlgorithmURI(XPath2Transformation.XPATH2);
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPath2Transformation#getXPathFilters()
+   */
+  public List getXPathFilters() {
+    return xPathFilters;
+  }
+
+  /**
+   * Add an XPath-Filter2 expression to the list of filters.
+   * 
+   * @param filter The filter to add.
+   */
+  public void addXPathFilter(XPath2Filter filter) {
+    xPathFilters.add(filter);
+  }
+
+  /**
+   * Compare this <code>XPath2Transformation</code> to another.
+   * 
+   * @param other The object to compare this 
+   * <code>XPath2Transformation</code> to.
+   * @return <code>true</code>, if <code>other</code> is an
+   * <code>XPath2Transformation</code> and <code>getXPathFilters()</code> equals
+   * <code>other.getXPathFilters()</code>. Otherwise <code>false</code> is
+   * returned.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof XPath2Transformation) {
+      XPath2Transformation transform = (XPath2Transformation) other;
+
+      return getXPathFilters().equals(transform.getXPathFilters());
+    }
+    return false;
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    Iterator iter = getXPathFilters().iterator();
+    int hashCode = 0;
+
+    while (iter.hasNext()) {
+      hashCode ^= iter.next().hashCode();
+    }
+
+    return hashCode;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java
new file mode 100644
index 0000000..06cc319
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.util.Map;
+
+import iaik.server.modules.xml.XPathTransformation;
+
+/**
+ * A <code>Transformation</code> containing an XPath expression.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XPathTransformationImpl
+  extends TransformationImpl
+  implements XPathTransformation {
+
+  /** The XPath expression. */
+  private String xPathExpression;
+  /** The namespace prefix to URI mapping to use for XPath evaluation. */
+  private Map namespaceDeclarations;
+
+  /**
+   * Create a new <code>XPathTransformationImpl</code>.
+   * 
+   * The namespace declarations are initialized empty.
+   * 
+   * @param xPathExpression The XPath expression this object will contain.
+   * @param namespaceDeclarations The namespace declarations visible for this
+   * XPath.
+   */
+  public XPathTransformationImpl(
+    String xPathExpression,
+    Map namespaceDeclarations) {
+
+    setAlgorithmURI(XPathTransformation.XPATH);
+    setXPathExpression(xPathExpression);
+    setNamespaceDeclarations(namespaceDeclarations);
+  }
+
+  /**
+   * Set the XPath expression.
+   * 
+   * @param xPathExpression The XPath expression.
+   */
+  protected void setXPathExpression(String xPathExpression) {
+    this.xPathExpression = xPathExpression;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPathTransformation#getXPathExpression()
+   */
+  public String getXPathExpression() {
+    return xPathExpression;
+  }
+
+  /**
+   * @see iaik.server.modules.xml.XPathTransformation#getNamespaceDeclarations()
+   */
+  public Map getNamespaceDeclarations() {
+    return namespaceDeclarations;
+  }
+
+  /**
+   * Set the namespace declarations.
+   * 
+   * @param namespaceDeclarations The mapping between namespace prefixes and
+   * their associated URI.
+   */
+  protected void setNamespaceDeclarations(Map namespaceDeclarations) {
+    this.namespaceDeclarations = namespaceDeclarations;
+  }
+
+  /**
+   * Compare this <code>XPathTransformation</code> to another.
+   * 
+   * @param other The object to compare this 
+   * <code>XPathTransformation</code> to.
+   * @return <code>true</code>, if <code>other</code> is an
+   * <code>XPathTransformation</code> and if this object contains the same XPath
+   * expression as <code>other</code>. Otherwise <code>false</code> is returned.
+   * @see java.lang.Object#equals(Object)
+   */
+  public boolean equals(Object other) {
+    if (other instanceof XPathTransformation) {
+      XPathTransformation transform = (XPathTransformation) other;
+      return getXPathExpression().equals(transform.getXPathExpression());
+    }
+    return false;
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+    return getXPathExpression().hashCode();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java
new file mode 100644
index 0000000..1c5d26a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.spss.server.iaik.xml;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Collections;
+
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.TransformException;
+import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.util.NodeListToNodeSetDataAdapter;
+import at.gv.egovernment.moa.util.NodeListAdapter;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.XPathException;
+import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.server.modules.xml.XSLTTransformation;
+import iaik.xml.crypto.dsig.XMLSignatureFactory;
+
+/**
+ * A <code>Transformation</code> containing an XSLT transformation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XSLTTransformationImpl extends TransformationImpl implements XSLTTransformation {
+
+	/** The XSLT stylesheet. */
+	private Element styleSheetElement;
+	/**
+	 * The hash code of the canonicalized stylesheet. If calculated, this value
+	 * should be != 0.
+	 */
+	private int hashCode;
+
+	/**
+	 * Create a new <code>XSLTTransformationImpl</code> object.
+	 * 
+	 * @param styleSheetElement
+	 *            The XSLT stylesheet element.
+	 */
+	public XSLTTransformationImpl(Element styleSheetElement) {
+		setAlgorithmURI(XSLTTransformation.XSLT);
+		setStyleSheetElement(styleSheetElement);
+	}
+
+	/**
+	 * Set the XSLT stylesheet element.
+	 * 
+	 * @param styleSheetElement
+	 *            The XSLT stylesheet element to set.
+	 */
+	protected void setStyleSheetElement(Element styleSheetElement) {
+		this.styleSheetElement = styleSheetElement;
+		this.hashCode = 0;
+	}
+
+	/**
+	 * @see iaik.server.modules.xml.XSLTTransformation#getStylesheetElement()
+	 */
+	public Element getStylesheetElement() {
+		return styleSheetElement;
+	}
+
+	/**
+	 * Compare this <code>XSLTTransformation</code> to another.
+	 * 
+	 * @param other
+	 *            The object to compare this <code>XSLTTransformation</code> to.
+	 * @return <code>true</code>, if <code>other</code> is an
+	 *         <code>XSLTTransformation</code> and if the canonicalized
+	 *         representations of the stylesheets contained in <code>this</code>
+	 *         and <code>other</code> match. Otherwise, <code>false</code> is
+	 *         returned.
+	 * @see java.lang.Object#equals(Object)
+	 */
+	public boolean equals(Object other) {
+		if (other instanceof XSLTTransformation) {
+			XSLTTransformation xslt = (XSLTTransformation) other;
+
+			return compareElements(getStylesheetElement(), xslt.getStylesheetElement());
+		}
+		return false;
+	}
+
+	/**
+	 * @see java.lang.Object#hashCode()
+	 */
+	public int hashCode() {
+		if (hashCode == 0) {
+			hashCode = calculateHashCode(getStylesheetElement());
+		}
+		return hashCode;
+	}
+
+	/**
+	 * Calculate the hash code for a DOM element by canonicalizing it.
+	 * 
+	 * @param element
+	 *            The DOM element for which the hash code is to be calculated.
+	 * @return int The hash code, or <code>0</code>, if it could not be
+	 *         calculated.
+	 */
+	private static int calculateHashCode(Element element) {
+		try {
+			InputStream is = canonicalize(element);
+			byte[] buf = new byte[256];
+			int hashCode = 1;
+			int length;
+			int i;
+
+			while ((length = is.read(buf)) > 0) {
+				for (i = 0; i < length; i++) {
+					hashCode += buf[i] * 31 + i;
+				}
+			}
+			is.close();
+			return hashCode;
+		} catch (IOException e) {
+			return 0;
+		} catch (NoSuchAlgorithmException e) {
+			return 0;
+		} catch (InvalidAlgorithmParameterException e) {
+			return 0;
+		} catch (TransformException e) {
+			return 0;
+		}
+	}
+
+	/**
+	 * Compare two DOM elements by canonicalizing their contents and comparing
+	 * the resulting byte stream.
+	 * 
+	 * @param elem1
+	 *            The 1st element to compare.
+	 * @param elem2
+	 *            The 2nd element to compare.
+	 * @return boolean <code>true</code>, if the elements are considered equal
+	 *         after canonicalization. Otherwise <code>false</code> is returned.
+	 */
+	private static boolean compareElements(Element elem1, Element elem2) {
+		try {
+			InputStream is1 = canonicalize(elem1);
+			InputStream is2 = canonicalize(elem2);
+			return StreamUtils.compareStreams(is1, is2);
+		} catch (IOException e) {
+			return false;
+		} catch (NoSuchAlgorithmException e) {
+			return false;
+		} catch (InvalidAlgorithmParameterException e) {
+			return false;
+		} catch (TransformException e) {
+			return false;
+		}
+	}
+
+	/**
+   * Canonicalize a DOM element.
+   * 
+   * @param element The element to canonicalize.
+   * @return InputStream A stream with the canonicalized data.
+	 * @throws InvalidAlgorithmParameterException 
+	 * @throws IOException 
+	 * @throws TransformException 
+   * @throws AlgorithmException An error occurred canonicalizing the element.
+   */
+  private static InputStream canonicalize(Element element)
+    throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, TransformException {
+	  CanonicalizationMethod canonicalizationMethod = XMLSignatureFactory.getInstance().newCanonicalizationMethod(
+			  CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec());
+	  
+    //CanonicalizationAlgorithm c14n =
+     // new CanonicalizationAlgorithmImplExclusiveCanonicalXML();
+    NodeList nodeList;
+  
+    try {
+      nodeList = XPathUtils.selectNodeList(element, XPathUtils.ALL_NODES_XPATH);
+    } catch (XPathException e) {
+      nodeList = new NodeListAdapter(Collections.EMPTY_LIST);
+    }
+    //c14n.setInput(nodeList);
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    canonicalizationMethod.transform(new NodeListToNodeSetDataAdapter(nodeList), null, baos);
+    baos.close();
+    return new ByteArrayInputStream(baos.toByteArray());
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java
new file mode 100644
index 0000000..310f2dd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+
+import java.util.List;
+
+import iaik.server.modules.xmlsign.DataObjectTreatment;
+
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+
+/**
+ * An object encapsulating how to treat an associated <code>DataObject</code>
+ * when creating a signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class DataObjectTreatmentImpl implements DataObjectTreatment {
+  /** The final content MIME type. */
+  private String finalContentType;
+  /** The name of the hash algorithm. */
+  private String hashAlgorithmName;
+  /** This transformations to apply to the associated data object. */
+  private List transformationList;
+  /** Supplemental information for the transformations. */
+  private List transformationSupplements;
+  /** Whether to include the associated data object in the signature. */
+  private boolean includedInSignature;
+  /** Whether to include the associated data object in the manifest. */
+  private boolean referenceInManifest;
+  /** The object ID generator. */
+  private IdGenerator objIdGen;
+  
+  /**
+   * Create a new <code>DataObjectTreatmentImpl</code>.
+   * 
+   * @param objIdGen The <code>IdGenerator</code> for unique object IDs.
+   */
+  public DataObjectTreatmentImpl(IdGenerator objIdGen) {
+    this.objIdGen = objIdGen;
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getFinalContentType()
+   */
+  public String getFinalContentType() {
+    return finalContentType;
+  }
+
+  /**
+   * Sets the final content type.
+   * 
+   * @param finalContentType The final content type to set (a MIME-type type of
+   * <code>String</code>).
+   */
+  public void setFinalContentType(String finalContentType) {
+    this.finalContentType = finalContentType;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getHashAlgorithmName()
+   */
+  public String getHashAlgorithmName() {
+    return hashAlgorithmName;
+  }
+
+  /**
+   * Sets the hash algorithm name.
+   * 
+   * @param hashAlgorithmName The hash algorithm name to set.
+   */
+  public void setHashAlgorithmName(String hashAlgorithmName) {
+    this.hashAlgorithmName = hashAlgorithmName;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#isIncludedInSignature()
+   */
+  public boolean isIncludedInSignature() {
+    return includedInSignature;
+  }
+
+  /**
+   * Sets whether the associated <code>DataObject</code> is to be included in
+   * the signature.
+   * 
+   * @param includedInSignature If <code>true</code>, the associated
+   * <code>DataObject</code> will be included in the signature, otherwise not.
+   */
+  public void setIncludedInSignature(boolean includedInSignature) {
+    this.includedInSignature = includedInSignature;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#isReferenceInManifest()
+   */
+  public boolean isReferenceInManifest() {
+    return referenceInManifest;
+  }
+
+  /**
+   * Sets whether the associated <code>DataObject</code> is
+   * to be included in the <code>dsig:Manifest</code>.
+   * 
+   * @param referenceInManifest If <code>true</code>, the associated
+   * <code>DataObject</code> will be included in the manifest, otherwise not.
+   */
+  public void setReferenceInManifest(boolean referenceInManifest) {
+    this.referenceInManifest = referenceInManifest;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getTransformationList()
+   */
+  public List getTransformationList() {
+    return transformationList;
+  }
+
+  /**
+   * Set the list of transformations for the associated <code>DataObject</code>.
+   * 
+   * @param transformationList The transformations to set.
+   */
+  public void setTransformationList(List transformationList) {
+    this.transformationList = transformationList;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getTransformationSupplements()
+   */
+  public List getTransformationSupplements() {
+    return transformationSupplements;
+  }
+
+  /**
+   * Sets the transformation supplements for the associated
+   * <code>DataObject</code>.
+   * 
+   * @param transformationSupplements The transformation supplements to set.
+   */
+  public void setTransformationSupplements(List transformationSupplements) {
+    this.transformationSupplements = transformationSupplements;
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.DataObjectTreatment#getDsigDataObjectID()
+   */
+  public String getDsigDataObjectID() {
+    return objIdGen.uniqueId();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
new file mode 100644
index 0000000..7d0c5a0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -0,0 +1,399 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+
+import iaik.server.modules.algorithms.SignatureAlgorithms;
+import iaik.server.modules.keys.AlgorithmUnavailableException;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.keys.UnknownKeyException;
+import iaik.server.modules.xml.Canonicalization;
+import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
+import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
+
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+
+/**
+ * An object providing auxiliary information for creating an XML signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureCreationProfileImpl
+  implements XMLSignatureCreationProfile {
+
+  /** The transformations to apply to a data object. */
+  private List dataObjectTreatmentList;
+  /** The set of keys available to the signing process. */
+  private Set keySet;
+  /** The type URI of the signature manifest. */
+  private String securityLayerManifestTypeURI;
+  /** Whether the created signature is to be Security Layer conform. */ 
+  private boolean securityLayerConform;
+  /** Where to insert the signature into the signature environment. */
+  private XMLSignatureInsertionLocation signatureInsertionLocation;
+  /** The signature structur type. */
+  private String signatureStructureType;
+  /** The type of <code>Canonicalization</code> to use for the signed info. */
+  private Canonicalization signedInfoCanonicalization;
+  /** Properties to be signed during signature creation. */ 
+  private List signedProperties;
+  /** The ID generator for signature IDs. */
+  private IdGenerator signatureIDGenerator;
+  /** The ID generator for manifst IDs. */
+  private IdGenerator manifestIDGenerator;
+  /** The ID generator for XMLDsig manifest IDs. */
+  private IdGenerator dsigManifestIDGenerator;
+  /** The ID generator for signed property IDs. */
+  private IdGenerator propertyIDGenerator;
+  /** The selected digest method algorithm if XAdES 1.4.2 is used   */
+  private String digestMethodXAdES142;
+  
+  
+  /**
+   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * 
+   * @param createProfileCount Provides external information about the 
+   * number of calls to the signature creation module, using the same request.
+   * @param reservedIDs The set of IDs that must not be used while generating
+   * new IDs.
+   */
+  public XMLSignatureCreationProfileImpl(
+    int createProfileCount,
+    Set reservedIDs,
+    String digestMethodXAdES142) {
+    signatureIDGenerator =
+      new IdGenerator("signature-" + createProfileCount, reservedIDs);
+    manifestIDGenerator =
+      new IdGenerator("manifest-" + createProfileCount, reservedIDs);
+    dsigManifestIDGenerator =
+      new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs);
+    propertyIDGenerator =
+      new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
+    this.digestMethodXAdES142 = digestMethodXAdES142;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDataObjectTreatmentList()
+   */
+  public List getDataObjectTreatmentList() {
+    return dataObjectTreatmentList;
+  }
+
+  /**
+   * Sets the list of <code>DataObjectTreatment</code>s.
+   * 
+   * @param dataObjectTreatmentList The <code>DataObjectTreatment</code>s to
+   * set.
+   */
+  public void setDataObjectTreatmentList(List dataObjectTreatmentList) {
+    this.dataObjectTreatmentList = dataObjectTreatmentList;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
+   */
+  public Set getKeySet() {
+    return keySet;
+  }
+
+  /**
+   * Set the set of <code>KeyEntryID</code>s which may be used for signature
+   * creation.
+   * 
+   * @param keySet The set of <code>KeyEntryID</code>s to set.
+   */
+  public void setKeySet(Set keySet) {
+    this.keySet = keySet;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestTypeURI()
+   */
+  public String getSecurityLayerManifestTypeURI() {
+    return securityLayerManifestTypeURI;
+  }
+
+  /**
+   * Set the SecurityLayerManifestTypeURI.
+   * 
+   * @param securityLayerManifestTypeURI The SecurityLayerManifestTypeURI to
+   * set.
+   */
+  public void setSecurityLayerManifestTypeURI(String securityLayerManifestTypeURI) {
+    this.securityLayerManifestTypeURI = securityLayerManifestTypeURI;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
+   */
+  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
+    throws AlgorithmUnavailableException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    TransactionId tid = new TransactionId(context.getTransactionID());
+    KeyModule module = KeyModuleFactory.getInstance(tid);
+    Set algorithms;
+
+    try {
+      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
+    } catch (UnknownKeyException e) {
+      throw new AlgorithmUnavailableException(
+        "Unknown key entry: " + selectedKeyID,
+        e,
+        null);
+    }
+    
+    if (digestMethodXAdES142 == null) {
+    	// XAdES 1.4.2 not enabled - legacy MOA
+        if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)  
+        		|| algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
+        		|| algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+
+        	return SignatureAlgorithms.SHA1_WITH_RSA;
+        } else if (
+        		algorithms.contains(SignatureAlgorithms.ECDSA)) {
+        	return SignatureAlgorithms.ECDSA;
+        } else if (
+        		algorithms.contains(SignatureAlgorithms.DSA)) {
+        	return SignatureAlgorithms.DSA; 
+        } else {
+        	throw new AlgorithmUnavailableException(
+        			"No algorithm for key entry: " + selectedKeyID,
+        			null,
+        	        null);
+        }
+    }
+    else {
+    	// XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method
+    	if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
+    		Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
+    		
+    		if  (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+                  return SignatureAlgorithms.SHA1_WITH_RSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+                  return SignatureAlgorithms.ECDSA;
+                  
+    		} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+    			return SignatureAlgorithms.DSA;
+    			
+    		} else {
+    			throw new AlgorithmUnavailableException(
+    					"No algorithm for key entry: " + selectedKeyID,
+                         null,
+                         null);
+             }
+    		
+    	} else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { 
+             	return SignatureAlgorithms.SHA256_WITH_RSA;
+             	
+    		} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA256_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA384_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA;
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	} else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
+    		if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_RSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
+             	return SignatureAlgorithms.SHA512_WITH_ECDSA;
+             	
+             } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+             	return SignatureAlgorithms.DSA; 
+             	
+             } else {
+             	throw new AlgorithmUnavailableException(
+             			"No algorithm for key entry: " + selectedKeyID,
+             			null,
+             	        null);
+             }
+    	}	
+    	else {
+         	throw new AlgorithmUnavailableException(
+         			"No signature algorithm found for digest algorithm '" + digestMethodXAdES142,
+         			null,
+         	        null);
+         }
+    	
+    }
+    
+
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureInsertionLocation()
+   */
+  public XMLSignatureInsertionLocation getSignatureInsertionLocation() {
+    return signatureInsertionLocation;
+  }
+
+  /**
+   * Set the location where the signature is to be inserted into the signature
+   * parent.
+   * 
+   * @param signatureInsertionLocation The location to set.
+   */
+  public void setSignatureInsertionLocation(XMLSignatureInsertionLocation signatureInsertionLocation) {
+    this.signatureInsertionLocation = signatureInsertionLocation;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureStructureType()
+   */
+  public String getSignatureStructureType() {
+    return signatureStructureType;
+  }
+
+  /**
+   * Set the signature structure type.
+   * @param signatureStructureType The signature structure type to set.
+   */
+  public void setSignatureStructureType(String signatureStructureType) {
+    this.signatureStructureType = signatureStructureType;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedInfoCanonicalization()
+   */
+  public Canonicalization getSignedInfoCanonicalization() {
+    return signedInfoCanonicalization;
+  }
+
+  /**
+   * Sets the canonicalization method to use for the SignedInfo object.
+   * 
+   * @param signedInfoCanonicalization The canonicalization method to set.
+   */
+  public void setSignedInfoCanonicalization(Canonicalization signedInfoCanonicalization) {
+    this.signedInfoCanonicalization = signedInfoCanonicalization;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * Set the signed properties.
+   * 
+   * @param signedProperties The signed properties to set.
+   */
+  public void setSignedProperties(List signedProperties) {
+    this.signedProperties = signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   * 
+   * @param securityLayerConform <code>true</code>, if the created signature
+   * is to be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureID()
+   */
+  public String getSignatureID() {
+    return signatureIDGenerator.uniqueId();
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestID()
+   */
+  public String getSecurityLayerManifestID() {
+    return manifestIDGenerator.uniqueId();
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDsigManifestID()
+   */
+  public String getDsigManifestID() {
+    return dsigManifestIDGenerator.uniqueId();
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedPropertiesID()
+   */
+  public String getSignedPropertiesID() {
+    return propertyIDGenerator.uniqueId();
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs()
+   */
+  public boolean getPermitFileURIs() {
+    return false;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java
new file mode 100644
index 0000000..90c1f49
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
+
+import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
+
+/**
+ * An object giving the location of where the signature will be
+ * inserted into the parent element.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureInsertionLocationImpl
+  implements XMLSignatureInsertionLocation {
+
+  /** Where to put the signature into the signature parent element. */
+  private int signatureChildIndex;
+  
+  /**
+   * Create a new <code>XMLSignatureInsertLocationImpl</code>.
+   * 
+   * @param signatureChildIndex The position index at which to append the
+   * signature to the parent element.
+   */
+  public XMLSignatureInsertionLocationImpl(int signatureChildIndex) {
+    setSignatureChildIndex(signatureChildIndex);
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureInsertionLocation#getSignatureChildIndex()
+   */
+  public int getSignatureChildIndex() {
+    return signatureChildIndex;
+  }
+
+  /**
+   * Sets the position index at which to append the signature to the parent
+   * element.
+   * 
+   * @param signatureChildIndex The position index to set.
+   */
+  public void setSignatureChildIndex(int signatureChildIndex) {
+    this.signatureChildIndex = signatureChildIndex;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
new file mode 100644
index 0000000..f4c9126
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.iaik.xmlverify;
+
+import java.util.List;
+
+import iaik.pki.PKIProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+
+/**
+ * An object providing auxiliary information for verifying an XML signature.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureVerificationProfileImpl
+  implements XMLSignatureVerificationProfile {
+
+  /** Whether to check the Security Layer manifest. */
+  private boolean checkSecurityLayerManifest;
+  /** Whether to check the XMLDsig manifest. */
+  private boolean checkXMLDsigManifests;
+  /** The profile for validating the signer certificate. */
+  private PKIProfile certificateValidationProfile;
+  /** Supplements for the transformations. */
+  private List transformationSupplements;
+  /** Whether to include hash input data in the response. */
+  private boolean includeHashInputData;
+  /** Whether to include reference input data in the response. */
+  private boolean includeReferenceInputData;
+  /** Whether the file URIs are permitted */
+  private boolean permitFileURIs;
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest()
+   */
+  public boolean checkSecurityLayerManifest() {
+    return checkSecurityLayerManifest;
+  }
+
+  /**
+   * Set whether to check the references in the Security Layer manifest.
+   * 
+   * @param checkSecurityLayerManifest <code>true</code>, if the references
+   * in the Security Layer manifest must be checked.
+   */
+  public void setCheckSecurityLayerManifest(boolean checkSecurityLayerManifest) {
+    this.checkSecurityLayerManifest = checkSecurityLayerManifest;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkXMLDsigManifests()
+   */
+  public boolean checkXMLDsigManifests() {
+    return checkXMLDsigManifests;
+  }
+
+  /**
+   * Sets whether to check the references of all XML Dsig manifests.
+   * 
+   * @param checkXMLDSigManifests <code>true</code>, if the references in the
+   * XML Dsig manifest must be checked.
+   */
+  public void setCheckXMLDsigManifests(boolean checkXMLDSigManifests) {
+    this.checkXMLDsigManifests = checkXMLDSigManifests;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getCertificateValidationProfile()
+   */
+  public PKIProfile getCertificateValidationProfile() {
+    return certificateValidationProfile;
+  }
+
+  /**
+   * Sets the profile for validating the signer certificate.
+   * 
+   * @param certificateValidationProfile The certificate validation profile to
+   * set.
+   */
+  public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) {
+    this.certificateValidationProfile = certificateValidationProfile;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getTransformationSupplements()
+   */
+  public List getTransformationSupplements() {
+    return transformationSupplements;
+  }
+
+  /**
+   * Sets the transformation supplements.
+   * 
+   * @param transformationSupplements The transformation supplements to set.
+   */
+  public void setTransformationSupplements(List transformationSupplements) {
+    this.transformationSupplements = transformationSupplements;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#includeHashInputData()
+   */
+  public boolean includeHashInputData() {
+    return includeHashInputData;
+  }
+
+  /**
+   * Set whether to include the hash input data in the result.
+   * 
+   * @param includeHashInputData If <code>true</code>, the hash input data
+   * will be returned in the result.
+   */
+  public void setIncludeHashInputData(boolean includeHashInputData) {
+    this.includeHashInputData = includeHashInputData;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#includeReferenceInputData()
+   */
+  public boolean includeReferenceInputData() {
+    return includeReferenceInputData;
+  }
+
+  /**
+   * Set whether to include the reference input data in the result.
+   * 
+   * @param includeReferenceInputData If <code>true</code>, the reference
+   * input data will be included in the result.
+   */
+  public void setIncludeReferenceInputData(boolean includeReferenceInputData) {
+    this.includeReferenceInputData = includeReferenceInputData;
+  }
+  
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs() 
+   */
+  public boolean getPermitFileURIs() {
+    return permitFileURIs;
+  }
+  
+  /**
+   * Set whether the file URIs are permitted or not
+   * 
+   * @param permitFileURIs whether the file URIs are permitted or not
+   */
+  public void setPermitFileURIs(boolean permitFileURIs)
+  {
+    this.permitFileURIs = permitFileURIs;
+  }
+
+  @Override
+  public String getTargetLevel() {
+	return XMLSignatureVerificationProfile.LEVEL_B;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ConfiguratorImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ConfiguratorImpl.java
new file mode 100644
index 0000000..8ab01d6
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ConfiguratorImpl.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.init;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+
+/**
+ * Default implementation of <code>Configurator</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfiguratorImpl extends Configurator {
+  /** whether the configuration has been initialized */
+  private boolean initialized = false;
+
+  public void init() throws MOAException {
+    if (!initialized) {
+      SystemInitializer.init();
+      initialized = true;
+    }
+  }
+
+  public void update() throws MOAException {
+    if (!initialized) {
+      return;
+    }
+    
+    try {
+      // reconfigure the system
+      ConfigurationProvider config = ConfigurationProvider.reload();
+      new IaikConfigurator().configure(config);
+    } catch (MOAException e) {
+      throw e;
+    } catch (Throwable t) {
+      throw new ConfigurationException("", null, t);
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ExternalInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ExternalInitializer.java
new file mode 100644
index 0000000..692ee53
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ExternalInitializer.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.spss.server.init;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+public interface ExternalInitializer {
+	public void initialize(ConfigurationProvider configurationProvider);
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
new file mode 100644
index 0000000..f2663cf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -0,0 +1,253 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.init;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.Iterator;
+import java.util.ServiceLoader;
+import java.util.Timer;
+
+import org.slf4j.LoggerFactory;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.service.RevocationArchiveCleaner;
+import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
+import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.truststore.TrustStoreException;
+import iaik.server.ConfigurationData;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
+
+/**
+ * MOA SP/SS web service initialization.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SystemInitializer {
+  /** Interval between archive cleanups in seconds */
+  private static final long ARCHIVE_CLEANUP_INTERVAL = 60 * 60; // 1h
+  /** The MOA SP/SS logging hierarchy. */
+  private static final String LOGGING_HIERARCHY = "moa.spss.server";
+  /** Whether XML schema grammars have been initialized. */
+  private static boolean grammarsInitialized = false;
+  
+  private static final org.slf4j.Logger logger = LoggerFactory.getLogger(SystemInitializer.class);
+
+  private static ServiceLoader<ExternalInitializer> initializerServices = 
+		  ServiceLoader.load(ExternalInitializer.class);
+  
+  
+  private static void runInitializer(ConfigurationProvider configurationProvider) {
+	  Iterator<ExternalInitializer> initializerIterator = initializerServices.iterator();
+	  
+	  while(initializerIterator.hasNext()) {
+		  ExternalInitializer externalInitializer = initializerIterator.next();
+		  externalInitializer.initialize(configurationProvider);
+	  }
+  }
+  
+  /**
+   * Initialize the MOA SP/SS webservice.
+   */
+  public static void init() {
+	  
+	  logger.info("##############################################################################");
+	  logger.info("##############################################################################");
+	  logger.info("###                                                                        ###");
+	  logger.info("###                          LOADING MOA-SIG                               ###");
+	  logger.info("###                          ===============                               ###");
+	  logger.info("###                                                                        ###");
+	  logger.info("##############################################################################");
+	  logger.info("##############################################################################");
+	  
+    MessageProvider msg = MessageProvider.getInstance();
+
+    Thread archiveCleaner;
+
+    // set up the MOA SPSS logging hierarchy
+    Logger.setHierarchy(LOGGING_HIERARCHY);
+
+    // set up a logging context for logging the startup
+    LoggingContextManager.getInstance().setLoggingContext(
+      new LoggingContext("startup"));
+ 
+//    AxisProperties.setProperty("enableNamespacePrefixOptimization","false");
+//    AxisProperties.setProperty("disablePrettyXML", "true");
+//    AxisProperties.setProperty("axis.doAutoTypes", "true");
+    
+    // initialize preparsed Xerces grammar pool for faster XML 
+    // parsing/validating
+    try {
+      if (!grammarsInitialized) {
+        Class clazz = SystemInitializer.class;
+        // preparse XML schema
+        DOMUtils.addSchemaToPool(
+          clazz.getResourceAsStream(Constants.XML_SCHEMA_LOCATION),
+          Constants.XML_NS_URI);
+        // preparse XMLDsig Filter2 schema
+        DOMUtils.addSchemaToPool(
+          clazz.getResourceAsStream(Constants.DSIG_FILTER2_SCHEMA_LOCATION),
+          Constants.DSIG_FILTER2_NS_URI);
+        // preparse XMLDsig schema
+        DOMUtils.addSchemaToPool(
+          clazz.getResourceAsStream(Constants.DSIG_SCHEMA_LOCATION),
+          Constants.DSIG_NS_URI);
+        // preparse MOA schema
+        DOMUtils.addSchemaToPool(
+          clazz.getResourceAsStream(Constants.MOA_SCHEMA_LOCATION),
+          Constants.MOA_NS_URI);
+        grammarsInitialized = true;
+      }
+    } catch (IOException e) {
+      Logger.warn(new LogMsg(msg.getMessage("init.04", null)), e);
+    }
+    
+    // initialize configuration
+    try {
+      ConfigurationProvider config = ConfigurationProvider.getInstance();
+      Logger.info("Building ConfigurationData");
+      ConfigurationData configData = new IaikConfigurator().configure(config);
+      
+      //initialize TSL module
+      TSLConfiguration tslconfig = config.getTSLConfiguration();
+      
+      TSLConnector tslconnector = new TSLConnector();
+      if (tslconfig != null) {
+    	  //Logger.info(new LogMsg(msg.getMessage("init.01", null)));
+    	  Logger.info(new LogMsg(msg.getMessage("config.41", null)));
+    	  tslconnector.initialize(tslconfig.getEuTSLUrl(), tslconfig.getWorkingDirectory(), null, null);
+  		  
+      }
+            
+      //start TSL Update
+      TSLUpdaterTimerTask.tslconnector_ = tslconnector;
+      TSLUpdaterTimerTask.configData_ = configData;
+      TSLUpdaterTimerTask.update();
+      
+      //initialize TSL Update Task
+      initTSLUpdateTask(tslconfig);
+
+      runInitializer(config);
+      
+      Logger.info(new LogMsg(msg.getMessage("init.01", null)));
+    } catch (MOAException e) {
+      Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } 
+    catch (TSLEngineDiedException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+	} 
+    catch (TSLSearchException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } 
+    catch (CertStoreException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } catch (TrustStoreException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } catch (FileNotFoundException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } catch (IOException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+    } catch (CertificateException e) {
+    	Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
+	}
+
+    
+    
+    // CHANGE IXSIL to XSECT
+    // set IXSIL debug output
+    //IXSILInit.setPrintDebugLog(
+    //  Logger.isDebugEnabled(IaikLog.IAIK_LOG_HIERARCHY));
+    //Logger.info("Registering XSECT");
+    //XSecProvider.addAsProvider(true);
+    
+    // start the archive cleanup thread
+    archiveCleaner =
+      new Thread(new RevocationArchiveCleaner(ARCHIVE_CLEANUP_INTERVAL));
+    archiveCleaner.setName("RevocationArchiveCleaner");
+    archiveCleaner.setDaemon(true);
+    archiveCleaner.setPriority(Thread.MIN_PRIORITY);
+    archiveCleaner.start();
+
+    // unset the startup logging context
+    LoggingContextManager.getInstance().setLoggingContext(null);
+    logger.info("==============================================================================");
+    logger.info("===                            CONFIGURATION DONE                          ===");
+    logger.info("==============================================================================");
+  }
+  
+  private static void initTSLUpdateTask(TSLConfiguration tslconfig) {
+	  MessageProvider msg = MessageProvider.getInstance();
+      if (tslconfig != null) {
+    	  // get start time and period from config
+    	  long period = tslconfig.getUpdateSchedulePeriod();
+    	  Date startConfig = tslconfig.getUpdateScheduleStartTime();
+    	  
+    	  // get hh:mm:ss from config date
+    	  Calendar calendar = GregorianCalendar.getInstance(); // creates a new calendar instance
+    	  calendar.setTime(startConfig);   		// assigns calendar to given date 
+    	  int hour = calendar.get(Calendar.HOUR_OF_DAY);
+    	  int min = calendar.get(Calendar.MINUTE);
+    	  int sec = calendar.get(Calendar.SECOND);
+    	  
+    	  // create date with today and time from config
+    	  Calendar cal = Calendar.getInstance();
+    	  Date now = cal.getTime();
+    	  cal.set(Calendar.HOUR_OF_DAY, hour);
+    	  cal.set(Calendar.MINUTE, min);
+    	  cal.set(Calendar.SECOND, sec);
+
+    	  // proposed start time
+    	  Date start = cal.getTime();
+    	   
+    	  // if start time has already passed today - add one day (86400000 milliseconds = 1 day)
+    	  if (start.before(now))
+    		  start = new Date(start.getTime() + 86400000);    		
+    	  
+    	  Logger.debug(new LogMsg(msg.getMessage("config.46", new String[]{start.toString(), "" + period})));
+    	  
+    	  // start TSL updater task
+    	  Timer timer = new Timer();
+          timer.schedule(new TSLUpdaterTimerTask(), start, period);
+      }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
new file mode 100644
index 0000000..718673a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -0,0 +1,437 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.algorithms.HashAlgorithms;
+import iaik.server.modules.cmssign.CMSSignature;
+import iaik.server.modules.cmssign.CMSSignatureCreationException;
+import iaik.server.modules.cmssign.CMSSignatureCreationModule;
+import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory;
+import iaik.server.modules.cmssign.CMSSignatureCreationProfile;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureResponseImpl;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A class providing an API based interface to the
+ * <code>CMSSignatureCreationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.cmssign.CMSSignatureCreationModule</code> from a
+ * <code>CreateCMSSignatureRequest</code> given as an API object. The result of
+ * the invocation is integrated into a <code>CreateCMSSignatureResponse</code>
+ * and returned.
+ * 
+ * @version $Id$
+ */
+public class CMSSignatureCreationInvoker {
+	
+	 private static Map HASH_ALGORITHM_MAPPING;
+
+	  static {
+	    HASH_ALGORITHM_MAPPING = new HashMap();
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384);
+	    HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512);
+	  }
+	  
+
+  /** The single instance of this class. */
+  private static CMSSignatureCreationInvoker instance = null;
+
+  /**
+   * Get the only instance of this class.
+   * 
+   * @return The only instance of this class.
+   */
+  public static synchronized CMSSignatureCreationInvoker getInstance() {
+    if (instance == null) {
+      instance = new CMSSignatureCreationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>CMSSignatureCreationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected CMSSignatureCreationInvoker() {
+  }
+  
+ 
+
+  /**
+   * Process the <code>CreateCMSSignatureRequest<code> message and invoke the
+   * <code>XMLSignatureCreationModule</code> for every
+   * <code>SingleSignatureInfo</code> contained in the request.
+   * 
+   * @param request A <code>CreateCMSSignatureRequest<code> API object
+   * containing the information for creating the signature(s).
+   * @param reserved A <code>Set</code> of reserved object IDs.
+   * 
+   * @return A <code>CreateCMSSignatureResponse</code> API object containing
+   * the created signature(s). The response contains either a
+   * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code>
+   * for each <code>SingleSignatureInfo</code> in the request.
+   * @throws MOAException An error occurred during signature creation. 
+   */
+  public CreateCMSSignatureResponse createCMSSignature(
+    CreateCMSSignatureRequest request,
+    Set reserved)
+    throws MOAException {
+
+	  TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();	  
+	  //LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
+
+	  CreateCMSSignatureResponseBuilder responseBuilder = new CreateCMSSignatureResponseBuilder();
+	  CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl();
+
+	  boolean isSecurityLayerConform = false;
+	  String structure = null;
+	  String mimetype = null;
+	  
+	  // select the SingleSignatureInfo elements
+	  Iterator singleSignatureInfoIter = request.getSingleSignatureInfos().iterator();
+
+    // iterate over all the SingleSignatureInfo elements in the request
+	  while (singleSignatureInfoIter.hasNext()) {
+		  SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next();
+		  isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
+		  
+		  
+		  DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
+		  structure = dataObjectInfo.getStructure();
+		  
+		  CMSDataObject dataobject = dataObjectInfo.getDataObject();
+		  MetaInfo metainfo = dataobject.getMetaInfo();
+		  mimetype = metainfo.getMimeType();
+			  
+		  CMSContent content = dataobject.getContent();
+		  InputStream contentIs = null;
+		  // build the content data
+		  switch (content.getContentType()) {
+		  	case CMSContent.EXPLICIT_CONTENT :			    	  
+		  		contentIs = ((CMSContentExcplicit) content).getBinaryContent();
+		  		break;
+		  	case CMSContent.REFERENCE_CONTENT :
+		  		String reference = ((CMSContentReference) content).getReference();
+		  		if (!"".equals(reference)) {
+		  			ExternalURIResolver resolver = new ExternalURIResolver();
+		  			contentIs = resolver.resolve(reference);
+		  		} else {
+		  			throw new MOAApplicationException("2301", null);
+		  		}
+			    break;
+		  	default : {
+		  		throw new MOAApplicationException("2301", null);
+		  	}
+		  }
+			
+		  // create CMSSignatureCreationModuleFactory
+		  CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance();			    
+			    
+		  List signedProperties = null;
+		  boolean includeData = true;
+		  if (structure.compareTo("enveloping") == 0)
+			  includeData = true;
+		  if (structure.compareTo("detached") == 0)
+			  includeData = false;
+			    
+		  ConfigurationProvider config = context.getConfiguration();
+			    
+		  // get the key group id
+		  String keyGroupID = request.getKeyIdentifier();
+		  // set the key set
+		  Set keySet = buildKeySet(keyGroupID);
+		  if (keySet == null) {
+			  throw new MOAApplicationException("2231", null);
+		  } else if (keySet.size() == 0) {
+			  throw new MOAApplicationException("2232", null);
+		  }
+			    
+		  // get digest algorithm
+		  String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
+			    
+		  // create CMSSignatureCreation profile:			    
+		  CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
+				  keySet,
+				  digestAlgorithm, 
+				  signedProperties,
+				  isSecurityLayerConform, 
+				  includeData, 
+				  mimetype);
+		  
+		  // create CMSSignature from the CMSSignatureCreationModule
+		  // build the additionalSignedProperties
+		  List additionalSignedProperties = buildAdditionalSignedProperties();
+		  TransactionId tid = new TransactionId(context.getTransactionID());
+		  try {
+			  CMSSignature signature = module.createSignature(profile, additionalSignedProperties, tid);
+			  ByteArrayOutputStream out = new ByteArrayOutputStream();
+			  // get CMS SignedData output stream from the CMSSignature and wrap it around out
+			  boolean base64 = true;
+			  OutputStream  signedDataStream = signature.getSignature(out, base64);
+					 
+			  // now write the data to be signed to the signedDataStream
+			  
+			  int byteRead;
+			  BigDecimal counter = new BigDecimal("0");
+			  BigDecimal one = new BigDecimal("1");
+			  
+			  while ((byteRead=contentIs.read()) >= 0) {
+				  //System.out.println("counterXX: " + counter);
+				  
+				  if (inRange(counter, dataobject)) {
+					  //System.out.println("Lösche...");
+					  // set byte to 0x00
+					  signedDataStream.write(0);
+				  }
+				  else
+					  signedDataStream.write(byteRead);
+				  
+				  counter = counter.add(one);				  
+			  }
+			  
+			  
+//			  byte[] buf = new byte[4096];
+//			  int bytesRead;
+//			  while ((bytesRead = contentIs.read(buf)) >= 0) {
+//				  signedDataStream.write(buf, 0, bytesRead);
+//			  } 
+//					 
+			  // finish SignedData processing by closing signedDataStream
+			  signedDataStream.close();
+			  String base64value = out.toString();
+					 
+			  responseBuilder.addCMSSignature(base64value);
+					
+					
+		  } catch (CMSSignatureCreationException e) {
+			  MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+
+	          responseBuilder.addError(
+	            moaException.getMessageId(),
+	            moaException.getMessage());
+	          Logger.warn(moaException.getMessage(), e);
+	          
+		  } 
+		  catch (IOException e) {
+			  throw new MOAApplicationException("2301", null, e);			  
+		  }
+			
+	  }
+	  
+
+    return responseBuilder.getResponse();
+  }
+  
+  private boolean inRange(BigDecimal counter, CMSDataObject dataobject) {
+	  BigDecimal from = dataobject.getExcludeByteRangeFrom();
+	  BigDecimal to = dataobject.getExcludeByteRangeTo();
+	  
+	  if ( (from == null) || (to == null))
+		  return false;
+	  
+	  int compare = counter.compareTo(from);
+	  if (compare == -1)
+		  return false;
+	  else {
+		  compare = counter.compareTo(to);
+		  if (compare == 1)
+			  return false;
+		  else
+			  return true;
+	  }
+				  
+	  
+	  
+  }
+
+  
+  private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException {
+	// get digest method on key group level (if configured)
+	    String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm();
+	    // get default digest method (if configured)
+	    String configDigestMethod = config.getDigestMethodAlgorithmName();
+	    
+	    
+	    String digestMethod = null;
+	    if (configDigestMethodKG != null) {
+	    	// if KG specific digest method is configured
+	    	digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG);
+	    	if (digestMethod == null) {
+	    		error(
+	    				"config.17",
+	    				new Object[] { configDigestMethodKG});
+	    		throw new MOASystemException("2900", null);    			
+	    	}
+	    	Logger.debug("Digest algorithm: " + digestMethod + "(configured in KeyGroup)");
+	    }	    	
+	    else {
+	    	// else get default configured digest method
+	    	digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod);
+	    	if (digestMethod == null) {
+	    		error(
+	    				"config.17",
+	    				new Object[] { configDigestMethod});
+	    		throw new MOASystemException("2900", null);	
+	    	}
+	    	Logger.debug("Digest algorithm: " + digestMethod + "(default)");
+	    	
+	    }
+		return digestMethod;
+  }
+  
+  /**
+   * Utility function to issue an error message to the log.
+   * 
+   * @param messageId The ID of the message to log.
+   * @param parameters Additional message parameters.
+   */
+  private static void error(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    Logger.error(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+  
+  /**
+   * Build the set of <code>KeyEntryID</code>s available to the given
+   * <code>keyGroupID</code>.
+   * 
+   * @param keyGroupID The keygroup ID for which the available keys should be
+   * returned.
+   * @return The <code>Set</code> of <code>KeyEntryID</code>s
+   * identifying the available keys.
+   */
+  private Set buildKeySet(String keyGroupID) {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    Set keyGroupEntries;
+
+    // get the KeyGroup entries from the configuration
+    if (context.getClientCertificate() != null) {
+      X509Certificate cert = context.getClientCertificate()[0];
+      Principal issuer = cert.getIssuerDN();
+      BigInteger serialNumber = cert.getSerialNumber();
+
+      keyGroupEntries =
+        config.getKeyGroupEntries(issuer, serialNumber, keyGroupID);
+    } else {
+      keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
+    }
+
+    // map the KeyGroup entries to a set of KeyEntryIDs
+    if (keyGroupEntries == null) {
+      return null;
+    } else if (keyGroupEntries.size() == 0) {
+      return Collections.EMPTY_SET;
+    } else {
+      KeyModule module =
+        KeyModuleFactory.getInstance(
+          new TransactionId(context.getTransactionID()));
+      Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+      Set keySet = new HashSet();
+      Iterator iter;
+
+      // filter out the keys that do not exist in the IAIK configuration
+      // by walking through the key entries and checking if the exist in the
+      // keyGroupEntries
+      for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+        KeyEntryID entryID = (KeyEntryID) iter.next();
+        KeyGroupEntry entry =
+          new KeyGroupEntry(
+            entryID.getModuleID(),
+            entryID.getCertificateIssuer(),
+            entryID.getCertificateSerialNumber());
+        if (keyGroupEntries.contains(entry)) {
+          keySet.add(entryID);
+        }
+      }
+      return keySet;
+    }
+  }
+
+  /**
+   * Build the list of additional signed properties.
+   * 
+   * Based on the generic configuration setting
+   * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a
+   * constant <code>SigningTime</code> will be added to the properties.
+   * 
+   * @return The <code>List</code> of additional signed properties.
+   */
+  private List buildAdditionalSignedProperties() {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List additionalSignedProperties = Collections.EMPTY_LIST;
+
+    return additionalSignedProperties;
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
new file mode 100644
index 0000000..aca6f58
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -0,0 +1,371 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationModule;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
+import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
+import at.gv.egovernment.moa.spss.util.QCSSCDResult;
+
+/**
+ * A class providing an interface to the
+ * <code>CMSSignatureVerificationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.cmsverify.CMSSignatureVerificationModule</code>
+ * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation 
+ * is integrated into a <code>VerifyCMSSignatureResponse</code> returned.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureVerificationInvoker {
+
+  /** The single instance of this class. */
+  private static CMSSignatureVerificationInvoker instance = null;
+
+  /**
+   * Return the only instance of this class.
+   * 
+   * @return The only instance of this class.
+   */
+  public static synchronized CMSSignatureVerificationInvoker getInstance() {
+    if (instance == null) {
+      instance = new CMSSignatureVerificationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>CMSSignatureVerificationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected CMSSignatureVerificationInvoker() {
+  }
+
+  /**
+   * Verify a CMS signature.
+   * 
+   * @param request The <code>VerifyCMSSignatureRequest</code> containing the
+   * CMS signature, as well as additional data needed for verification.
+   * @return Element A <code>VerifyCMSSignatureResponse</code> containing the
+   * answer to the <code>VerifyCMSSignatureRequest</code>.
+   * @throws MOAException An error occurred while processing the request.
+   */
+  public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request)
+    throws MOAException {
+	  
+    CMSSignatureVerificationProfileFactory profileFactory =
+      new CMSSignatureVerificationProfileFactory(request);
+    VerifyCMSSignatureResponseBuilder responseBuilder =
+      new VerifyCMSSignatureResponseBuilder();
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    LoggingContext loggingCtx =
+      LoggingContextManager.getInstance().getLoggingContext();
+    InputStream signature;
+    InputStream signedContent = null;
+    CMSSignatureVerificationProfile profile;
+    Date signingTime;
+    List results;
+    CMSSignatureVerificationResult result;
+    int[] signatories;
+    InputStream input;
+    byte[] buf = new byte[256];
+
+    // get the signature
+    signature = request.getCMSSignature();
+
+ // get the actual trustprofile
+    TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+    
+    try {
+      // get the signed content
+      signedContent = getSignedContent(request);
+      
+      // build the profile
+      profile = profileFactory.createProfile();
+
+      // get the signing time
+      signingTime = request.getDateTime();
+
+      // verify the signature
+      CMSSignatureVerificationModule module =
+        CMSSignatureVerificationModuleFactory.getInstance();
+
+      module.setLog(new IaikLog(loggingCtx.getNodeID()));
+      
+      module.init(
+        signature,
+        signedContent,
+        profile,
+        new TransactionId(context.getTransactionID()));
+      input = module.getInputStream();
+
+      while (input.read(buf) > 0);
+      results = module.verifySignature(signingTime);
+      
+      
+    } catch (IAIKException e) {
+      MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+      throw moaException;
+    } catch (IAIKRuntimeException e) {
+      MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+      throw moaException;
+    } catch (IOException e) {
+      throw new MOAApplicationException("2244", null, e);
+    } catch (MOAException e)
+    {
+      throw e;
+    }
+    finally
+    {
+      try
+      {
+        if (signedContent != null) signedContent.close();
+      }
+      catch (Throwable t)
+      {
+        // Intentionally do nothing here
+      }
+    }
+
+    QCSSCDResult qcsscdresult = new QCSSCDResult();
+    
+    // build the response: for each signatory add the result to the response
+    signatories = request.getSignatories();
+    if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) {
+      Iterator resultIter;
+
+      for (resultIter = results.iterator(); resultIter.hasNext();) {
+        result = (CMSSignatureVerificationResult) resultIter.next();
+        String issuerCountryCode = null;
+        // QC/SSCD check
+        List list = result.getCertificateValidationResult().getCertificateChain();
+        if (list != null) {
+            X509Certificate[] chain = new X509Certificate[list.size()];
+            
+            Iterator it = list.iterator();
+            int i = 0;
+            while(it.hasNext()) {
+            	chain[i] = (X509Certificate)it.next();
+            	i++;
+            }
+            
+            
+            qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+
+            // get signer certificate issuer country code
+            issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
+
+        }
+        
+        responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+      }
+    } else {
+      int i;
+
+      for (i = 0; i < signatories.length; i++) {
+        int sigIndex = signatories[i] - 1;
+
+        try {
+          result =
+            (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
+          
+          String issuerCountryCode = null;
+          // QC/SSCD check
+          List list = result.getCertificateValidationResult().getCertificateChain();
+          if (list != null) {
+              X509Certificate[] chain = new X509Certificate[list.size()];
+              
+              Iterator it = list.iterator();
+              int j = 0;
+              while(it.hasNext()) {
+              	chain[j] = (X509Certificate)it.next();
+              	j++;
+              }
+              
+              
+              qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled());
+              
+              issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); 
+          }
+            
+          responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+        } catch (IndexOutOfBoundsException e) {
+          throw new MOAApplicationException(
+            "2249",
+            new Object[] { new Integer(sigIndex)});
+        }
+      }
+    }
+    
+    return responseBuilder.getResponse();
+  }
+
+ 
+  /**
+   * Get the signed content contained either in the request itself or given as a
+   * reference to external data.
+   * 
+   * @param request The <code>VerifyCMSSignatureRequest</code> containing the
+   * signed content (or the reference to the signed content).
+   * @return InputStream A stream providing the signed content data, or
+   * <code>null</code> if no signed content was provided with the request.
+   * @throws MOAApplicationException An error occurred building the stream.
+   */
+  private InputStream getSignedContent(VerifyCMSSignatureRequest request)
+    throws MOAApplicationException {
+
+	  InputStream is = null;
+    CMSDataObject dataObj;
+    CMSContent content;
+
+    // select the Content element
+    dataObj = request.getDataObject();
+    if (dataObj == null) {
+      return null;
+    }
+    content = dataObj.getContent();
+    
+    // build the content data
+    switch (content.getContentType()) {
+      case CMSContent.EXPLICIT_CONTENT :
+        is = ((CMSContentExcplicit) content).getBinaryContent();
+        is = excludeByteRange(is, request);
+        return is;
+      case CMSContent.REFERENCE_CONTENT :
+        String reference = ((CMSContentReference) content).getReference();
+        if (!"".equals(reference)) {
+          ExternalURIResolver resolver = new ExternalURIResolver();
+          is = resolver.resolve(reference);
+          is = excludeByteRange(is, request);
+          return is;          
+        } else {
+          return null;
+        }
+      default :
+        return null;
+    }
+    
+
+
+  }
+  
+  private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) throws MOAApplicationException {
+	  
+	  int byteRead;
+	  
+	  ByteArrayOutputStream contentOs = new ByteArrayOutputStream();
+	  
+	  CMSDataObject dataobject = request.getDataObject();
+	  BigDecimal from = dataobject.getExcludeByteRangeFrom();
+	  BigDecimal to = dataobject.getExcludeByteRangeTo();
+	  
+	  if ( (from == null) || (to == null))
+		  return contentIs;
+	  
+	  BigDecimal counter = new BigDecimal("0");
+	  BigDecimal one = new BigDecimal("1");
+	  
+	  try {
+		while ((byteRead=contentIs.read()) >= 0) {
+			
+			if (inRange(counter, dataobject)) {
+				  // if byte is in byte range, set byte to 0x00
+				  contentOs.write(0);
+			  }
+			  else
+				  contentOs.write(byteRead);
+			  
+			  counter = counter.add(one);				  
+		}
+		
+		InputStream is = new ByteArrayInputStream(contentOs.toByteArray());
+		
+		return is;
+		
+		
+	} catch (IOException e) {
+		  throw new MOAApplicationException("2301", null, e);			  
+	}
+	  
+  }
+  
+ 
+  private boolean inRange(BigDecimal counter, CMSDataObject dataobject) {
+	  BigDecimal from = dataobject.getExcludeByteRangeFrom();
+	  BigDecimal to = dataobject.getExcludeByteRangeTo();
+	  
+	  if ( (from == null) || (to == null))
+		  return false;
+	  
+	  int compare = counter.compareTo(from);
+	  if (compare == -1)
+		  return false;
+	  else {
+		  compare = counter.compareTo(to);
+		  if (compare == 1)
+			  return false;
+		  else
+			  return true;
+	  }
+				  
+	  
+	  
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java
new file mode 100644
index 0000000..5f459ac
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.cmsverify.CMSSignatureVerificationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * A factory to create a <code>CMSSignatureVerificationProfile</code> from a
+ * <code>VerifyCMSSignatureRequest</code> and the current MOA configuration
+ * data.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CMSSignatureVerificationProfileFactory {
+
+  /** The <code>VerifyCMSSignatureRequest</code> to draw profile data from. */  
+  private VerifyCMSSignatureRequest request;
+
+  /**
+   * Create a new <code>CMSSignatureVerificationProfileFactory</code>.
+   *
+   * @param request The <code>VerifyCMSSignatureRequest</code> to draw profile 
+   * data from.
+   */
+  public CMSSignatureVerificationProfileFactory(VerifyCMSSignatureRequest request) {
+    this.request = request;
+  }
+
+  /**
+   * Create a <code>CMSSignatureVerificationProfile</code> from the given
+   * request and the current MOA configuration.
+   * 
+   * @return The <code>CMSSignatureVerificationProfile</code> for the
+   * <code>request</code>, based on the current configuration.
+   * @throws MOAException An error occurred creating the profile.
+   */
+  public CMSSignatureVerificationProfile createProfile()
+    throws MOAException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    CMSSignatureVerificationProfileImpl profile =
+      new CMSSignatureVerificationProfileImpl();
+    String trustProfileID;
+
+    // set the certificate validation profile
+    trustProfileID = request.getTrustProfileId();
+    profile.setCertificateValidationProfile(
+      new PKIProfileImpl(config, trustProfileID));
+
+    return profile;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
new file mode 100644
index 0000000..aa52fe0
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+
+/**
+ * A class to build a <code>CreateCMSSignatureResponse</code>.
+ * 
+ * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be
+ * called in any combination to add <code>CMSignature</code> and
+ * <code>ErrorResponse</code> elements to the response. One of these functions
+ * must be called at least once to produce a 
+ * <code>CreateCMSSignatureResponse</code>.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>CreateXMLSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateCMSSignatureResponseBuilder {
+
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+  /** The elements to add to the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Get the <code>CreateCMSSignatureResponse</code> built so far.
+   * 
+   * @return The <code>CreateCMSSignatureResponse</code> built so far.
+   */
+  public CreateCMSSignatureResponse getResponse() {
+    return factory.createCreateCMSSignatureResponse(responseElements);
+  }
+
+  /**
+   * Add a <code>SignatureEnvironment</code> element to the response.
+   * 
+   * @param signatureEnvironment The content to put under the
+   * <code>SignatureEnvironment</code> element. This should either be a
+   * <code>dsig:Signature</code> element (in case of a detached signature) or
+   * the signature environment containing the signature (in case of
+   * an enveloping signature).
+   */
+  public void addCMSSignature(String base64value) {
+    CMSSignatureResponse responseElement = 
+      factory.createCMSSignatureResponse(base64value);
+    responseElements.add(responseElement);
+  }
+
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorCode The error code.
+   * @param info Additional information about the error.
+   */
+  public void addError(String errorCode, String info) {
+    ErrorResponse errorResponse = 
+      factory.createErrorResponse(Integer.parseInt(errorCode), info);
+    responseElements.add(errorResponse);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java
new file mode 100644
index 0000000..7a7161d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+
+/**
+ * A class to build a <code>CreateXMLSignatureResponse</code>.
+ * 
+ * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be
+ * called in any combination to add <code>SignatureEnvironment</code> and
+ * <code>ErrorResponse</code> elements to the response. One of these functions
+ * must be called at least once to produce a 
+ * <code>CreateXMLSignatureResponse</code>.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>CreateXMLSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CreateXMLSignatureResponseBuilder {
+
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+  /** The elements to add to the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Get the <code>CreateXMLSignatureResponse</code> built so far.
+   * 
+   * @return The <code>CreateXMLSignatureResponse</code> built so far.
+   */
+  public CreateXMLSignatureResponse getResponse() {
+    return factory.createCreateXMLSignatureResponse(responseElements);
+  }
+
+  /**
+   * Add a <code>SignatureEnvironment</code> element to the response.
+   * 
+   * @param signatureEnvironment The content to put under the
+   * <code>SignatureEnvironment</code> element. This should either be a
+   * <code>dsig:Signature</code> element (in case of a detached signature) or
+   * the signature environment containing the signature (in case of
+   * an enveloping signature).
+   */
+  public void addSignatureEnvironment(Element signatureEnvironment) {
+    SignatureEnvironmentResponse responseElement = 
+      factory.createSignatureEnvironmentResponse(signatureEnvironment);
+    responseElements.add(responseElement);
+  }
+
+  /**
+   * Add a <code>ErrorResponse</code> element to the response.
+   *  
+   * @param errorCode The error code.
+   * @param info Additional information about the error.
+   */
+  public void addError(String errorCode, String info) {
+    ErrorResponse errorResponse = 
+      factory.createErrorResponse(Integer.parseInt(errorCode), info);
+    responseElements.add(errorResponse);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
new file mode 100644
index 0000000..d775fdb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -0,0 +1,1039 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.crypto.Data;
+import javax.xml.crypto.NodeSetData;
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.URIReference;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.xerces.dom.CoreDocumentImpl;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.EntityResolver;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.ContentLocRef;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterBinary;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ByteArrayDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ByteStreamDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.DataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLNodeListDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.EntityResolverChain;
+import at.gv.egovernment.moa.util.MOAErrorHandler;
+import at.gv.egovernment.moa.util.StreamEntityResolver;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.NodeListImplementation;
+import iaik.server.modules.xml.URIReferenceImpl;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.xml.crypto.utils.URIDereferencerImpl;
+
+/**
+ * A class to create <code>DataObject</code>s contained in different
+ * locations of the MOA XML request format.
+ *
+ * @author Patrick Peck
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class DataObjectFactory {
+
+  /**
+   * XPATH for registering ID attributes of known schemas if
+   * validating parsing fails.
+   */
+  private static final String XPATH =
+    "descendant-or-self::node()[" +
+    "namespace-uri()='http://www.w3.org/2000/09/xmldsig#' " +
+    "or namespace-uri()='http://reference.e-government.gv.at/namespace/persondata/20020228#' " +
+    "or starts-with(namespace-uri(), 'http://uri.etsi.org/01903/')" +
+    "]/attribute::Id";
+
+  /** The single instance of this class. */
+  private static DataObjectFactory instance = null;
+
+  /**
+   * Return the only instance of this class.
+   *
+   * @return The only instance of this class.
+   */
+  public static synchronized DataObjectFactory getInstance() {
+    if (instance == null) {
+      instance = new DataObjectFactory();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>DataObjectFactory</code>.
+   *
+   * Protected to disallow multiple instances.
+   */
+  protected DataObjectFactory() {
+  }
+
+  /**
+   * Return the signature environment, i.e., the root element of the
+   * document, into which the signature will be inserted (if created) or which
+   * contains the signature (if verified).
+   *
+   * @param content The <code>Content</code> object containing the signature
+   * environment.
+   * @param supplements Additional schema or DTD information.
+   * @return The signature environment or <code>null</code>, if no
+   * signature environment exists.
+   * @throws MOASystemException A system error occurred building the signature
+   * environment (see message for details).
+   * @throws MOAApplicationException An error occurred building the signature
+   * environment (see message for details).
+   */
+  public XMLDataObject createSignatureEnvironment(
+    Content content,
+    List supplements)
+    throws MOASystemException, MOAApplicationException {
+
+    String reference = content.getReference();
+    EntityResolver entityResolver;
+    byte[] contentBytes;
+
+    // check for content and reference not being set at the same time
+    checkAllowContentAndReference(content, false);
+
+    // build the EntityResolver for validating parsing
+    if ((supplements == null) || supplements.isEmpty()) {
+      entityResolver = new MOASPSSEntityResolver();
+    } else {
+      EntityResolverChain chain = new EntityResolverChain();
+
+      chain.addEntityResolver(buildSupplementEntityResolver(supplements));
+      chain.addEntityResolver(new MOASPSSEntityResolver());
+      entityResolver = chain;
+    }
+
+    // convert the content into a byte array
+    try {
+      switch (content.getContentType()) {
+        case Content.BINARY_CONTENT :
+          {
+            InputStream is = ((ContentBinary) content).getBinaryContent();
+            contentBytes = StreamUtils.readStream(is);
+            break;
+          }
+        case Content.LOCREF_CONTENT:
+          {
+            String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
+            InputStream is = null;
+            try
+            {
+              TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+              is = context.ResolveURI(locRefURI);
+              if (is == null) {
+            	  ExternalURIResolver uriResolver = new ExternalURIResolver();
+        	      is = uriResolver.resolve(locRefURI);
+              }
+              contentBytes = StreamUtils.readStream(is);
+            }
+            catch (MOAApplicationException e)
+            {
+              throw new MOAApplicationException("3203", new Object[]{reference, locRefURI}, e);
+            }
+            finally
+            {
+              closeInputStream(is);
+            }
+            break;
+          }
+        case Content.REFERENCE_CONTENT :
+          {
+            ExternalURIResolver uriResolver = new ExternalURIResolver();
+            InputStream is = null;
+            try
+            {
+              is = uriResolver.resolve(reference);
+              contentBytes = StreamUtils.readStream(is);
+            }
+            catch (Exception e)
+            {
+              throw e;
+            }
+            finally
+            {
+              closeInputStream(is);
+            }
+            break;
+          }
+        case Content.XML_CONTENT :
+          {
+            Element element =
+              checkForSingleElement(((ContentXML) content).getXMLContent());
+            contentBytes = DOMUtils.serializeNode(element, "UTF-8");
+
+            break;
+          }
+        default : {
+          contentBytes = null; // this will not happen
+        }
+      }
+    } catch (MOAApplicationException e) {
+      throw e;
+    } catch (Exception e) {
+      throw new MOAApplicationException("2219", null);
+    }
+
+    if (Logger.isTraceEnabled()) {
+      // For logging in Debug-Mode: Mask baseid with xxx
+      String logString = new String(contentBytes);
+      // TODO use RegExp
+      String startS = "<pr:Identification><pr:Value>";
+      String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+      String logWithMaskedBaseid = logString;
+      int start = logString.indexOf(startS);
+      if (start > -1) {
+        int end = logString.indexOf(endS);
+        if (end > -1) {
+          logWithMaskedBaseid = logString.substring(0, start);
+          logWithMaskedBaseid += startS;
+          logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+          logWithMaskedBaseid += logString.substring(end, logString.length());
+        }
+      }
+
+      // try to parse validating
+      Logger.trace(">>> parsing the following content: \n" + logWithMaskedBaseid);
+    }
+    try {
+      ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
+      Document doc =
+        DOMUtils.parseDocument(
+          is,
+          true,
+          Constants.ALL_SCHEMA_LOCATIONS,
+          null,
+          entityResolver,
+          new MOAErrorHandler());
+      Logger.trace("<<< parsed");
+
+      return new XMLDataObjectImpl(doc.getDocumentElement());
+    } catch (Exception e) {
+      // never mind, we'll try non-validating
+      MessageProvider msg = MessageProvider.getInstance();
+      Logger.info(new LogMsg(msg.getMessage("invoker.00", null)));
+    }
+
+    // try to parse non-validating
+    try {
+      ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
+      Document doc = DOMUtils.parseDocument(is, false, null, null);
+      // Since the parse tree will not contain any post schema validation information,
+      // we need to register any attributes known to be of type xsd:Id manually.
+      NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH);
+      for (int i = 0; i < idAttributes.getLength(); i++) {
+        Node item = idAttributes.item(i);
+        if (item instanceof Attr) {
+          Attr attr = (Attr) item;
+          Element owner = attr.getOwnerElement();
+          // Only available in DOM-Level 3 (Java 1.5):
+          // owner.setIdAttributeNode(attr, true);
+          if (doc instanceof CoreDocumentImpl) {
+            ((CoreDocumentImpl) doc).putIdentifier(attr.getValue(), owner);
+          }
+        }
+      }
+      return new XMLDataObjectImpl(doc.getDocumentElement());
+    } catch (Exception e) {
+      throw new MOAApplicationException("2218", null);
+    }
+  }
+
+  /**
+   * Create an <code>XMLDataObject</code> from the given signature environment.
+   *
+   * @param signatureEnvironment The signature environment contained in the
+   * result.
+   * @param uri The URI identifying the data. This must be either the empty
+   * URI, an URI starting with <code>"#xpointer"</code>, <code>"#xmlns"</code>
+   * or <code>"#element"</code>; or an URI starting with <code>"#"</code> and
+   * followed by an element ID.
+   * @param referenceID The reference ID to set for the data object.
+   * @return A data object containing the signature environment.
+   */
+  public DataObject createFromSignatureEnvironment(
+    Element signatureEnvironment,
+    String uri,
+    String referenceID)
+    throws MOAApplicationException {
+
+    DataObjectImpl dataObject = null;
+
+    if ("".equals(uri)) {
+      dataObject = new XMLDataObjectImpl(signatureEnvironment);
+    } else if (
+      uri.startsWith("#xpointer")
+        || uri.startsWith("#xmlns")
+        || uri.startsWith("#element")) {
+      try {
+    	// CHANGE IXSIL to XSECT
+    	// maybe use   URIDereferencerImpl or XPath ...??
+        //XPointerReferenceResolver resolver = new XPointerReferenceResolver();
+        URIDereferencerImpl uriDereferencer = new URIDereferencerImpl();
+        URIReference uriReference = new URIReferenceImpl(uri, null, signatureEnvironment);
+        Data returnedData = uriDereferencer.dereference(uriReference, null);
+        
+        if(returnedData instanceof NodeSetData) {
+        	NodeSetData nodeSetData = (NodeSetData)returnedData;
+        	Iterator nodesIterator = nodeSetData.iterator();
+        	List nodeList = new ArrayList();
+        	
+        	while(nodesIterator.hasNext()) {
+        		nodeList.add(nodesIterator.next());
+        	}
+        	
+        	NodeList nodes = new NodeListImplementation(nodeList);
+        	dataObject = new XMLNodeListDataObjectImpl(nodes);
+        } else if(returnedData instanceof OctetStreamData) {
+        	OctetStreamData streamData = (OctetStreamData)returnedData;
+        	dataObject = new ByteStreamDataObjectImpl(streamData.getOctetStream());
+        } else {
+        	throw new MOAApplicationException("2237", new Object[] { uri });
+        }
+        
+        //URI uriObj = new URI(uri);
+        //NodeList nodes =
+         // resolver.resolveForest(
+          //  uriObj,
+          //  signatureEnvironment.getOwnerDocument(),
+          //  null);
+        
+      } catch (Exception e) {
+        throw new MOAApplicationException("2237", new Object[] { uri });
+      }
+    } else if (uri.startsWith("#")) {
+      String id = uri.substring(1);
+      Element refElem =
+        signatureEnvironment.getOwnerDocument().getElementById(id);
+
+      if (refElem == null) {
+        throw new MOAApplicationException("2237", new Object[] { id });
+      }
+      dataObject = new XMLDataObjectImpl(refElem);
+    }
+
+    dataObject.setReferenceID(referenceID);
+    dataObject.setURI(uri);
+
+    return dataObject;
+  }
+
+  /**
+   * Build a <code>StreamEntityResolver</code> from a <code>List</code> of
+   * supplements.
+   *
+   * @param supplements The supplements, given as
+   * <code>XMLDataObjectAssociation</code>s.
+   * @return A <code>StreamEntityResolver</code> mapping the supplements by
+   * their reference URI to an <code>InputStream</code> of their respective
+   * content.
+   */
+  private static StreamEntityResolver buildSupplementEntityResolver(List supplements)
+    throws MOAApplicationException
+  {
+    Map entities = new HashMap();
+    Iterator iter;
+
+    for (iter = supplements.iterator(); iter.hasNext();) {
+      XMLDataObjectAssociation supplement =
+        (XMLDataObjectAssociation) iter.next();
+      Content content = supplement.getContent();
+      String reference = content.getReference();
+
+      switch (content.getContentType()) {
+        case Content.BINARY_CONTENT :
+          {
+            entities.put(reference, ((ContentBinary) content).getBinaryContent());
+            break;
+          }
+        case Content.LOCREF_CONTENT:
+          {
+        	String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
+
+            TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+        	if (context.FindResolvedEntity(locRefURI)==null) {
+
+	            ExternalURIResolver uriResolver = new ExternalURIResolver();
+	            InputStream uriStream = null;
+	            byte[] contentBytes;
+	            String contentType = null;
+	            try
+	            {
+	              uriStream = uriResolver.resolve(locRefURI);
+	              contentBytes = StreamUtils.readStream(uriStream);
+	              contentType = uriResolver.getContentType();
+	            }
+	            catch (Exception e)
+	            {
+	              throw new MOAApplicationException("3202", new Object[]{reference, locRefURI}, e);
+	            }
+	            finally
+	            {
+	              closeInputStream(uriStream);
+	            }
+	            context.PutResolvedEntity(locRefURI, contentBytes, contentType);
+        	}
+        	InputStream contentIS = context.ResolveURI(locRefURI);
+        	entities.put(reference, contentIS);
+            break;
+          }
+        case Content.XML_CONTENT :
+          {
+            // serialize the first element node that is found in the supplement
+            // and make it available as a stream
+            NodeList nodes = ((ContentXML) content).getXMLContent();
+            int i = 0;
+
+            // find the first element node
+            while ((i < nodes.getLength())
+              && (nodes.item(i).getNodeType() != Node.ELEMENT_NODE)) {
+              i++;
+            }
+
+            // serialize the node
+            if (i < nodes.getLength()) {
+              try
+              {
+                byte[] serialized = DOMUtils.serializeNode(nodes.item(i), "UTF-8");
+                entities.put(reference, new ByteArrayInputStream(serialized));
+              }
+              catch (Exception e)
+              {
+                throw new MOAApplicationException("2281", new Object[]{reference}, e);
+              }
+            }
+            break;
+          }
+      }
+    }
+
+    return new StreamEntityResolver(entities);
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a <code>Content</code> object.
+   *
+   * @param content The <code>Content</code> object containing the data.
+   * @param finalDataMetaInfo The meta information corresponding with <code>content</code>.
+   * @param referenceID The reference ID to set in the resulting
+   * <code>DataObject</code>. May be <code>null</code>.
+   * @param allowContentAndReference If <code>true</code>, then
+   * <code>content</code> is allowed to contain both a <code>Reference</code>
+   * attribute and content. Otherwise, either a <code>Reference</code>
+   * attribute or content must be set.
+   * @param binaryAsXml If <code>true</code>, a content child given as
+   * <code>Base64Content</code> must contain XML data.
+   * @param xmlAsNodeList If <code>true</code>, the children of a
+   * <code>XMLContent</code> child element are returned as a
+   * <code>XMLNodeListDataObject</code>. Otherwise, <code>XMLContent</code> may
+   * only contain a single child node, which must be an element and which is
+   * returned as an <code>XMLDataObject</code>.
+   * @param referenceAsXml If <code>true</code>, then content loaded from the
+   * URI given as the <code>Reference</code> attribute must be XML data.
+   * If <code>false</code>, an attempt is made to parse the data as XML and
+   * return an <code>XMLDataObject</code> but if this fails, a
+   * <code>BinaryDataObject</code> is returned containing a byte stream to the
+   * data.
+   * @return A <code>DataObject</code> representing the data in
+   * <code>content</code>. If <code>base64AsXml==true</code> and
+   * <code>xmlAsNodeList==false</code> and <code>referenceAsXml==true</code>,
+   * then the result can safely be cast to an <code>XMLDataObject</code>.
+   * @throws MOASystemException An error indicating an internal problem. See the
+   * wrapped exception for details.
+   * @throws MOAApplicationException An error occurred handling the content
+   * (probably while opening a reference or parsing the data). See the wrapped
+   * exception for details.
+   */
+  public DataObject createFromContentOptionalRefType(
+    Content content,
+    MetaInfo finalDataMetaInfo,
+    String referenceID,
+    boolean allowContentAndReference,
+    boolean binaryAsXml,
+    boolean xmlAsNodeList,
+    boolean referenceAsXml)
+    throws MOASystemException, MOAApplicationException {
+
+    String reference = content.getReference();
+    DataObjectImpl dataObject = null;
+
+    checkAllowContentAndReference(content, allowContentAndReference);
+
+    // ok, build the data object; use content first, if available
+    switch (content.getContentType())
+    {
+      case Content.XML_CONTENT :
+      {
+        ContentXML contentXml = (ContentXML) content;
+        dataObject = createFromXmlContent(contentXml, xmlAsNodeList);
+        break;
+      }
+      case Content.BINARY_CONTENT :
+      {
+        ContentBinary contentBinary = (ContentBinary) content;
+        dataObject = createFromBinaryContent(contentBinary, binaryAsXml, false);
+        break;
+      }
+      case Content.LOCREF_CONTENT :
+      {
+        String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
+        try
+        {
+          dataObject = createFromURIImpl(locRefURI, referenceAsXml);
+        }
+        catch (MOAApplicationException e)
+        {
+          throw new MOAApplicationException("3201", new Object[]{reference, locRefURI}, e);
+        }
+        break;
+      }
+      case Content.REFERENCE_CONTENT :
+      {
+        dataObject = createFromURIImpl(reference, referenceAsXml);
+        break;
+      }
+    }
+
+    // set URI and reference ID
+    dataObject.setURI(reference);
+    dataObject.setReferenceID(referenceID);
+
+    // set Type gathered from corresponding meta information
+    dataObject.setTypeURI(finalDataMetaInfo.getType());
+
+    return dataObject;
+  }
+
+  /**
+   * Check, if content and reference URIs are allowed in the content an throw
+   * an exception if an illegal combination of the two occurs.
+   *
+   * @param content The <code>Content</code> to check.
+   * @param allowContentAndReference Whether explicit content and a reference
+   * are allowed at the same time.
+   * @throws MOAApplicationException If <code>allowContentAndRefernece</code>
+   * is <code>false</code> and both explicit content and reference are set,
+   * an exception is thrown.
+   */
+  private static void checkAllowContentAndReference(
+    Content content,
+    boolean allowContentAndReference)
+    throws MOAApplicationException {
+    String reference = content.getReference();
+
+    // check for content and reference not being set
+    if ((content.getContentType() == Content.REFERENCE_CONTENT)
+      && (reference == null)) {
+      String errorCode = allowContentAndReference ? "1111" : "1110";
+      throw new MOAApplicationException(errorCode, null);
+    }
+
+    // if we only allow either content or reference being set at once, check
+    if (!allowContentAndReference
+      && (content.getContentType() != Content.REFERENCE_CONTENT)
+      && (reference != null)) {
+      throw new MOAApplicationException("1110", null);
+    }
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a
+   * <code>XMLDataObjectAssociation</code> object.
+   *
+   * @param xmlDataObjAssoc The <code>XMLDataObjectAssociation</code> object.
+   * @param xmlContentAllowed Whether the content contained in the
+   * <code>xmlDataObjAssoc</code> is allowed to be of type
+   * <code>XML_CONTENT</code>.
+   * @param binaryContentRepeatable If binary content must be provided as a
+   * <code>DataObject</code> that can be read multiple times.
+   * @return A <code>DataObject</code> representing the data in
+   * <code>xmlDataObjAssoc</code>.
+   * @throws MOASystemException An error indicating an internal problem. See the
+   * wrapped exception for details.
+   * @throws MOAApplicationException An error occurred handling the content
+   * (probably while parsing the data). See the wrapped exception for details.
+   */
+  public DataObject createFromXmlDataObjectAssociation(
+    XMLDataObjectAssociation xmlDataObjAssoc,
+    boolean xmlContentAllowed,
+    boolean binaryContentRepeatable)
+    throws MOASystemException, MOAApplicationException {
+
+    Content content = xmlDataObjAssoc.getContent();
+    MetaInfo metaInfo = xmlDataObjAssoc.getMetaInfo();
+    String mimeType = metaInfo != null ? metaInfo.getMimeType() : null;
+    DataObjectImpl dataObject = null;
+
+    switch (content.getContentType())
+    {
+      case Content.XML_CONTENT :
+      {
+        if (xmlContentAllowed)
+        {
+          dataObject = createFromXmlContent((ContentXML) content, true);
+        }
+        else
+        {
+          throw new MOAApplicationException("2280", null);
+        }
+        break;
+      }
+      case Content.BINARY_CONTENT :
+      {
+        dataObject = createFromBinaryContent(
+          (ContentBinary) content,
+          false,
+          binaryContentRepeatable);
+        break;
+      }
+      case Content.LOCREF_CONTENT :
+      {
+        String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
+        try
+        {
+          dataObject = createFromURIImpl(locRefURI, false);
+        }
+        catch (MOAApplicationException e)
+        {
+          throw new MOAApplicationException("3201", new Object[]{content.getReference(), locRefURI}, e);
+        }
+        break;
+      }
+    }
+
+    dataObject.setURI(content.getReference());
+    dataObject.setMimeType(mimeType);
+    return dataObject;
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a <code>TransformParameter</code>
+   * object.
+   *
+   * @param transformParameter The <code>TransformParameter</code> object
+   * containing the data.
+   * @return A <code>DataObject</code> representing the data in
+   * <code>root</code>.
+   * @throws MOASystemException An error indicating an internal problem. See the
+   * wrapped exception for details.
+   * @throws MOAApplicationException An error occurred handling the content
+   * (probably while opening a reference or parsing the data). See the wrapped
+   * exception for details.
+   */
+  public DataObject createFromTransformParameter(TransformParameter transformParameter)
+    throws MOASystemException, MOAApplicationException {
+
+    DataObjectImpl dataObject;
+
+    switch (transformParameter.getTransformParameterType()) {
+      case TransformParameter.BINARY_TRANSFORMPARAMETER :
+        TransformParameterBinary tpBinary =
+          (TransformParameterBinary) transformParameter;
+
+        try {
+          //dataObject = new ByteArrayDataObjectImpl(Base64Utils.encode(tpBinary.getBinaryContent()));
+          dataObject =
+            new ByteArrayDataObjectImpl(
+              StreamUtils.readStream(tpBinary.getBinaryContent()));
+        } catch (Exception e) {
+          return null;
+        }
+        //dataObject = new ByteStreamDataObjectImpl(tpBinary.getBinaryContent());
+        break;
+      default :
+        // resolve uri and build the content
+        ExternalURIResolver resolver = new ExternalURIResolver();
+        InputStream is = resolver.resolve(transformParameter.getURI());
+        ByteArrayInputStream bis;
+        try
+        {
+          bis = new ByteArrayInputStream(StreamUtils.readStream(is));
+        }
+        catch (IOException e)
+        {
+          throw new MOAApplicationException("2238", new Object[] {transformParameter.getURI()}, e);
+        }
+        finally
+        {
+          closeInputStream(is);
+        }
+        String contentType = resolver.getContentType();
+        dataObject = new ByteStreamDataObjectImpl(bis);
+        dataObject.setMimeType(contentType);
+        break;
+    }
+
+    dataObject.setURI(transformParameter.getURI());
+
+    return dataObject;
+  }
+
+  /**
+   * Create a <code>DataObject</code> from data located at the given URI.
+   *
+   * @param uri The <code>URI</code> where the data is located. This method uses
+   * an <code>ExternalURIResolver</code> to resolve URIs.
+   * @param asXml If <code>true</code>, a <code>DataObject</code> is only
+   * returned, if the content consists of XML data. If it does not consist of
+   * XML data, an <code>MOAApplicationException</code> will be thrown. If this
+   * parameter is <code>false</code> and the content consists of XML data, this
+   * method will still attempt to parse it.
+   * @return The <code>DataObject</code> contained at the URI.
+   * @throws MOASystemException A system error parsing the XML content.
+   * @throws MOAApplicationException An error occurred on opening, reading or
+   * parsing the data behind the URI.
+   */
+  public DataObject createFromURI(String uri, boolean asXml)
+    throws MOASystemException, MOAApplicationException {
+    return createFromURIImpl(uri, asXml);
+  }
+
+  /**
+   * Create a <code>DataObject</code> from data located at the given URI.
+   *
+   * @param uri The <code>URI</code> where the data is located. This method uses
+   * an <code>ExternalURIResolver</code> to resolve URIs.
+   * @param asXml If <code>true</code>, a <code>DataObject</code> is only
+   * returned, if the content consists of XML data. If it does not consist of
+   * XML data, an <code>MOAApplicationException</code> will be thrown. If this
+   * parameter is <code>false</code> and the content type is detected as being
+   * XML data, this method will still attemt to parse it.
+   * @return The <code>DataObject</code> contained at the URI.
+   * @throws MOASystemException A system error parsing the XML content.
+   * @throws MOAApplicationException An error occurred on opening, reading or
+   * parsing the data behind the URI.
+   */
+  private DataObjectImpl createFromURIImpl(String uri, boolean asXml)
+    throws MOASystemException, MOAApplicationException {
+
+    Logger.trace(">>> resolving uri \"" + uri + "\"");
+
+    ExternalURIResolver resolver = new ExternalURIResolver();
+
+    TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+    InputStream is = context.ResolveURI(uri);
+    String contentType = null;
+    boolean foundURI = false;
+    if (is == null) {
+        is = resolver.resolve(uri);
+        contentType = resolver.getContentType();
+    } else {
+    	foundURI = true;
+     	contentType = (String) context.FindResolvedEntity(uri).get(1);
+     	Logger.trace("found \"" + uri + "\" InputStream in preread Supplements!, do not read any more. Content=" + contentType);
+    }
+
+    DataObjectImpl dataObject;
+
+    // read the content
+    if ((contentType != null) && contentTypeIsXml(contentType)) {
+      Document doc;
+
+      if (asXml) {
+        try {
+          // try parsing non-validating: this has to succeed or we
+          // bail out by throwing an exception
+          is = resolver.resolve(uri);
+          doc = DOMUtils.parseDocument(is, false, null, null);
+          dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
+        } catch (ParserConfigurationException e) {
+          throw new MOASystemException("1106", null, e);
+        } catch (SAXException e) {
+          throw new MOAApplicationException("2209", null, e);
+        } catch (IOException e) {
+          throw new MOAApplicationException("2210", null, e);
+        }
+        finally
+        {
+          closeInputStream(is);
+        }
+      } else {
+        try {
+          // try parsing non-validating: need not succeed
+          is = resolver.resolve(uri);
+          doc = DOMUtils.parseDocument(is, false, null, null);
+          closeInputStream(is);
+          dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
+        } catch (Exception e) {
+          // this is the last chance: return the data as a byte stream
+          Logger.trace(">>> reading stream for \"" + uri + "\"");
+          is = resolver.resolve(uri);
+          ByteArrayInputStream bis;
+          try
+          {
+            bis = new ByteArrayInputStream(StreamUtils.readStream(is));
+            dataObject = new ByteStreamDataObjectImpl(bis);
+          }
+          catch (IOException e1)
+          {
+            throw new MOAApplicationException("2210", new Object[] { uri }, e1);
+          }
+          finally
+          {
+            closeInputStream(is);
+          }
+          Logger.trace(">>> read stream for \"" + uri + "\"");
+        }
+      }
+    }
+
+    else if (asXml)
+    {
+      // if we need XML data, we're in the wrong place here
+      closeInputStream(is);
+      throw new MOAApplicationException("2211", new Object[] { uri });
+    }
+    else
+    {
+      // content is binary: make it available as a binary input stream
+      Logger.trace(">>> getting binary input for \"" + uri + "\"");
+      byte[] contentBytes;
+      ByteArrayInputStream bis;
+      try
+      {
+          contentBytes = StreamUtils.readStream(is);
+          bis = new ByteArrayInputStream(contentBytes);
+      }
+      catch (IOException e)
+      {
+        throw new MOAApplicationException("2210", null, e);
+      }
+      finally
+      {
+        closeInputStream(is);
+      }
+	  if (!foundURI) {
+		context.PutResolvedEntity(uri, contentBytes, contentType);
+	  }
+      dataObject = new ByteStreamDataObjectImpl(bis);
+      Logger.trace("<<< got binary input for \"" + uri + "\"");
+    }
+
+    dataObject.setMimeType(contentType);
+    dataObject.setURI(uri);
+
+    Logger.trace("<<< resolved uri \"" + uri + "\"");
+
+    return dataObject;
+  }
+
+  /**
+   * Savely closes the specified input stream.
+   *
+   * @param is The input stream to be closed.
+   */
+  private static void closeInputStream(InputStream is)
+  {
+    try
+    {
+      if (is != null) {
+        is.close();
+      }
+    }
+    catch (Throwable t)
+    {
+      // Intentionally do nothing here
+    }
+  }
+
+  /**
+   * Determine whether the content type is XML.
+   *
+   * Content types recognized as XML start with <code>text/xml</code> and
+   * <code>application/xml</code>.
+   *
+   * @param contentType The content MIME type.
+   * @return boolean If <code>true</code>, the content type is XML, otherwise
+   * not.
+   */
+  private static boolean contentTypeIsXml(String contentType) {
+    return contentType.startsWith("text/xml")
+      || (contentType.startsWith("application/xml"));
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a <code>ContentXML</code> object.
+   *
+   * @param xmlContent The <code>ContentXML</code> object from
+   * which the <code>DataObject</code> is to be built.
+   * @param xmlAsNodeList If <code>true</code>, the children of
+   * <code>xmlContent</code> are returned as a
+   * <code>XMLNodeListDataObject</code>. Otherwise,
+   * <code>xmlContent</code> may only contain a single child node, which must be
+   * an element and which is returned as an <code>XMLDataObject</code>.
+   * @return A <code>DataObject</code> representing the XML content in
+   * <code>xmlContent</code>.
+   * @throws MOAApplicationException If <code>xmlAsNodeList</code> is
+   * <code>false</code> and <code>xmlContent</code> does not have a single child
+   * element.
+   */
+  private DataObjectImpl createFromXmlContent(
+    ContentXML xmlContent,
+    boolean xmlAsNodeList)
+    throws MOAApplicationException {
+
+    DataObjectImpl dataObject;
+
+    if (xmlAsNodeList) {
+      dataObject = new XMLNodeListDataObjectImpl(xmlContent.getXMLContent());
+    } else {
+      NodeList nodes = xmlContent.getXMLContent();
+      Element element = checkForSingleElement(nodes);
+
+      // build the XMLDataObject
+      dataObject = new XMLDataObjectImpl(element);
+    }
+    return dataObject;
+  }
+
+  /**
+   * Check, that the given <code>NodeList</code> contains a single DOM element
+   * node and return it, otherwise throw an exception.
+   *
+   * @param nodes The <code>NodeList</code> to check for a single element.
+   * @return The single element contained in <code>nodes</code>.
+   * @throws MOAApplicationException Thrown, if <code>nodes</code> does not
+   * contain exactly 1 element node.
+   */
+  private Element checkForSingleElement(NodeList nodes)
+    throws MOAApplicationException {
+
+    Element element = null;
+    int i;
+
+    // check for a single element node
+    for (i = 0; i < nodes.getLength(); i++) {
+      if (nodes.item(i).getNodeType() == Node.ELEMENT_NODE) {
+        if (element == null) {
+          element = (Element) nodes.item(i);
+        } else {
+          throw new MOAApplicationException("1109", null);
+        }
+      }
+    }
+
+    // return the element node
+    if (element == null) {
+      throw new MOAApplicationException("1107", null);
+    } else {
+      return element;
+    }
+  }
+
+  /**
+   * Create a <code>DataObject</code> from a <code>ContentBinary</code> object.
+   *
+   * @param binaryContent The <code>ContentBinary</code> object containing the
+   * data.
+   * @param asXml If <code>true</code>, <code>binaryContent</code> must
+   * contain XML data. Otherwise, a <code>BinaryDataObject</code> will be
+   * returned containing a byte stream to the decoded Base64 data.
+   * @param repeatable If multiple calls to <code>getInputStream()</code> must
+   * repeatedly return the content of the data object.
+   * @return A <code>DataObject</code> representing the content contained in
+   * <code>binaryContent</code>.
+   * @throws MOASystemException An error indicating an internal problem. See the
+   * wrapped exception for details.
+   * @throws MOAApplicationException An error occurred handling the content
+   * (probably while parsing the data). See the wrapped exception for details.
+   */
+  private DataObjectImpl createFromBinaryContent(
+    ContentBinary binaryContent,
+    boolean asXml,
+    boolean repeatable)
+    throws MOASystemException, MOAApplicationException {
+
+    InputStream byteStream = binaryContent.getBinaryContent();
+    DataObjectImpl dataObject;
+
+    if (asXml) {
+      Document doc;
+
+      try {
+        doc = DOMUtils.parseDocument(byteStream, false, null, null);
+        dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
+      } catch (ParserConfigurationException e) {
+        throw new MOASystemException("1106", null, e);
+      } catch (SAXException e) {
+        throw new MOAApplicationException("2209", null, e);
+      } catch (IOException e) {
+        throw new MOAApplicationException("2210", null, e);
+      }
+    } else {
+      if (repeatable) {
+        try {
+          dataObject =
+            new ByteArrayDataObjectImpl(StreamUtils.readStream(byteStream));
+        } catch (IOException e) {
+          throw new MOAApplicationException("2210", null);
+        }
+      } else {
+        dataObject = new ByteStreamDataObjectImpl(byteStream);
+      }
+    }
+
+    return dataObject;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
new file mode 100644
index 0000000..933d058
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLConnection;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.ExternalURIVerifier;
+
+/**
+ * Resolve external URIs and provide them as a stream.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ExternalURIResolver {
+
+  /** The MIME type of the content currently resolved. */
+  private String contentType;
+
+  /**
+   * Return a stream to data at the given URI.
+   * 
+   * This method will try to open an <code>URLConnection</code> to the given
+   * URI. Access to the file system is disallowed.
+   * 
+   * @param uriStr The URI to resolve.
+   * @return InputStream The data contained at the URI.
+   * @throws MOAApplicationException An error occurred resolving the URI (e.g.,
+   * the URI is syntactically incorrect or the stream could not be opened).
+   */
+  public InputStream resolve(String uriStr) throws MOAApplicationException {
+    URI uri;
+    URL url;
+    URLConnection connection;
+    InputStream is;
+
+    // build the URI
+    try {
+      uri = new URI(uriStr);
+    } catch (URIException e) {
+      throw new MOAApplicationException("2207", new Object[] { uriStr });
+    }
+
+    // disallow access to local file system
+    if ("".equals(uri.getScheme()) || "file".equals(uri.getScheme())) {
+      throw new MOAApplicationException("2213", new Object[] { uriStr });
+    }
+
+    // if we have local content (SOAP with attachments)
+    if ("formdata".equals(uri.getScheme())) {
+      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+      if (context==null) {
+        //no transaction
+        throw new MOAApplicationException("2282", new Object[] { uri });
+      } else {
+        InputStream attachmentIs = context.getAttachmentInputStream(uri);
+        if (attachmentIs != null) {
+          setContentType(context.getAttachmentContentType(uri.getPath()));
+          return attachmentIs;
+        } else {
+          //maybe attachments provided but no suiting attachment found
+          throw new MOAApplicationException("2282", new Object[] { uri });
+        }
+      } 
+    } 
+    
+    // convert URI to URL
+    try {
+      // create the URL
+      url = new URL(uriStr);
+      //System.out.println("ExternalURIResolver: " + url);
+      ExternalURIVerifier.verify(url.getHost(), url.getPort());
+      
+    } catch (MalformedURLException e) {
+      throw new MOAApplicationException("2214", new Object[] { uriStr });
+    }
+
+    // build the URLConnection
+    try {
+      connection = url.openConnection();
+      if ("http".equals(url.getProtocol())) {
+        HttpURLConnection httpConnection = (HttpURLConnection) connection;
+        // disallow redirects
+        httpConnection.setInstanceFollowRedirects(false);
+
+        httpConnection.connect();
+        if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) {
+          throw new MOAApplicationException("2208", new Object[] { uri });
+        }
+      } else if ("https".equals(url.getProtocol())) {
+        /* 
+         * this doesn't work because of some interaction between the IAIK
+         * JCE and Sun JSSE that results in an "Invalid AVA format" exception
+         */
+
+        /*
+        HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
+        InputStream trustStore =
+          getClass().getResourceAsStream(DEFAULT_TRUST_STORE);
+        SSLSocketFactory factory =
+          SSLUtils.getSSLSocketFactory("jks", trustStore, "changeit");
+        httpsConnection.setSSLSocketFactory(factory);
+        httpsConnection.connect();
+        if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) {
+          throw new MOAApplicationException("2208", new Object[] { uri });
+        }
+        */
+        connection.connect();
+      } else {
+        connection.connect();
+      }
+      is = connection.getInputStream();
+    } catch (IOException e) {
+      throw new MOAApplicationException("2208", new Object[] { uri }, e);
+    } /*catch (GeneralSecurityException e) {
+         throw new MOAApplicationException("2208", new Object[] { uri }, e);
+       }*/
+
+    // set the content type
+    setContentType(connection.getContentType());
+
+    return is;
+  }
+
+  /**
+   * Set the content type of the data at the URI.
+   * 
+   * @param contentType The content type to set.
+   */
+  protected void setContentType(String contentType) {
+    this.contentType = contentType;
+  }
+
+  /**
+   * Return the content type of the data detected at the URI from the previous
+   * call of <code>resolve()</code>.
+   * 
+   * @return String The content type.
+   */
+  public String getContentType() {
+    return contentType;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
new file mode 100644
index 0000000..1136ff2
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java
@@ -0,0 +1,318 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+
+import java.lang.reflect.Constructor;
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+
+
+/**
+ * Map an exception from the <code>iaik</code> namespace to a
+ * <code>MOAException</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikExceptionMapper {
+
+  /** The argument classes for <code>MOAException</code>s. */
+  private static final Class[] CONSTRUCTOR_ARGS =
+    new Class[] { String.class, Object[].class, Throwable.class };
+  /** The exception mapping, as an array. */
+  private static final Object[][] MESSAGES =
+    {
+      { iaik.server.modules.IAIKException.class, "9900", MOASystemException.class },
+      { iaik.server.modules.IAIKRuntimeException.class, "9901", MOASystemException.class },
+      { iaik.server.modules.xmlsign.XMLSignatureCreationException.class, "2220", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.XMLSignatureCreationRuntimeException.class, "2220", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.InvalidKeyException.class, "2221", MOAApplicationException.class }, 
+      { iaik.server.modules.xmlsign.ManifestException.class, "2222", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.ReferenceException.class, "2223", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.HashUnavailableException.class, "2224", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignatureAlgorithmException.class, "2225", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignatureEmbeddingException.class, "2226", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignatureValueException.class, "2227", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignedPropertyException.class, "2228", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SignerCertificateUnavailableException.class, "2229", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.SupplementException.class, "2230", MOAApplicationException.class },
+      { iaik.server.modules.xmlsign.TransformationException.class, "2233", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.CMSSignatureVerificationException.class, "2240", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2240", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.AlgorithmNotSupportedException.class, "2241", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.CMSSignatureParsingException.class, "2242", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.SignerCertificateUnavailableException.class, "2243", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2247", MOAApplicationException.class },
+      { iaik.server.modules.cmsverify.InitException.class, "2248", MOAApplicationException.class }, 
+      { iaik.server.modules.xmlverify.XMLSignatureVerificationException.class, "2240", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.XMLSignatureVerificationRuntimeException.class, "2240", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.AlgorithmNotSupportedException.class, "2241", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.ManifestException.class, "2262", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.PropertiesException.class, "2263", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.ReferenceException.class, "2264", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.HashUnavailableException.class, "2224", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.SignerCertificateUnavailableException.class, "2243", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.SupplementException.class, "2230", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.TransformationException.class, "2265", MOAApplicationException.class },
+      { iaik.server.modules.xmlverify.TransformationParsingException.class, "2269", MOAApplicationException.class },
+      { iaik.xml.crypto.tsl.ex.TSLEngineDiedException.class, "2290", MOAApplicationException.class },
+      { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class } ,
+      { iaik.server.modules.cmssign.CMSSignatureCreationException.class, "2300", MOAApplicationException.class } ,
+      
+      
+  };
+  
+  /** The single instance of this class. */
+  private static IaikExceptionMapper instance;
+  /** The exception mapping, as a <code>Map</code> for fast lookup. */
+  private Map messages = new HashMap();
+
+  /**
+   * Get the single instance of this class.
+   * 
+   * @return The single instance of this class.
+   */
+  public static synchronized IaikExceptionMapper getInstance() {
+    if (instance == null) {
+      instance = new IaikExceptionMapper();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>IaikExceptionMapper</code>.
+   * 
+   * Protected to disallow multple instances.
+   */
+  protected IaikExceptionMapper() {
+    registerMessages();
+  }
+
+  /**
+   * Build the complete <code>IAIKException</code> to message code mapping.
+   */
+  protected void registerMessages() {
+    int i;
+
+    for (i = 0; i < MESSAGES.length; i++) {
+      registerMessage(
+        (Class) MESSAGES[i][0],
+        (String) MESSAGES[i][1],
+        (Class) MESSAGES[i][2]);
+    }
+  }
+
+  /**
+   * Register a single <code>IAIKException</code> to message mapping.
+   * 
+   * @param iaikExceptionClass An exception from the <code>iaik</code> package. 
+   * @param messageId The corresponding error message id.
+   * @param moaExceptionClass The type of <code>MOAException</code> that the
+   * <code>IAIKException</code> is mapped to (usually
+   * <code>MOAApplicationException</code> or <code>MOASystemException</code>).
+   */
+  protected void registerMessage(
+    Class iaikExceptionClass,
+    String messageId,
+    Class moaExceptionClass) {
+
+    messages.put(
+      iaikExceptionClass,
+      new ExceptionMappingInfo(messageId, moaExceptionClass));
+  }
+
+  /**
+   * Map an <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> to a <code>MOAException</code>.
+   * 
+   * @param tslSearchException The <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> to map. 
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKException</code>.
+   */
+  public MOAException map(iaik.xml.crypto.tsl.ex.TSLSearchException tslSearchException) {
+    return mapImpl(tslSearchException);
+  }
+
+  /**
+   * Map an <code>iaik.xml.crypto.tsl.ex.TSLEngineDiedException</code> to a <code>MOAException</code>.
+   * 
+   * @param tslEngineDiedException The <code>iaik.xml.crypto.tsl.ex.TSLEngineDiedException</code> to map. 
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKException</code>.
+   */
+  public MOAException map(iaik.xml.crypto.tsl.ex.TSLEngineDiedException tslEngineDiedException) {
+    return mapImpl(tslEngineDiedException);
+  }
+  
+  /**
+   * Map an <code>IAIKException</code> to a <code>MOAException</code>.
+   * 
+   * @param iaikException The <code>IAIKException</code> to map. 
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKException</code>.
+   */
+  public MOAException map(IAIKException iaikException) {
+    return mapImpl(iaikException);
+  }
+  
+  /**
+   * Map an <code>IAIKRuntimeException</code> to a <code>MOAException</code>.
+   * 
+   * @param iaikException The <code>IAIKException</code> to map. 
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKRuntimeException</code>.
+   */
+  public MOAException map(IAIKRuntimeException iaikException) {
+    return mapImpl(iaikException);
+  }
+
+  /**
+   * Map an <code>IAIKException</code> or <code>IAIKRuntimeException</code> to a
+   * <code>MOAException</code>.
+   * 
+   * @param iaikException The <code>IAIKException</code> or
+   * <code>IAIKRuntimeException</code> to map.
+   * @return A <code>MOAException</code> containing the message for the
+   * given <code>IAIKRuntimeException</code>.
+   */
+  private MOAException mapImpl(Exception iaikException) {
+    MOAException moaException = createMoaException(iaikException);
+
+    if (moaException == null) {
+      return new MOASystemException("9999", null, iaikException);
+    }
+    return moaException;
+  }
+
+  /**
+   * Create a <code>MOAException</code> from a given <code>IAIKException</code>
+   * by looking it up in the mapping.
+   * 
+   * @param iaikException The <code>IAIKException</code> to map.
+   * @return A <code>MOAException</code> with an error code corresponding to
+   * the given <code>IAIKException</code>. Returns <code>null</code>, if no
+   * mapping could be found.
+   */
+  protected MOAException createMoaException(Exception iaikException) {
+    ExceptionMappingInfo info = lookupMessage(iaikException.getClass());
+    Constructor constructor;
+
+    if (info == null) {
+      return null;
+    }
+
+    // instantiate the proper MOAException and return it
+    try {
+      constructor =
+        info.getMoaExceptionClass().getConstructor(CONSTRUCTOR_ARGS);
+      return (MOAException) constructor.newInstance(
+        new Object[] {
+          info.getMessageId(),
+          new Object[] { iaikException.getMessage()},
+          iaikException });
+    } catch (Exception e) {
+      return null;
+    }
+  }
+
+  /**
+   * Recursively look up the message associated with an
+   * <code>IAIKException</code>.
+   * 
+   * This method walks up the exception inheritance hierarchy until it finds a
+   * mapping.
+   * 
+   * @param iaikExceptionClass The <code>IAIKException</code> to look up.
+   * @return Information about the message id and
+   * <code>MOAException</code> class that the <code>iaikExceptionClass</code>
+   * maps to. If no mapping could be found, <code>null</code> is returned.
+   */
+  protected ExceptionMappingInfo lookupMessage(Class iaikExceptionClass) {
+    ExceptionMappingInfo info;
+
+    // break if 
+    if (iaikExceptionClass.equals(Exception.class)) {
+      return null;
+    }
+
+    // look up the exception class
+    info = (ExceptionMappingInfo) messages.get(iaikExceptionClass);
+    if (info == null) {
+      return lookupMessage(iaikExceptionClass.getSuperclass());
+    }
+    return info;
+  }
+
+}
+
+/**
+ * A class containing a mapping from an error message ID to a
+ * <code>MOAException</code> class.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+class ExceptionMappingInfo {
+  /** The message ID. */
+  private String messageId;
+  /** The <code>MOAException</code> class. */
+  private Class moaExceptionClass;
+
+  /**
+   * Create a new <code>ExceptionMappingInfo</code>.
+   * 
+   * @param messageId The message ID.
+   * @param moaExceptionClass The <code>MOAException</code> class. 
+   */
+  public ExceptionMappingInfo(String messageId, Class moaExceptionClass) {
+    this.messageId = messageId;
+    this.moaExceptionClass = moaExceptionClass;
+  }
+
+  /**
+   * Return the message ID.
+   * 
+   * @return The message ID.
+   */
+  public String getMessageId() {
+    return messageId;
+  }
+
+  /**
+   * Returns the <code>MOAException</code> class that the message ID maps to.
+   * 
+   * @return The <code>MOAException</code> class.
+   */
+  public Class getMoaExceptionClass() {
+    return moaExceptionClass;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java
new file mode 100644
index 0000000..0bca8ae
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.util.XPathException;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.ElementSelector;
+
+/**
+ * Utility methods for invoking the IAIK MOA modules.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class InvokerUtils {
+
+  /**
+   * Select the signature parent element.
+   * 
+   * @param root The root DOM element which contains the signature parent
+   * element somewhere in its subtree.
+   * @param location The <code>ElementSelector</code> containing the XPath 
+   * expression to select the signature parent element from the document. 
+   * It is also contains the namespace prefix to URI mapping.
+   * @return Element The signature parent element.
+   * @throws MOAApplicationException An error occurred evaluating the
+   * <code>location</code>.
+   */
+  public static Element evaluateSignatureLocation(
+    Element root,
+    ElementSelector location)
+    throws MOAApplicationException {
+
+    NodeList nodes;
+
+    try {
+      nodes =
+        XPathUtils.selectNodeList(
+          root,
+          location.getNamespaceDeclarations(),
+          location.getXPathExpression());
+    } catch (XPathException e) {
+      throw new MOAApplicationException(
+        "2212",
+        new Object[] { location.getXPathExpression()},
+        e);
+    }
+
+    if (nodes.getLength() != 1
+      || !(nodes.item(0).getNodeType() == Node.ELEMENT_NODE)) {
+      throw new MOAApplicationException(
+        "2212",
+        new Object[] { location.getXPathExpression()});
+    }
+    return (Element) nodes.item(0);
+  }
+
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java
new file mode 100644
index 0000000..c6eaa4f
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java
@@ -0,0 +1,273 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.xmlbind.ProfileParser;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileID;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileID;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileID;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileID;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * Map ProfileID objects to their explicit represantation.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ProfileMapper {
+
+  /** The parser to parse the profiles. */
+  private static ProfileParser profileParser = new ProfileParser();
+
+  /**
+   * Map a <code>CreateTransformsInfoProfile</code> to a 
+   * <code>CreateTransformsInfoProfileExplicit</code>.
+   * 
+   * @param profile The profile object to map.
+   * @param config The MOA configuration to use for looking up the profile.
+   * @return <code>profile</code>, if the given profile is of type
+   * <code>EXPLICIT_CREATETRANSFORMSINFOPROFILE</code>, otherwise the profile
+   * that is looked up and parsed from the configuration. 
+   * @throws MOAApplicationException An error occurred parsing the profile.
+   */
+  public static CreateTransformsInfoProfileExplicit mapCreateTransformsInfoProfile(
+    CreateTransformsInfoProfile profile,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    switch (profile.getCreateTransformsInfoProfileType()) {
+      case CreateTransformsInfoProfile.EXPLICIT_CREATETRANSFORMSINFOPROFILE :
+        return (CreateTransformsInfoProfileExplicit) profile;
+
+      case CreateTransformsInfoProfile.ID_CREATETRANSFORMSINFOPROFILE :
+        CreateTransformsInfoProfileID profileIdObj =
+          (CreateTransformsInfoProfileID) profile;
+        String profileID = profileIdObj.getCreateTransformsInfoProfileID();
+        Element profileElem = config.getCreateTransformsInfoProfile(profileID);
+
+        if (profileElem == null) {
+          throw new MOAApplicationException("2234", new Object[] { profileID });
+        }
+
+        return (
+          CreateTransformsInfoProfileExplicit) profileParser
+            .parseCreateTransformsInfoProfile(
+          profileElem);
+    }
+    return null; // this will not happen
+  }
+
+  /**
+   * Map a <code>CreateSignatureEnvironmentProfile</code> to a 
+   * <code>CreateSignatureEnvironmentProfileExplicit</code>.
+   * 
+   * @param profile The profile object to map.
+   * @param config The MOA configuration to use for looking up the profile.
+   * @return <code>profile</code>, if the given profile is of type
+   * <code>EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE</code>, otherwise the 
+   * profile that is looked up and parsed from the configuration. 
+   * @throws MOAApplicationException An error occurred parsing the profile.
+   */
+  public static CreateSignatureEnvironmentProfileExplicit mapCreateSignatureEnvironmentProfile(
+    CreateSignatureEnvironmentProfile profile,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    switch (profile.getCreateSignatureEnvironmentProfileType()) {
+      case CreateSignatureEnvironmentProfile
+        .EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE :
+
+        return (CreateSignatureEnvironmentProfileExplicit) profile;
+
+      case CreateSignatureEnvironmentProfile
+        .ID_CREATESIGNATUREENVIRONMENTPROFILE :
+
+        CreateSignatureEnvironmentProfileID profileIdObj =
+          (CreateSignatureEnvironmentProfileID) profile;
+        String profileID =
+          profileIdObj.getCreateSignatureEnvironmentProfileID();
+        Element profileElem =
+          config.getCreateSignatureEnvironmentProfile(profileID);
+
+        if (profileElem == null) {
+          throw new MOAApplicationException("2236", new Object[] { profileID });
+        }
+
+        return (
+          CreateSignatureEnvironmentProfileExplicit) profileParser
+            .parseCreateSignatureEnvironmentProfile(
+          profileElem);
+
+    }
+    return null;
+
+  }
+
+  /**
+   * Map a <code>List</code> of <code>SupplementProfile</code>s to their
+   * explicit representation.
+   * 
+   * @param profiles The profiles to map.
+   * @param config The MOA configuration to use for looking up profiles.
+   * @return The mapped profiles.
+   * @throws MOAApplicationException An error occurred mapping one of the
+   * profiles.
+   */
+  public static List mapSupplementProfiles(
+    List profiles,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    List mappedProfiles = new ArrayList();
+    Iterator iter;
+
+    for (iter = profiles.iterator(); iter.hasNext();) {
+      SupplementProfile profile = (SupplementProfile) iter.next();
+      mappedProfiles.add(mapSupplementProfile(profile, config));
+    }
+
+    return mappedProfiles;
+  }
+
+  /**
+   * Map a <code>SupplementProfile</code> to a 
+   * <code>SupplementProfileExplicit</code>.
+   * 
+   * @param profile The profile object to map.
+   * @param config The MOA configuration to use for looking up the profile.
+   * @return <code>profile</code>, if the given profile is of type
+   * <code>EXPLICIT_SUPPLEMENTPROFILE</code>, otherwise the 
+   * profile that is looked up and parsed from the configuration. 
+   * @throws MOAApplicationException An error occurred parsing the profile.
+   */
+  public static SupplementProfileExplicit mapSupplementProfile(
+    SupplementProfile profile,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    switch (profile.getSupplementProfileType()) {
+      case SupplementProfile.EXPLICIT_SUPPLEMENTPROFILE :
+        return (SupplementProfileExplicit) profile;
+
+      case SupplementProfile.ID_SUPPLEMENTPROFILE :
+        SupplementProfileID profileIdObj = (SupplementProfileID) profile;
+        String profileID = profileIdObj.getSupplementProfileID();
+        Element profileElem = config.getSupplementProfile(profileID);
+
+        if (profileElem == null) {
+          throw new MOAApplicationException("2267", new Object[] { profileID });
+        }
+
+        return (
+          SupplementProfileExplicit) profileParser.parseSupplementProfile(
+          profileElem);
+    }
+
+    return null;
+  }
+
+  /**
+   * Map a <code>List</code> of <code>VerifyTransformsInfoProfile</code>s to 
+   * their explicit representation.
+   * 
+   * @param profiles The profiles to map.
+   * @param config The MOA configuration to use for looking up profiles.
+   * @return The mapped profiles.
+   * @throws MOAApplicationException An error occurred mapping one of the
+   * profiles.
+   */
+  public static List mapVerifyTransformsInfoProfiles(
+    List profiles,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    List mappedProfiles = new ArrayList();
+    Iterator iter;
+
+    for (iter = profiles.iterator(); iter.hasNext();) {
+      VerifyTransformsInfoProfile profile =
+        (VerifyTransformsInfoProfile) iter.next();
+      mappedProfiles.add(mapVerifyTransformsInfoProfile(profile, config));
+    }
+
+    return mappedProfiles;
+  }
+
+  /**
+   * Map a <code>VerifyTransformsInfoProfile</code> to a 
+   * <code>VerifyTransformsInfoProfileExplicit</code>.
+   * 
+   * @param profile The profile object to map.
+   * @param config The MOA configuration to use for looking up the profile.
+   * @return <code>profile</code>, if the given profile is of type
+   * <code>EXPLICIT_VERIFYTRANSFORMSINFOPROFILE</code>, otherwise the 
+   * profile that is looked up and parsed from the configuration. 
+   * @throws MOAApplicationException An error occurred parsing the profile.
+   */
+  public static VerifyTransformsInfoProfileExplicit mapVerifyTransformsInfoProfile(
+    VerifyTransformsInfoProfile profile,
+    ConfigurationProvider config)
+    throws MOAApplicationException {
+
+    switch (profile.getVerifyTransformsInfoProfileType()) {
+      case VerifyTransformsInfoProfile.EXPLICIT_VERIFYTRANSFORMSINFOPROFILE :
+        return (VerifyTransformsInfoProfileExplicit) profile;
+
+      case VerifyTransformsInfoProfile.ID_VERIFYTRANSFORMSINFOPROFILE :
+        VerifyTransformsInfoProfileID profileIdObj =
+          (VerifyTransformsInfoProfileID) profile;
+        String profileID = profileIdObj.getVerifyTransformsInfoProfileID();
+        Element profileElem =
+          config.getVerifyTransformsInfoProfile(profileID);
+        
+        if (profileElem == null) {
+          throw new MOAApplicationException("2268", new Object[] { profileID });          
+        }
+
+        return (
+          VerifyTransformsInfoProfileExplicit) profileParser
+            .parseVerifyTransformsInfoProfile(
+          profileElem);
+    }
+
+    return null;
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java
new file mode 100644
index 0000000..8f3c075
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * A utility class for setting up and tearing down thread-local context 
+ * information needed for calling the <code>Invoker</code> classes.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ServiceContextUtils {
+  
+  /**
+   * Set up the thread-local context information needed for calling the various 
+   * <code>Invoker</code> classes.
+   *  
+   * @throws ConfigurationException An error occurred setting up the
+   * configuration in the <code>TransactionContext</code>.
+   */
+  public static void setUpContexts() throws ConfigurationException {
+    TransactionContextManager txMgr = TransactionContextManager.getInstance();
+    LoggingContextManager logMgr = LoggingContextManager.getInstance();
+    String transactionID = Thread.currentThread().getName();
+    
+    if (txMgr.getTransactionContext() == null) {
+      TransactionContext ctx = new TransactionContext(transactionID, null, ConfigurationProvider.getInstance());
+      txMgr.setTransactionContext(ctx);
+    }
+    
+    if (logMgr.getLoggingContext() == null) {
+      LoggingContext ctx = new LoggingContext(transactionID);
+      logMgr.setLoggingContext(ctx);
+    }
+  }
+  
+  /**
+   * Tear down thread-local context information.
+   */
+  public static void tearDownContexts() {
+    TransactionContextManager.getInstance().setTransactionContext(null);
+    LoggingContextManager.getInstance().setLoggingContext(null);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java
new file mode 100644
index 0000000..b746333
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.Collections;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.spss.api.SignatureCreationService;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+
+/**
+ * An implementation of the <code>SignatureCreationService</code>, using
+ * the <code>XMLSignatureCreationInvoker</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SignatureCreationServiceImpl extends SignatureCreationService {
+
+  /**
+   * Create an XML signature.
+   * 
+   * @param request The <code>CreateXMLSignatureRequest</code> containing
+   * information about the signature(s) to create.
+   * @return The created signature(s).
+   * @throws MOAException An error occurred creating the signature(s).
+   */
+  public CreateXMLSignatureResponse createXMLSignature(CreateXMLSignatureRequest request)
+    throws MOAException {
+
+    XMLSignatureCreationInvoker invoker =
+      XMLSignatureCreationInvoker.getInstance();
+    CreateXMLSignatureResponse response;
+
+    try {
+    	
+      Configurator.getInstance().init();
+      ServiceContextUtils.setUpContexts();
+      response = invoker.createXMLSignature(request, Collections.EMPTY_SET);
+      
+      return response;
+    } finally {
+      ServiceContextUtils.tearDownContexts();
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java
new file mode 100644
index 0000000..5b6033c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * An implementation of the <code>SignatureVerificationService</code> using
+ * the <code>XMLSignatureVerificationInvoker</code> and the
+ * <code>CMSSignatureVerificationInvoker</code>.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class SignatureVerificationServiceImpl
+  extends SignatureVerificationService {
+
+  /**
+   * Verify a CMS signature.
+   * 
+   * @param request The <code>VerifyCMSSignatureRequest</code> containing 
+   * information about the signature verification.
+   * @return The result of the signature verification.
+   * @throws MOAException An error occurred during signature verification.
+   */
+  public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request)
+    throws MOAException {
+
+    CMSSignatureVerificationInvoker invoker =
+      CMSSignatureVerificationInvoker.getInstance();
+    VerifyCMSSignatureResponse response;
+
+    try {
+      Configurator.getInstance().init();
+      ServiceContextUtils.setUpContexts();
+      response = invoker.verifyCMSSignature(request);
+      
+      return response;
+    } finally {
+      ServiceContextUtils.tearDownContexts();
+    }
+  }
+
+  /**
+   * Verify an XML signature.
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> containinig
+   * information about the signature verification.
+   * @return The result of the signature verification.
+   * @throws MOAException An error occurred during signature verification.
+   */
+  public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
+    throws MOAException {
+
+    XMLSignatureVerificationInvoker invoker =
+      XMLSignatureVerificationInvoker.getInstance();
+    VerifyXMLSignatureResponse response;
+
+    try {
+    	
+
+      Configurator.getInstance().init();
+      ServiceContextUtils.setUpContexts();
+      response = invoker.verifyXMLSignature(request);
+            
+      return response;
+    } finally {
+      ServiceContextUtils.tearDownContexts();
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java
new file mode 100644
index 0000000..7842f14
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java
@@ -0,0 +1,282 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import iaik.server.modules.xml.Base64Transformation;
+import iaik.server.modules.xml.Canonicalization;
+import iaik.server.modules.xml.EnvelopedSignatureTransformation;
+import iaik.server.modules.xml.Transformation;
+import iaik.server.modules.xml.XPath2Transformation;
+import iaik.server.modules.xml.XPathTransformation;
+import iaik.server.modules.xml.XSLTTransformation;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.ExclusiveCanonicalizationTransform;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter;
+import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform;
+import at.gv.egovernment.moa.spss.api.common.XPathTransform;
+import at.gv.egovernment.moa.spss.api.common.XSLTTransform;
+import at.gv.egovernment.moa.spss.server.iaik.xml.Base64TransformationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.EnvelopedSignatureTransformationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ExclusiveCanonicalizationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XPath2FilterImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XPath2TransformationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XPathTransformationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XSLTTransformationImpl;
+
+/**
+ * A factory to create <code>Transformation</code> objects from  
+ * <code>Transform</code> objects.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TransformationFactory {
+
+
+  /** The single instance of this class. */
+  private static TransformationFactory instance = null;
+
+  /** Maps <code>XPathFilter</code> filter types to 
+   * <code>XPath2Transformation</code> filter types. */
+  private static Map FILTER_TYPE_MAPPING;
+
+  static {
+    FILTER_TYPE_MAPPING = new HashMap();
+
+    FILTER_TYPE_MAPPING.put(
+      XPathFilter.INTERSECT_TYPE,
+      XPath2Transformation.XPath2Filter.INTERSECTION);
+    FILTER_TYPE_MAPPING.put(
+      XPathFilter.SUBTRACT_TYPE,
+      XPath2Transformation.XPath2Filter.SUBTRACTION);
+    FILTER_TYPE_MAPPING.put(
+      XPathFilter.UNION_TYPE,
+      XPath2Transformation.XPath2Filter.UNION);
+  }
+
+  /**
+   * Get the single instance of the factory.
+   * 
+   * @return TransformationFactory The single instance.
+   */
+  public static synchronized TransformationFactory getInstance() {
+    if (instance == null) {
+      instance = new TransformationFactory();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>TransformationFactory</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected TransformationFactory() {
+  }
+
+  /**
+   * Create a <code>Transformation</code> based on a 
+   * <code>Transform</code> object.
+   * 
+   * @param transform The <code>Transform</code> object to extract
+   * transformation data from.
+   * @return The transformation contained in the <code>transform</code>
+   * object.
+   * @throws MOAApplicationException An error occured creating the
+   * <code>Transformation</code>. See exception message for details.
+   */
+  public Transformation createTransformation(Transform transform)
+    throws MOAApplicationException {
+    String algorithmUri = transform.getAlgorithmURI();
+
+    if (Canonicalization.CANONICAL_XML.equals(algorithmUri)
+      || Canonicalization.CANONICAL_XML_WITH_COMMENTS.equals(algorithmUri)) {
+      return createC14nTransformation(algorithmUri);
+    } else if (
+      Canonicalization.EXCLUSIVE_CANONICAL_XML.equals(algorithmUri)
+        || Canonicalization.EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS.equals(
+          algorithmUri)) {
+
+      return createExclusiveC14nTransformation(
+        (ExclusiveCanonicalizationTransform) transform);
+
+    } else if (Base64Transformation.ALL.contains(algorithmUri)) {
+      return createBase64Transformation();
+    } else if (EnvelopedSignatureTransformation.ALL.contains(algorithmUri)) {
+      return createEnvelopedSignatureTransformation();
+    } else if (XPathTransformation.ALL.contains(algorithmUri)) {
+      return createXPathTransformation((XPathTransform) transform);
+    } else if (XPath2Transformation.ALL.contains(algorithmUri)) {
+      return createXPath2Transformation((XPathFilter2Transform) transform);
+    } else if (XSLTTransformation.ALL.contains(algorithmUri)) {
+      return createXSLTTransformation((XSLTTransform) transform);
+    } else {
+      throw new MOAApplicationException("1108", new Object[] { algorithmUri });
+    }
+  }
+
+  /**
+   * Create a <code>List</code> of <code>Transformation</code>s from a 
+   * <code>List</code> of <code>Transform</code>s.
+   * 
+   * @param transforms The <code>List</code> containing the 
+   * <code>Transform</code>s. 
+   * @return The <code>List</code> of <code>Transformation</code>s corresponding
+   * to the <code>transforms</code>.
+   * @throws MOAApplicationException An error occurred building one of the
+   * transformations. See exception message for details. 
+   */
+  public List createTransformationList(List transforms)
+    throws MOAApplicationException {
+    List transformationList = new ArrayList();
+    Iterator trIter;
+
+    for (trIter = transforms.iterator(); trIter.hasNext();) {
+      Transform transform = (Transform) trIter.next();
+      transformationList.add(createTransformation(transform));
+    }
+
+    return transformationList;
+  }
+
+  /**
+   * Create a <code>Canonicalization</code>.
+   * 
+   * @param algorithmUri The algorithm URI of the canonicalization.
+   * @return The <code>Canonicalization</code>.
+   */
+  private Transformation createC14nTransformation(String algorithmUri) {
+    return new CanonicalizationImpl(algorithmUri);
+  }
+
+  /**
+   * Create a <code>ExclusiveCanonicalization</code>.
+   * 
+   * @param transform The <code>ExclusiveCanonicalizationTransform</code> 
+   * containing the transformation data.
+   * @return The <code>ExclusiveCanonicalization</code>.
+   */
+  private Transformation createExclusiveC14nTransformation(ExclusiveCanonicalizationTransform transform) {
+    return new ExclusiveCanonicalizationImpl(
+      transform.getAlgorithmURI(),
+      transform.getInclusiveNamespacePrefixes());
+  }
+
+  /**
+   * Create a <code>Base64Transformation</code>.
+   * 
+   * @return The <code></code>
+   */
+  private Transformation createBase64Transformation() {
+    return new Base64TransformationImpl();
+  }
+
+  /**
+   * Create an <code>EnvelopedSignatureTransformation</code>.
+   * 
+   * @return An <code>EnvelopedSignatureTransformation</code>.
+   */
+  private Transformation createEnvelopedSignatureTransformation() {
+    return new EnvelopedSignatureTransformationImpl();
+  }
+
+  /**
+   * Create an <code>XPathTransformation</code>.
+   * 
+   * @param transform The <code>Transform</code> object containing the
+   * XPath transformation.
+   * @return An <code>XPathTransformation</code> corresponding the
+   * transformation given in <code>transform</code>.
+   * @throws MOAApplicationException An error occurred creating the 
+   * <code>Transformation</code>.
+   */
+  private Transformation createXPathTransformation(XPathTransform transform)
+    throws MOAApplicationException {
+
+    return new XPathTransformationImpl(
+      transform.getXPathExpression(),
+      transform.getNamespaceDeclarations());
+  }
+
+  /**
+   * Create an <code>XPath2Transformation</code>.
+   * 
+   * @param transform The <code>Transform</code> object containing the
+   * XPath filter transformation.
+   * @return An <code>XPath2Transformation</code> corresponding the
+   * transformation given in <code>transform</code>.
+   * @throws MOAApplicationException An error occurred creating the
+   * <code>Transformation</code>.
+   */
+  private Transformation createXPath2Transformation(XPathFilter2Transform transform)
+    throws MOAApplicationException {
+
+    XPath2TransformationImpl xpath2 = new XPath2TransformationImpl();
+    Iterator iter;
+
+    for (iter = transform.getFilters().iterator(); iter.hasNext();) {
+      XPathFilter filter = (XPathFilter) iter.next();
+      String mappedFilterType =
+        (String) FILTER_TYPE_MAPPING.get(filter.getFilterType());
+      XPath2FilterImpl mappedFilter =
+        new XPath2FilterImpl(
+          mappedFilterType,
+          filter.getXPathExpression(),
+          filter.getNamespaceDeclarations());
+      xpath2.addXPathFilter(mappedFilter);
+    }
+
+    if (xpath2.getXPathFilters().size() == 0) {
+      throw new MOAApplicationException("2216", null);
+    }
+
+    return xpath2;
+  }
+
+  /**
+   * Create an <code>XSLTTransformation</code>.
+   * 
+   * @param transform The <code>Transform</code> containing the XSLT stylesheet.
+   * @return An <code>XSLTTransformation</code> corresponding the transformation
+   * given in <code>transform</code>.
+   * @throws MOAApplicationException An error occurred creating the
+   * <code>Transformation</code>.
+   */
+  private Transformation createXSLTTransformation(XSLTTransform transform)
+    throws MOAApplicationException {
+
+    return new XSLTTransformationImpl(transform.getStylesheet());
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
new file mode 100644
index 0000000..1ea10cb
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.server.modules.cmsverify.CertificateValidationResult;
+
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+
+/**
+ * A class to build a <code>VerifyCMSSignatureResponse</code> object.
+ * 
+ * <p>Via subsequent calls to <code>addResult()</code> a number of results from
+ * a CMS signature verification can be added to the response.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>VerifyCMSSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyCMSSignatureResponseBuilder {
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+  /** The elements making up the response. */
+  private List responseElements = new ArrayList();
+
+  /**
+   * Get the <code>VerifyCMSSignatureResponse</code> built so far.
+   * 
+   * @return The <code>VerifyCMSSignatureResponse</code> built so far.
+   */
+  public VerifyCMSSignatureResponse getResponse() {
+    return factory.createVerifyCMSSignatureResponse(responseElements);
+  }
+
+  /**
+   * Add a verification result to the response.
+   * 
+   * @param result The result to add.
+   * @param trustprofile The actual trustprofile
+   * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the 
+   * 		certificate as qualified, otherwise <code>false</code>.
+   * @param checkSSCD <code>true</code>, if the TSL check verifies the 
+   * 		signature based on a SSDC, otherwise <code>false</code>.
+   * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+ * @throws MOAException 
+   */
+  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode)
+    throws MOAException {
+	  
+    CertificateValidationResult certResult =
+      result.getCertificateValidationResult();
+    int signatureCheckCode =
+      result.getSignatureValueVerificationCode().intValue();
+    int certificateCheckCode = certResult.getValidationResultCode().intValue();
+         
+    VerifyCMSSignatureResponseElement responseElement;
+    SignerInfo signerInfo;
+    CheckResult signatureCheck;
+    CheckResult certificateCheck;
+
+    boolean qualifiedCertificate = checkQC;
+    
+    // add SignerInfo element
+    signerInfo =
+      factory.createSignerInfo(
+        (X509Certificate) certResult.getCertificateChain().get(0),
+        qualifiedCertificate,
+        qcSourceTSL,
+        certResult.isPublicAuthorityCertificate(),
+        certResult.getPublicAuthorityID(),
+        checkSSCD,
+        sscdSourceTSL,
+        issuerCountryCode);
+
+    // add SignatureCheck element
+    signatureCheck = factory.createCheckResult(signatureCheckCode, null);
+
+    // add CertificateCheck element
+    certificateCheck = factory.createCheckResult(certificateCheckCode, null);
+    
+    // build the response element
+    responseElement =
+      factory.createVerifyCMSSignatureResponseElement(
+        signerInfo,
+        signatureCheck,
+        certificateCheck);
+    responseElements.add(responseElement);
+  }
+  
+ 
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
new file mode 100644
index 0000000..9021785
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -0,0 +1,501 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.crypto.OctetStreamData;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
+
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.impl.InputDataBinaryImpl;
+import at.gv.egovernment.moa.spss.api.impl.InputDataXMLImpl;
+import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.CollectionUtils;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.NodeListAdapter;
+import iaik.server.modules.xml.BinaryDataObject;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLNodeListDataObject;
+import iaik.server.modules.xmlverify.CertificateValidationResult;
+import iaik.server.modules.xmlverify.DsigManifest;
+import iaik.server.modules.xmlverify.HashUnavailableException;
+import iaik.server.modules.xmlverify.ReferenceData;
+import iaik.server.modules.xmlverify.ReferenceInfo;
+import iaik.server.modules.xmlverify.SecurityLayerManifest;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.alg.transform.C14NTransformService;
+import iaik.xml.crypto.dsig.CanonicalizationMethodImpl;
+
+/**
+ * A class to build a <code>VerifyXMLSignatureResponse</code> object.
+ * 
+ * <p>Via a call to <code>addResult()</code> the only result of the
+ * signature verification must be added.</p>
+ * 
+ * <p>The <code>getResponseElement()</code> method then returns the
+ * <code>VerifyXMLSignatureResponse</code> built so far.</p>
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class VerifyXMLSignatureResponseBuilder {
+
+  /** The <code>SPSSFactory</code> for creating API objects. */
+  private SPSSFactory factory = SPSSFactory.getInstance();
+
+  /** Information about the signer certificate. */
+  private SignerInfo signerInfo;
+  /** The hash input data. */
+  private List hashInputDatas;
+  /** The reference input data. */
+  private List referenceInputDatas;
+  /** The result of the signature check. */
+  private ReferencesCheckResult signatureCheck;
+  /** The result of the signature manifest check. */
+  private ReferencesCheckResult signatureManifestCheck;
+  /** The result of the XMLDsig manifest check. */
+  private List xmlDsigManifestChecks;
+  /** The result of the certificate check. */
+  private CheckResult certificateCheck;
+  
+  /**
+   * Get the <code>VerifyMLSignatureResponse</code> built so far.
+   * 
+   * @return The <code>VerifyXMLSignatureResponse</code> built so far.
+   */
+  public VerifyXMLSignatureResponse getResponse() {
+    return factory.createVerifyXMLSignatureResponse(
+      signerInfo,
+      hashInputDatas,
+      referenceInputDatas,
+      signatureCheck,
+      signatureManifestCheck,
+      xmlDsigManifestChecks,
+      certificateCheck);
+  }
+
+  /**
+   * Sets the verification result to the response.
+   * 
+   * This method must be called exactly once to ensure a valid
+   * <code>VerifyXMLSignatureResponse</code>.
+   * 
+   * @param result The result to set for the response.
+   * @param profile The profile used for verifying the signature.
+   * @param transformsSignatureManifestCheck The overall result for the signature 
+   *        manifest check.
+   * @param certificateCheck The overall result for the certificate check.
+   * @param checkQC <code>true</code>, if the certificate is QC, otherwise <code>false</code>.
+   * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+   * @param checkSSCD <code>true</code>, if the signature is created by an SSCD, otherwise <code>false</code>.
+   * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, 
+   * 		otherwise <code>false</code>.
+   * @throws MOAApplicationException An error occurred adding the result.
+   */
+  public void setResult(
+    XMLSignatureVerificationResult result,
+    XMLSignatureVerificationProfile profile,
+    ReferencesCheckResult transformsSignatureManifestCheck,
+    CheckResult certificateCheck, 
+    boolean checkQC,
+    boolean qcSourceTSL,
+    boolean checkSSCD,
+    boolean sscdSourceTSL,
+    boolean isTSLEnabledTrustprofile,
+    String issuerCountryCode)
+    throws MOAApplicationException {
+
+    CertificateValidationResult certResult =
+      result.getCertificateValidationResult();
+    List referenceDataList;
+    ReferenceData referenceData;
+    List dsigManifestList;
+    ReferencesCheckResultInfo checkResultInfo;
+    int[] failedReferences;
+    Iterator iter;
+
+    boolean qualifiedCertificate = false;
+    
+    qualifiedCertificate = checkQC;
+    
+    // create the SignerInfo;
+    signerInfo =
+      factory.createSignerInfo(
+        (X509Certificate) certResult.getCertificateChain().get(0),
+        qualifiedCertificate,
+        qcSourceTSL,
+        certResult.isPublicAuthorityCertificate(),
+        certResult.getPublicAuthorityID(),
+        checkSSCD,
+        sscdSourceTSL,
+        issuerCountryCode);
+
+    // Create HashInputData Content objects
+    referenceDataList = result.getReferenceDataList();
+    if (profile.includeHashInputData()) {
+      hashInputDatas = new ArrayList();
+      
+      // Include SignedInfo references
+      addHashInputDatas(
+        hashInputDatas, 
+        referenceDataList, 
+        InputData.CONTAINER_SIGNEDINFO_, 
+        InputData.REFERER_NONE_);
+      
+      // Include XMLDSIGManifest references
+      List xMLDSIGManifests = result.getDsigManifestList();
+      for (iter = xMLDSIGManifests.iterator(); iter.hasNext();)
+      {
+        DsigManifest currentMF = (DsigManifest) iter.next();
+        List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList();
+        addHashInputDatas(
+          hashInputDatas, 
+          xMLDSIGMFReferenceDataList, 
+          InputData.CONTAINER_XMLDSIGMANIFEST_, 
+          currentMF.getReferringReferenceInfo().getReferenceIndex());
+      }
+    }
+
+    // Create the ReferenceInputData Content objects
+    if (profile.includeReferenceInputData()) {
+      referenceInputDatas = new ArrayList();
+      
+      // Include SignedInfo references
+      addReferenceInputDatas(
+        referenceInputDatas, 
+        referenceDataList, 
+        InputData.CONTAINER_SIGNEDINFO_, 
+        InputData.REFERER_NONE_);
+
+      // Include XMLDSIGManifest references
+      List xMLDSIGManifests = result.getDsigManifestList();
+      for (iter = xMLDSIGManifests.iterator(); iter.hasNext();)
+      {
+        DsigManifest currentMF = (DsigManifest) iter.next();
+        List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList();
+        addReferenceInputDatas(
+          referenceInputDatas, 
+          xMLDSIGMFReferenceDataList, 
+          InputData.CONTAINER_XMLDSIGMANIFEST_, 
+          currentMF.getReferringReferenceInfo().getReferenceIndex());
+      }
+    }
+
+    // create the signature check
+    failedReferences = buildFailedReferences(result.getReferenceDataList());
+    checkResultInfo =
+      failedReferences != null
+        ? factory.createReferencesCheckResultInfo(null, failedReferences)
+        : null;
+    signatureCheck =
+      factory.createReferencesCheckResult(
+        result.getSignatureValueVerificationCode().intValue(),
+        checkResultInfo);
+
+    // create the signature manifest check
+    if (profile.checkSecurityLayerManifest())
+    {
+      if (transformsSignatureManifestCheck.getCode() == 1)
+      {
+        // checking the transforms failed
+        signatureManifestCheck = transformsSignatureManifestCheck;
+      }
+      else if (result.isSecurityLayerManifestRequired())
+      {
+        if (!result.containsSecurityLayerManifest())
+        {
+          // required security layer manifest is missing in signature
+          signatureManifestCheck = factory.createReferencesCheckResult(2, null);
+        } 
+        else
+        {
+          // security layer manifest exists, so we have to check its validity
+          SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
+          int verificationResult = slManifest.getManifestVerificationResult().intValue();
+
+          if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult)
+          {
+            // security layer manifest exists and is free of errors
+            signatureManifestCheck = factory.createReferencesCheckResult(0, null);
+          }
+          else
+          {
+            // security layer manifest exists, but has errors
+            failedReferences = buildFailedReferences(slManifest.getReferenceDataList());
+            checkResultInfo = (failedReferences != null)
+              ? factory.createReferencesCheckResultInfo(null, failedReferences)
+              : null;
+            if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult)
+            {
+              signatureManifestCheck =  factory.createReferencesCheckResult(3, checkResultInfo);
+            }
+            else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult)
+            {
+              signatureManifestCheck =  factory.createReferencesCheckResult(4, checkResultInfo);
+            }
+            else
+            {
+              // Should not happen
+              throw new RuntimeException("Unexpected result from security layer manifest verification.");
+            }
+          }
+        }
+      }
+      else
+      {
+        // no security layer manifest is required, so the signature manifest check is ok
+        signatureManifestCheck = factory.createReferencesCheckResult(0, null);
+      }
+    }
+
+    // create the xmlDsigManifestCheck
+    if (profile.checkXMLDsigManifests()) {
+      xmlDsigManifestChecks = new ArrayList();
+      dsigManifestList = result.getDsigManifestList();
+      for (iter = dsigManifestList.iterator(); iter.hasNext();) {
+        DsigManifest dsigManifest = (DsigManifest) iter.next();
+        int refIndex =
+          dsigManifest.getReferringReferenceInfo().getReferenceIndex();
+        ManifestRefsCheckResultInfo manifestCheckResultInfo;
+
+        failedReferences =
+          buildFailedReferences(dsigManifest.getReferenceDataList());
+        manifestCheckResultInfo =
+          factory.createManifestRefsCheckResultInfo(
+            null,
+            failedReferences,
+            refIndex);
+        xmlDsigManifestChecks.add(
+          factory.createManifestRefsCheckResult(
+            dsigManifest.getManifestVerificationResult().intValue(),
+            manifestCheckResultInfo));
+      }
+    }
+
+    // create the certificate check 
+    this.certificateCheck = certificateCheck;
+    
+    
+    
+  }
+
+  /**
+   * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. The content of the entry will
+   * be created from {@link ReferenceData#getHashInputData()}.
+   * 
+   * @param inputDatas The list to be amended.
+   * 
+   * @param referenceDataList The list of {@link ReferenceData} objects to be investigated.
+   * 
+   * @param containerType The type of container of the {@link InputData} objects to be created.
+   * 
+   * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created.
+   * 
+   * @throws MOAApplicationException if creating an {@link InputData} fails. 
+   */
+  private void addHashInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber)
+  throws MOAApplicationException
+  {
+    for (Iterator iter = referenceDataList.iterator(); iter.hasNext();)
+    {
+      ReferenceData referenceData = (ReferenceData) iter.next();
+      inputDatas.add(buildInputData(
+        referenceData.getHashInputData(),
+        containerType,
+        refererNumber));
+    }
+  }
+  
+  /**
+   * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. The content of the entry will
+   * be created from {@link ReferenceData#getReferenceInputData()}.
+   * 
+   * @param inputDatas The list to be amended.
+   * 
+   * @param referenceDataList The list of {@link ReferenceData} objects to be investigated.
+   * 
+   * @param containerType The type of container of the {@link InputData} objects to be created.
+   * 
+   * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created.
+   * 
+   * @throws MOAApplicationException if creating an {@link InputData} fails. 
+   */
+  private void addReferenceInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber)
+    throws MOAApplicationException
+  {
+    for (Iterator iter = referenceDataList.iterator(); iter.hasNext();)
+    {
+      ReferenceData referenceData = (ReferenceData) iter.next();
+      inputDatas.add(buildInputData(
+        referenceData.getReferenceInputData(),
+        containerType,
+        refererNumber));
+    }
+  }
+
+  /**
+   * Build a <code>InputDataBinaryImpl</code> or an <code>InputDataXMLImpl</code>
+   * object from the given <code>DataObject</code> and the given attributes.
+   * 
+   * @param dataObject The <code>DataObject</code> from which to build the result.
+   * Based on the type of this parameter, the type of the result will either be
+   * <code>InputDataBinaryImpl</code> or <code>InputDataXMLImpl</code>. 
+   * 
+   * @param partof see {@link InputData}
+   * 
+   * @param referringReferenceNumber see {@link InputData}
+   * 
+   * @return The corresponinding input data implementation.
+   *  
+   * @throws MOAApplicationException An error occurred creating the result.
+   */
+  private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber)
+    throws MOAApplicationException {
+
+    if (dataObject instanceof BinaryDataObject) {
+      BinaryDataObject binaryData = (BinaryDataObject) dataObject;
+      return new InputDataBinaryImpl(
+        factory.createContent(binaryData.getInputStream(), null),
+        partOf,
+        referringReferenceNumber);
+    } else if (dataObject instanceof XMLDataObject) {
+      XMLDataObject xmlData = (XMLDataObject) dataObject;
+      List nodes = new ArrayList();
+
+      nodes.add(xmlData.getElement());
+      return new InputDataXMLImpl(
+        factory.createContent(new NodeListAdapter(nodes), null),
+        partOf,
+        referringReferenceNumber);
+    } else { // dataObject instanceof XMLNodeListDataObject
+      // if the data in the NodeList can be converted back to valid XML,
+      // write it as XMLContent; otherwise, write it as Base64Content 
+      XMLNodeListDataObject nodeData = (XMLNodeListDataObject) dataObject;
+      NodeList nodes = nodeData.getNodeList();
+      
+      if (DOMUtils.checkAttributeParentsInNodeList(nodes)) {
+        // insert as XMLContent
+        try {
+          DocumentFragment fragment = DOMUtils.nodeList2DocumentFragment(nodes);
+
+          return new InputDataXMLImpl(
+            factory.createContent(fragment.getChildNodes(), null),
+            partOf, 
+            referringReferenceNumber);
+        } catch (Exception e) {
+          // not successful -> fall through to the Base64Content
+        }
+      }
+      
+      // insert canonicalized NodeList as binary content
+      try {
+    	  ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    	  for(int i = 0; i < nodes.getLength(); i++) {
+    		  baos.write(DOMUtils.nodeToByteArray(nodes.item(i)));
+    	  }
+    	  baos.close();
+    	  ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
+    	  OctetStreamData inputData = new OctetStreamData(bais);
+    	  
+    	  CanonicalizationMethodImpl canonicalizationMethodImpl = new CanonicalizationMethodImpl(
+    			  CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, new ExcC14NParameterSpec());
+    	  OctetStreamData data = (OctetStreamData)canonicalizationMethodImpl.transform(inputData, null);
+    	  bais.close();
+    	  //CanonicalizationAlgorithm c14n =
+          	//new CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments();
+    	  InputStream is = data.getOctetStream();
+
+        //c14n.setInput(nodes);
+        //is = c14n.canonicalize();
+        return new InputDataBinaryImpl(
+          factory.createContent(is, null),
+          partOf,
+          referringReferenceNumber);
+      } catch (Exception e) {
+        throw new MOAApplicationException("2200", null);
+      }
+    }
+  }
+
+  /**
+   * Build the failed references.
+   * 
+   * Failed references are references for which the <code>isHashValid()</code>
+   * method returns <code>false</code>.
+   * 
+   * @param refInfos A <code>List</code> containing the
+   * <code>ReferenceInfo</code> objects to be checked.
+   * @return The indexes of the failed references. 
+   */
+  private int[] buildFailedReferences(List refInfos) {
+    List failedReferencesList = new ArrayList();
+    int i;
+
+    // find out the failed references
+    for (i = 0; i < refInfos.size(); i++) {
+      ReferenceInfo refInfo = (ReferenceInfo) refInfos.get(i);
+
+      try {
+        if (refInfo.isHashCalculated() && !refInfo.isHashValid()) {
+          failedReferencesList.add(new Integer(i + 1));
+        }
+      } catch (HashUnavailableException e) {
+        // nothing to do here because we called refInfo.isHashCalculated first
+      }
+    }
+
+    // convert to an int array
+    if (failedReferencesList.isEmpty()) {
+      return null;
+    } else {
+      int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList);
+
+      return failedReferences;
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
new file mode 100644
index 0000000..7debb7b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
@@ -0,0 +1,586 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLSignature;
+import iaik.server.modules.xmlsign.XMLSignatureCreationModule;
+import iaik.server.modules.xmlsign.XMLSignatureCreationModuleFactory;
+import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLDataObjectImpl;
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A class providing an API based interface to the
+ * <code>XMLSignatureCreationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.xmlsign.XMLSignatureCreationModule</code> from a
+ * <code>CreateXMLSignatureRequest</code> given as an API object. The result of
+ * the invocation is integrated into a <code>CreateXMLSignatureResponse</code>
+ * and returned.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureCreationInvoker {
+
+  /** The single instance of this class. */
+  private static XMLSignatureCreationInvoker instance = null;
+
+  /**
+   * Get the only instance of this class.
+   * 
+   * @return The only instance of this class.
+   */
+  public static synchronized XMLSignatureCreationInvoker getInstance() {
+    if (instance == null) {
+      instance = new XMLSignatureCreationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>XMLSignatureCreationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected XMLSignatureCreationInvoker() {
+  }
+
+  /**
+   * Process the <code>CreateXMLSignatureRequest<code> message and invoke the
+   * <code>XMLSignatureCreationModule</code> for every
+   * <code>SingleSignatureInfo</code> contained in the request.
+   * 
+   * @param request A <code>CreateXMLSignatureRequest<code> API object
+   * containing the information for creating the signature(s).
+   * @param reserved A <code>Set</code> of reserved object IDs.
+   * 
+   * @return A <code>CreateXMLSignatureResponse</code> API object containing
+   * the created signature(s). The response contains either a
+   * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code>
+   * for each <code>SingleSignatureInfo</code> in the request.
+   * @throws MOAException An error occurred during signature creation. 
+   */
+  public CreateXMLSignatureResponse createXMLSignature(
+    CreateXMLSignatureRequest request,
+    Set reserved)
+    throws MOAException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    LoggingContext loggingCtx =
+      LoggingContextManager.getInstance().getLoggingContext();
+    reserved = new HashSet(reserved);
+    XMLSignatureCreationProfileFactory profileFactory =
+      new XMLSignatureCreationProfileFactory(request, reserved);
+    CreateXMLSignatureResponseBuilder responseBuilder =
+      new CreateXMLSignatureResponseBuilder();
+    int createCount = 1;
+    IdGenerator refIdGen;
+    XMLSignatureCreationModule module;
+    Iterator singleSignatureInfoIter;
+
+    // create the XMLSignatureCreationModule and configure it
+    module = XMLSignatureCreationModuleFactory.getInstance();
+    module.setLog(new IaikLog(loggingCtx.getNodeID()));
+
+    // select the SingleSignatureInfo elements
+    singleSignatureInfoIter = request.getSingleSignatureInfos().iterator();
+
+    // iterate over all the SingleSignatureInfo elements in the request
+    while (singleSignatureInfoIter.hasNext()) {
+      SingleSignatureInfo singleSignatureInfo =
+        (SingleSignatureInfo) singleSignatureInfoIter.next();
+      CreateSignatureInfo createSignatureInfo;
+      List dataObjectList;
+      XMLSignatureCreationProfile profile;
+      XMLDataObject signatureEnvironment;
+      XMLDataObject signatureParent;
+      XMLSignature signature;
+      List additionalSignedProperties;
+      Node signatureEnvironmentParent = null;
+      Element requestElement = null;
+
+      try {
+
+        // build the signature environment
+        createSignatureInfo = singleSignatureInfo.getCreateSignatureInfo();
+        if (createSignatureInfo != null) {
+          DataObjectFactory dataObjFactory = DataObjectFactory.getInstance();
+
+          signatureEnvironment =
+            dataObjFactory.createSignatureEnvironment(
+              createSignatureInfo.getCreateSignatureEnvironment(),
+              getCreateSignatureEnvironmentProfileSupplements(singleSignatureInfo));
+        } else {
+          signatureEnvironment = null;
+        }
+        
+        HashSet sigInfoReservedIDs = new HashSet();
+        if (signatureEnvironment != null)
+        {
+          // Find Id attributes of existing XML signatures in signature environment
+    	    HashMap nSMap = new HashMap();
+    	    String dsp = Constants.DSIG_PREFIX;
+    	    nSMap.put(dsp, Constants.DSIG_NS_URI);
+    	    String xPathExpr = "//" + dsp + ":Signature/@Id | //" + dsp + ":Reference/@Id | //" 
+    	      + dsp + ":Object/@Id | //" + dsp + ":Manifest/@Id";
+    	    NodeList idAttrs = XPathUtils.selectNodeList(signatureEnvironment.getElement(), nSMap, xPathExpr);
+        
+    	    // Add found Id attributes to set of reserved IDs
+    	    for (int i = 0; i < idAttrs.getLength(); i++) sigInfoReservedIDs.add(idAttrs.item(i).getNodeValue());
+        }
+
+        // create the reference id generator
+        HashSet allReservedIDs = new HashSet(reserved);
+        allReservedIDs.addAll(sigInfoReservedIDs);
+        refIdGen = new IdGenerator("reference-" + createCount++, allReservedIDs);
+
+        // build the list of DataObjects
+        List createTransformsProfiles = profileFactory.getCreateTransformsInfoProfiles(singleSignatureInfo);
+        dataObjectList =
+          buildDataObjectList(
+            singleSignatureInfo,
+            createTransformsProfiles, 
+            signatureEnvironment,
+            refIdGen);
+
+        // build the XMLSignatureCreationProfile
+        profile = profileFactory.createProfile(singleSignatureInfo, sigInfoReservedIDs);
+
+        // build the additionalSignedProperties
+        additionalSignedProperties = buildAdditionalSignedProperties();
+
+        // build the signatureParentElement
+        if (signatureEnvironment != null) {
+          signatureParent =
+            buildSignatureParentElement(
+              signatureEnvironment.getElement(),
+              singleSignatureInfo);
+        } else {
+          signatureParent = null;
+        }
+
+        // make the signature environment the root of the document, if it is 
+        // not a separate document anyway; this is done to assure that 
+        // canonicalization of the signature environment contains the correct 
+        // namespace declarations
+        if (signatureEnvironment != null) {
+          Document requestDoc =
+            signatureEnvironment.getElement().getOwnerDocument();
+          requestElement = requestDoc.getDocumentElement();
+          if (requestElement != signatureEnvironment.getElement()) {
+            signatureEnvironmentParent =
+              signatureEnvironment.getElement().getParentNode();
+            requestElement.getOwnerDocument().replaceChild(
+              signatureEnvironment.getElement(),
+              requestElement);
+          }
+        }
+
+        try {
+        	ConfigurationProvider config = context.getConfiguration();
+        	String xadesVersion = config.getXAdESVersion();
+
+        	if (xadesVersion!= null && xadesVersion.compareTo(XMLSignatureCreationModule.XADES_VERSION_1_4_2) == 0) {
+                // create the signature (XAdES 1.4.2)
+                signature =
+                  module.createSignature(
+                    dataObjectList,
+                    profile,
+                    additionalSignedProperties,
+                    signatureParent,
+                    XMLSignatureCreationModule.XADES_VERSION_1_4_2,
+                    new TransactionId(context.getTransactionID()));
+        	}
+        	else {
+                // create the signature (XAdES 1.1.1 = default)
+                signature =
+                  module.createSignature(
+                    dataObjectList,
+                    profile,
+                    additionalSignedProperties,
+                    signatureParent,
+                    XMLSignatureCreationModule.XADES_VERSION_1_1_1,
+                    new TransactionId(context.getTransactionID()));
+        	}
+
+          // insert the result into the response
+          if (signatureParent != null) {
+            responseBuilder.addSignatureEnvironment(
+              signatureEnvironment.getElement());
+          } else {
+            responseBuilder.addSignatureEnvironment(signature.getElement());
+          }
+
+        } catch (IAIKException e) {
+          MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+
+          responseBuilder.addError(
+            moaException.getMessageId(),
+            moaException.getMessage());
+          Logger.warn(moaException.getMessage(), e);
+        } catch (IAIKRuntimeException e) {
+          MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+
+          responseBuilder.addError(
+            moaException.getMessageId(),
+            moaException.getMessage());
+          Logger.warn(moaException.getMessage(), e);
+        }
+
+        // swap back in the request as root document
+        if (signatureEnvironment != null) {
+          if (requestElement != signatureEnvironment.getElement()) {
+            requestElement.getOwnerDocument().replaceChild(
+              requestElement,
+              signatureEnvironment.getElement());
+            signatureEnvironmentParent.appendChild(
+              signatureEnvironment.getElement());
+          }
+        }
+
+      } catch (MOAException e) {
+        responseBuilder.addError(e.getMessageId(), e.getMessage());
+        Logger.warn(e.getMessage(), e);
+      }
+
+    }
+
+    return responseBuilder.getResponse();
+  }
+
+  /**
+   * Build the list of <code>DataObject</code>s from the given
+   * <code>SingleSignatureInfo</code> object.
+   * 
+   * <p>
+   * Only the following cases of <code>DataObject</code>s are
+   * valid in case of an enveloping signature:
+   * 
+   * <ul>
+   * <li><code>Reference == null && Content != null</code>: The 
+   * <code>Content</code> will be used in the <code>DataObject</code>.</li>
+   * <li><code>Reference != null && Content == null</code>: Resolve the
+   * <code>Reference</code> and use it as <code>DataObject</code>.
+   * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li>
+   * </ul>
+   * </p>
+   * 
+   * <p>
+   * Only the following cases of <code>DataObject</code>s are valid in case
+   * of a detached signature:
+   * 
+   * <ul>
+   * <li><code>Reference != null && Content == null</code>: Resolve the
+   * <code>Reference</code> and use it as <code>DataObject</code>.
+   * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li>
+   * <li><code>Reference != null && Content != null</code>: The
+   * <code>Content</code> will be used in the <code>DataObject</code>. 
+   * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li>
+   * </ul>
+   * </p>
+   * 
+   * <p>
+   * All other cases will lead to an error.
+   * </p>
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object
+   * containing the <code>DataObjectInfo</code> objects.
+   * @param createTransformsProfiles A list of objects of type {@link CreateTransformsInfoProfileExplicit}, 
+   * each representing the transforms info profile information for the corresponding <code>DataObject</code>. 
+   * @param signatureEnvironment The 
+   * @param idGen The ID generator for <code>DataObject</code> references.
+   * @return The <code>List</code> of <code>DataObject</code>s contained in the
+   * given <code>singleSignatureInfo</code>.
+   * @throws MOASystemException A system error occurred building the data 
+   * objects.
+   * @throws MOAApplicationException An error occurred building the data 
+   * objects.
+   */
+  private List buildDataObjectList(
+    SingleSignatureInfo singleSignatureInfo,
+    List createTransformsProfiles,
+    XMLDataObject signatureEnvironment,
+    IdGenerator idGen)
+    throws MOASystemException, MOAApplicationException {
+
+    List dataObjInfos = singleSignatureInfo.getDataObjectInfos();
+    List dataObjects = new ArrayList();
+    Iterator dtIter;
+    Iterator ctpIter = createTransformsProfiles.iterator();
+
+    for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) 
+    {
+      DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next();
+      String structure = dataObjInfo.getStructure();
+      
+      CreateTransformsInfoProfileExplicit transformsProfile = 
+        (CreateTransformsInfoProfileExplicit) ctpIter.next();
+      MetaInfo finalDataMetaInfo = transformsProfile.getCreateTransformsInfo().getFinalDataMetaInfo();
+
+      if (DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)) {
+        dataObjects.add(
+          buildEnvelopingDataObject(
+            dataObjInfo.getDataObject(),
+            finalDataMetaInfo,
+            idGen.uniqueId()));
+      } else if (DataObjectInfo.STRUCTURE_DETACHED.equals(structure)) {
+        dataObjects.add(
+          buildDetachedDataObject(
+            dataObjInfo.getDataObject(),
+            finalDataMetaInfo,
+            signatureEnvironment,
+            idGen.uniqueId()));
+      } else {
+        throw new MOAApplicationException("1103", new Object[] { structure });
+      }
+    }
+
+    return dataObjects;
+
+  }
+
+  /**
+   * Build a <code>DataObject</code> to be used in an enveloping
+   * signature.
+   * 
+   * @param content The <code>Content</code> object containing the data object.
+   * <code>ContentOptionalRefType</code>.
+   * @param finalDataMetaInfo The meta information corresponding with <code>content</code>.
+   * @param referenceID The reference ID to use in the signature for the
+   * <code>DataObject</code> created.
+   * @return The <code>DataObject</code> representing the data contained in
+   * <code>dataObjectElem</code>.
+   * @throws MOAApplicationException An error occurred during the creation of
+   * the <code>DataObject</code>.
+   * @throws MOASystemException A system error occurred during the creation of
+   * the <code>DataObject</code>.
+   */
+  private DataObject buildEnvelopingDataObject(
+    Content content,
+    MetaInfo finalDataMetaInfo,
+    String referenceID)
+    throws MOASystemException, MOAApplicationException {
+
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    DataObject dataObject;
+
+    dataObject =
+      factory.createFromContentOptionalRefType(
+        content,
+        finalDataMetaInfo,
+        referenceID,
+        false,
+        false,
+        true,
+        false);
+
+    return dataObject;
+  }
+
+  /**
+   * Build a <code>DataObject</code> to be used in a detached signature.
+   * 
+   * @param content The <code>Content</code> object containing an the data.
+   * @param finalDataMetaInfo The meta information corresponding with <code>content</code>.
+   * @param signatureEnvironment The signature environment where the signature
+   * will be inserted.
+   * @param referenceID The reference ID to use in the signature for the
+   * <code>DataObject</code> created.
+   * @return The <code>DataObject</code> representing the data contained in
+   * <code>dataObjectElem</code>.
+   * @throws MOAApplicationException An error occurred during the creation of
+   * the <code>DataObject</code>.
+   * @throws MOASystemException A system error occurred during the creation of
+   * the <code>DataObject</code>.
+   */
+  private DataObject buildDetachedDataObject(
+    Content content,
+  MetaInfo finalDataMetaInfo,
+    XMLDataObject signatureEnvironment,
+    String referenceID)
+    throws MOASystemException, MOAApplicationException {
+
+    String reference = content.getReference();
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    DataObject dataObject;
+
+    if (reference == null) {
+      throw new MOAApplicationException("1102", null);
+    } else if ("".equals(reference) || reference.startsWith("#")) {
+      dataObject =
+        factory.createFromSignatureEnvironment(
+          signatureEnvironment.getElement(),
+          reference,
+          referenceID);
+    } else {
+      dataObject =
+        factory.createFromContentOptionalRefType(
+          content,
+          finalDataMetaInfo,
+          referenceID,
+          true,
+          false,
+          true,
+          false);
+    }
+    return dataObject;
+  }
+
+  /**
+   * Build the signature parent element.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * document in which to insert the signature.
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> 
+   * containing the signature parent element.
+   * @return An <code>XMLDataObject</code> containing the signature parent
+   * element or <code>null</code>, if the <code>CreateSignatureInfo</code> is
+   * <code>null</code>.
+   * @throws MOAApplicationException An error occurred during the creation of
+   * the signature parent.
+   */
+  private XMLDataObject buildSignatureParentElement(
+    Element signatureEnvironment,
+    SingleSignatureInfo singleSignatureInfo)
+    throws MOAApplicationException {
+
+    CreateSignatureInfo createInfo =
+      singleSignatureInfo.getCreateSignatureInfo();
+
+    // evaluate the CreateSignatureLocation
+    if (createInfo != null) {
+      TransactionContext context =
+        TransactionContextManager.getInstance().getTransactionContext();
+      ConfigurationProvider config = context.getConfiguration();
+      CreateSignatureEnvironmentProfileExplicit createProfile =
+        ProfileMapper.mapCreateSignatureEnvironmentProfile(
+          createInfo.getCreateSignatureEnvironmentProfile(),
+          config);
+      CreateSignatureLocation location =
+        createProfile.getCreateSignatureLocation();
+      Element signatureParent =
+        InvokerUtils.evaluateSignatureLocation(signatureEnvironment, location);
+
+      return new XMLDataObjectImpl(signatureParent);
+    } else {
+      return null;
+    }
+  }
+
+  /**
+   * Get the supplements contained in the 
+   * <code>CreateSignatureEnvironmentProfile</code> of the given 
+   * <code>SingleSignatureInfo</code>.
+   * 
+   * @param singleSigInfo The <code>SingleSignatureInfo</code> from which
+   * to extract the supplements. 
+   * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>s
+   * or <code>null</code>, if the <code>singleSigInfo</code> does not contain
+   * supplements.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>CreateSignatureEnvironmentProfile</code>. 
+   */
+  private List getCreateSignatureEnvironmentProfileSupplements(SingleSignatureInfo singleSigInfo)
+    throws MOAApplicationException {
+    CreateSignatureInfo sigInfo = singleSigInfo.getCreateSignatureInfo();
+
+    if (sigInfo != null) {
+      TransactionContext context =
+        TransactionContextManager.getInstance().getTransactionContext();
+      ConfigurationProvider config = context.getConfiguration();
+      CreateSignatureEnvironmentProfileExplicit profile =
+        ProfileMapper.mapCreateSignatureEnvironmentProfile(
+          sigInfo.getCreateSignatureEnvironmentProfile(),
+          config);
+      List supplements = profile.getSupplements();
+
+      return supplements;
+    }
+    return null;
+  }
+
+  /**
+   * Build the list of additional signed properties.
+   * 
+   * Based on the generic configuration setting
+   * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a
+   * constant <code>SigningTime</code> will be added to the properties.
+   * 
+   * @return The <code>List</code> of additional signed properties.
+   */
+  private List buildAdditionalSignedProperties() {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List additionalSignedProperties = Collections.EMPTY_LIST;
+
+    return additionalSignedProperties;
+  }
+
+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
new file mode 100644
index 0000000..6a85415
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -0,0 +1,543 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.server.modules.algorithms.HashAlgorithms;
+import iaik.server.modules.keys.KeyEntryID;
+import iaik.server.modules.keys.KeyModule;
+import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.xmlsign.SignatureStructureTypes;
+import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
+import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
+
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.KeyGroup;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xmlsign.DataObjectTreatmentImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureCreationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureInsertionLocationImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A factory to create <code>XMLSignatureCreationProfile</code>s from a
+ * <code>CreateXMLSignatureRequest</code>, based on the current MOA
+ * configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureCreationProfileFactory {
+
+  private static Map HASH_ALGORITHM_MAPPING;
+
+  static {
+    HASH_ALGORITHM_MAPPING = new HashMap();
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1);
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256);
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384);
+    HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512);
+  }
+
+  /** The <code>CreateXMLSignatureRequest</code> for which to create the
+   * profile.*/
+  private CreateXMLSignatureRequest request;
+  /** How many profiles have been created based on the same request. */
+  private int createProfileCount;
+  /** The <code>Set</code> of reserved object IDs.*/
+  private Set reserved;
+
+  /**
+   * Create a new <code>XMLSignatureCreationProfileFactory</code>.
+   * 
+   * @param request The request for which to create profiles.
+   * @param reserved The <code>Set</code> of reserved object IDs. IDs will
+   * be added during signature creation.
+   */
+  public XMLSignatureCreationProfileFactory(
+    CreateXMLSignatureRequest request,
+    Set reserved) {
+    this.request = request;
+    this.reserved = reserved;
+    createProfileCount = 1;
+  }
+
+  /**
+   * Create a <code>XMLSignatureCreationProfile</code> for the given
+   * <code>SingleSignatureInfo</code> object..
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object
+   * containing information about the creation of a signature.
+   * @param sigInfoReservedIDs The <code>Set</code> of reserved ID attribue values 
+   * for the particular <code>singleSignatureInfo</code>.
+   * @return The <code>XMLSignatureCreationProfile</code> containing additional
+   * information for creating an XML signature.
+   * @throws MOASystemException A system error occurred during creation of the
+   * profile. See message for details
+   * @throws MOAApplicationException An application error occurred during
+   * creation of the profile. See message for details.
+   */
+  public XMLSignatureCreationProfile createProfile(SingleSignatureInfo singleSignatureInfo,
+    Set sigInfoReservedIDs) throws MOASystemException, MOAApplicationException {
+
+    HashSet allReservedIDs = new HashSet(reserved);
+    allReservedIDs.addAll(sigInfoReservedIDs);
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    CanonicalizationImpl canonicalization;
+    List dataObjectTreatmentList;
+    Set keySet;
+    List transformationSupplements;
+    List createTransformsProfiles;
+
+    // get the key group id
+    String keyGroupID = request.getKeyIdentifier();
+    // get digest method on key group level (if configured)
+    KeyGroup keygroup = config.getKeyGroup(keyGroupID);
+    if(null == keygroup) {
+        Logger.error("Could not find key group '" + keyGroupID + "'");
+        throw new MOAApplicationException("2231", null);
+    }
+    String configDigestMethodKG = keygroup.getDigestMethodAlgorithm();
+    // get default digest method (if configured)
+    String configDigestMethod = config.getDigestMethodAlgorithmName();
+    
+    String xadesVersion = config.getXAdESVersion();
+    
+    String digestMethodXAdES142 = null;
+    boolean isXAdES142 = false;
+    // if XAdES Version 1.4.2 is configured
+    if (xadesVersion != null && xadesVersion.compareTo("1.4.2") == 0) {
+    	isXAdES142 = true;
+    	Logger.debug("XAdES version '" + xadesVersion + "' used");
+    }
+    	
+    if (isXAdES142) {
+    	if (configDigestMethodKG != null) {
+    		// if KG specific digest method is configured
+    		digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG);
+    		if (digestMethodXAdES142 == null) {
+    			error(
+    					"config.17",
+    					new Object[] { configDigestMethodKG});
+    			throw new MOASystemException("2900", null);    			
+    		}
+    		Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(configured in KeyGroup)");
+    	}	    	
+    	else {
+    		// else get default configured digest method
+    		digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod);
+    		if (digestMethodXAdES142 == null) {
+    			error(
+    					"config.17",
+    					new Object[] { configDigestMethod});
+    			throw new MOASystemException("2900", null);	
+    		}
+    		Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(default)");
+    		
+    	}
+    }
+    
+    XMLSignatureCreationProfileImpl profile =
+    	      new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142);
+
+    
+    // build the transformation supplements
+    createTransformsProfiles =
+      getCreateTransformsInfoProfiles(singleSignatureInfo);
+    transformationSupplements =
+      buildTransformationSupplements(createTransformsProfiles);
+
+    // build and set the data object treatment list
+    dataObjectTreatmentList =
+      buildDataObjectTreatmentList(
+        singleSignatureInfo,
+        createTransformsProfiles,
+        transformationSupplements,
+        allReservedIDs, 
+        digestMethodXAdES142);
+    profile.setDataObjectTreatmentList(dataObjectTreatmentList);
+
+    // set the key set
+    keySet = buildKeySet(keyGroupID);
+    if (keySet == null) {
+      throw new MOAApplicationException("2231", null);
+    } else if (keySet.size() == 0) {
+      throw new MOAApplicationException("2232", null);
+    }
+    profile.setKeySet(keySet);
+
+    // set the Security Layer manifest algorithm name
+    profile.setSecurityLayerManifestTypeURI(Constants.SL_MANIFEST_TYPE_URI);
+
+    // set the structure type
+    if (singleSignatureInfo.getCreateSignatureInfo() != null) {
+      profile.setSignatureStructureType(SignatureStructureTypes.ENVELOPED);
+    } else {
+      profile.setSignatureStructureType(SignatureStructureTypes.DETACHED);
+    }
+
+    // set insertion location
+    profile.setSignatureInsertionLocation(
+      getSignatureInsertionLocationIndex(singleSignatureInfo));
+
+    // set the canonicalization algorithm
+    canonicalization =
+      new CanonicalizationImpl(config.getCanonicalizationAlgorithmName());
+    profile.setSignedInfoCanonicalization(canonicalization);
+    
+    // set the signed properties
+    profile.setSignedProperties(Collections.EMPTY_LIST);
+
+    // set security layer conformity
+    profile.setSecurityLayerConform(
+      singleSignatureInfo.isSecurityLayerConform());
+
+    // update the createProfileCount
+    createProfileCount++;
+
+    return profile;
+  }
+
+  /**
+   * Get the <code>List</code> of all <code>CreateTransformsInfoProfile</code>s
+   * contained in all the <code>DataObjectInfo</code>s of the given 
+   * <code>SingleSignatureInfo</code>.
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object from
+   * which to extract the <code>CreateTransformsInfoProfile</code>s.
+   * @return All <code>CreateTransformsInfoProfile</code>s of all 
+   * <code>DataObjectInfo</code>s of <code>singleSignatureInfo</code>.
+   * @throws MOAApplicationException An error occurred creating one of the
+   * profiles.
+   */
+  List getCreateTransformsInfoProfiles(SingleSignatureInfo singleSignatureInfo)
+    throws MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List dataObjInfos = singleSignatureInfo.getDataObjectInfos();
+    List profiles = new ArrayList();
+    Iterator dtIter;
+
+    for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) {
+      DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next();
+      CreateTransformsInfoProfileExplicit profile =
+        ProfileMapper.mapCreateTransformsInfoProfile(
+          dataObjInfo.getCreateTransformsInfoProfile(),
+          config);
+      profiles.add(profile);
+    }
+
+    return profiles;
+  }
+
+  /**
+   * Build the <code>List</code> of transformation supplements contained in a
+   * <code>SingleSignatureInfo</code> object.
+   * 
+   * @param createTransformsInfoProfiles The 
+   * <code>CreateTransformsInfoProfile</code> object from which to extract the 
+   * transformation supplements.
+   * @return A <code>List</code> of <code>DataObject</code>s containing the
+   * transformation supplements.
+   * @throws MOASystemException A system error occurred creating one of the
+   * transformation supplements.
+   * @throws MOAApplicationException An error occurred creating one of the
+   * transformation supplements.
+   */
+  private List buildTransformationSupplements(List createTransformsInfoProfiles)
+    throws MOASystemException, MOAApplicationException {
+
+    List transformationSupplements = new ArrayList();
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    Iterator iter;
+
+    for (iter = createTransformsInfoProfiles.iterator(); iter.hasNext();) {
+      CreateTransformsInfoProfileExplicit profile =
+        (CreateTransformsInfoProfileExplicit) iter.next();
+      List supplements = profile.getSupplements();
+
+      if (supplements != null) {
+        Iterator supplIter;
+
+        for (supplIter = supplements.iterator(); supplIter.hasNext();) {
+          XMLDataObjectAssociation supplement =
+            (XMLDataObjectAssociation) supplIter.next();
+
+          transformationSupplements.add(
+            factory.createFromXmlDataObjectAssociation(
+              supplement,
+              false,
+              true));
+        }
+      }
+    }
+
+    return transformationSupplements;
+  }
+
+  /**
+   * Build the <code>List</code> of <code>DataObjectTreatment</code>s for the
+   * given <code>SingleSignatureInfo</code> object..
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object
+   * from which to exctract the <code>CreateTransformsInfoProfile</code>s
+   * containing the data for the <code>DataObjectTreatment</code>s.
+   * @param createTransformsInfoProfiles The 
+   * <code>CreateTransformsInfoProfile</code>s contained in the
+   * <code>singleSignatureInfo</code>.
+   * @param transformationSupplements Additional parameters for
+   * transformations contained in <code>DataObjectTreatment</code>s.
+   * @param reservedIDs The <code>Set</code> of reserved object IDs.
+   * @return A <code>List</code> of <code>DataObjectTreatment</code> objects.
+   * @throws MOAApplicationException An error occurred building one of the
+   * <code>DataObjectTreatment</code>s.
+   * @throws MOASystemException A system error occurred building one of the
+   * <code>DataObjectTreatment</code>s.
+   */
+  private List buildDataObjectTreatmentList(
+    SingleSignatureInfo singleSignatureInfo,
+    List createTransformsInfoProfiles,
+    List transformationSupplements,
+    Set reservedIDs,
+    String digestMethodXAdES142)
+    throws MOASystemException, MOAApplicationException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List treatments = new ArrayList();
+    List dataObjInfos = singleSignatureInfo.getDataObjectInfos();
+    int dataObjectTreatmentCount = 1;
+    String hashAlgorithmName;
+    Iterator dtIter;
+    Iterator prIter;
+
+    prIter = createTransformsInfoProfiles.iterator();
+    for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) {
+      CreateTransformsInfoProfileExplicit profile =
+        (CreateTransformsInfoProfileExplicit) prIter.next();
+      DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next();
+      IdGenerator objIdGen =
+        new IdGenerator(
+          ("signed-data-" + createProfileCount)
+            + ("-" + dataObjectTreatmentCount++),
+          reservedIDs);
+      DataObjectTreatmentImpl treatment = new DataObjectTreatmentImpl(objIdGen);
+
+      treatment.setFinalContentType(
+        profile.getCreateTransformsInfo().getFinalDataMetaInfo().getMimeType());
+      treatment.setTransformationList(buildTransformationList(profile));
+      treatment.setReferenceInManifest(dataObjInfo.isChildOfManifest());
+
+      // if XAdES version is 1.4.2
+      if (digestMethodXAdES142 != null) {
+    	  // use configured digest algorithm
+    	  hashAlgorithmName = digestMethodXAdES142;
+      }
+      else {
+    	  // stay as it is
+    	  hashAlgorithmName = (String) HASH_ALGORITHM_MAPPING.get(
+    		          config.getDigestMethodAlgorithmName());
+    	  if (hashAlgorithmName == null) {
+    	        error(
+    	          "config.17",
+    	          new Object[] { config.getDigestMethodAlgorithmName()});
+    	        throw new MOASystemException("2900", null);
+    	      }
+      }
+      
+      
+      
+
+      treatment.setHashAlgorithmName(hashAlgorithmName);
+      treatment.setIncludedInSignature(
+        DataObjectInfo.STRUCTURE_ENVELOPING.equals(dataObjInfo.getStructure()));
+      treatment.setTransformationSupplements(transformationSupplements);
+
+      treatments.add(treatment);
+
+    }
+
+    return treatments;
+  }
+
+  /**
+   * Build the <code>List</code> of transformations contained in a
+   * <code>CreateTransformsInfoProfile</code> object.
+   * 
+   * @param profile The <code>CreateTransformsInfoProfile</code> object
+   * from which to extract the <code>Transform</code>s.
+   * @return A <code>List</code> of <code>Transformation</code>s contained in
+   * the given <code>CreateTransformsInfoProfile</code>.
+   * @throws MOAApplicationException An error occurred building one of the
+   * <code>Transformation</code>s.
+   */
+  private List buildTransformationList(CreateTransformsInfoProfileExplicit profile)
+    throws MOAApplicationException {
+
+    TransformationFactory factory = TransformationFactory.getInstance();
+    List transforms = profile.getCreateTransformsInfo().getTransforms();
+
+    return transforms != null
+      ? factory.createTransformationList(transforms)
+      : Collections.EMPTY_LIST;
+  }
+
+  /**
+   * Build the set of <code>KeyEntryID</code>s available to the given
+   * <code>keyGroupID</code>.
+   * 
+   * @param keyGroupID The keygroup ID for which the available keys should be
+   * returned.
+   * @return The <code>Set</code> of <code>KeyEntryID</code>s
+   * identifying the available keys.
+   */
+  private Set buildKeySet(String keyGroupID) {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    Set keyGroupEntries;
+
+    // get the KeyGroup entries from the configuration
+    if (context.getClientCertificate() != null) {
+      X509Certificate cert = context.getClientCertificate()[0];
+      Principal issuer = cert.getIssuerDN();
+      BigInteger serialNumber = cert.getSerialNumber();
+
+      keyGroupEntries =
+        config.getKeyGroupEntries(issuer, serialNumber, keyGroupID);
+    } else {
+      keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID);
+    }
+
+    // map the KeyGroup entries to a set of KeyEntryIDs
+    if (keyGroupEntries == null) {
+      return null;
+    } else if (keyGroupEntries.size() == 0) {
+      return Collections.EMPTY_SET;
+    } else {
+      KeyModule module =
+        KeyModuleFactory.getInstance(
+          new TransactionId(context.getTransactionID()));
+      Set keyEntryIDs = module.getPrivateKeyEntryIDs();
+      Set keySet = new HashSet();
+      Iterator iter;
+
+      // filter out the keys that do not exist in the IAIK configuration
+      // by walking through the key entries and checking if the exist in the
+      // keyGroupEntries
+      for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
+        KeyEntryID entryID = (KeyEntryID) iter.next();
+        KeyGroupEntry entry =
+          new KeyGroupEntry(
+            entryID.getModuleID(),
+            entryID.getCertificateIssuer(),
+            entryID.getCertificateSerialNumber());
+        if (keyGroupEntries.contains(entry)) {
+          keySet.add(entryID);
+        }
+      }
+      return keySet;
+    }
+  }
+
+  /**
+   * Get the signature location index where the signature will be inserted into
+   * the signature parent element.
+   * 
+   * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object
+   * containing the <code>CreateSignatureLocation</code>.
+   * @return The index at which to insert the signature into the signature
+   * environment.
+   * @throws MOAApplicationException An error occurred parsing the 
+   * <code>CreateSignatureEnvironmentProfile</code>.
+   */
+  private XMLSignatureInsertionLocation getSignatureInsertionLocationIndex(SingleSignatureInfo singleSignatureInfo)
+    throws MOAApplicationException {
+
+    CreateSignatureInfo createInfo =
+      singleSignatureInfo.getCreateSignatureInfo();
+
+    if (createInfo != null) {
+      TransactionContext context =
+        TransactionContextManager.getInstance().getTransactionContext();
+      ConfigurationProvider config = context.getConfiguration();
+      CreateSignatureEnvironmentProfileExplicit profile =
+        ProfileMapper.mapCreateSignatureEnvironmentProfile(
+          createInfo.getCreateSignatureEnvironmentProfile(),
+          config);
+      int index = profile.getCreateSignatureLocation().getIndex();
+
+      return new XMLSignatureInsertionLocationImpl(index);
+    } else {
+      return new XMLSignatureInsertionLocationImpl(0);
+    }
+  }
+
+  /**
+   * Utility function to issue an error message to the log.
+   * 
+   * @param messageId The ID of the message to log.
+   * @param parameters Additional message parameters.
+   */
+  private static void error(String messageId, Object[] parameters) {
+    MessageProvider msg = MessageProvider.getInstance();
+
+    Logger.error(new LogMsg(msg.getMessage(messageId, parameters)));
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
new file mode 100644
index 0000000..2b158dd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -0,0 +1,727 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLSignature;
+import iaik.server.modules.xmlsign.XMLConstants;
+import iaik.server.modules.xmlverify.DsigManifest;
+import iaik.server.modules.xmlverify.ReferenceData;
+import iaik.server.modules.xmlverify.SecurityLayerManifest;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterHash;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.iaik.xml.XMLSignatureImpl;
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.spss.util.QCSSCDResult;
+import at.gv.egovernment.moa.util.CollectionUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * A class providing a DOM based interface to the
+ * <code>XMLSignatureVerificationModule</code>.
+ * 
+ * This class performs the invocation of the 
+ * <code>iaik.server.modules.xmlverify.XMLSignatureVerificationModule</code>
+ * from a <code>VerifyXMLSignatureRequest</code> given as a DOM element. The
+ * result of the invocation is integrated into a
+ * <code>VerifyXMLSignatureResponse</code> and returned.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureVerificationInvoker {
+
+  /** The single instance of this class. */
+  private static XMLSignatureVerificationInvoker instance = null;
+
+  private static Set FILTERED_REF_TYPES;
+
+  static {
+    FILTERED_REF_TYPES = new HashSet();
+    FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
+    FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
+    FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
+    FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
+    FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
+  }
+
+  /**
+   * Get the single instance of this class.
+   * 
+   * @return The single instance of this class.
+   */
+  public static synchronized XMLSignatureVerificationInvoker getInstance() {
+    if (instance == null) {
+      instance = new XMLSignatureVerificationInvoker();
+    }
+    return instance;
+  }
+
+  /**
+   * Create a new <code>XMLSignatureCreationInvoker</code>.
+   * 
+   * Protected to disallow multiple instances.
+   */
+  protected XMLSignatureVerificationInvoker() {
+  }
+
+  /**
+   * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
+   * <code>XMLSignatureVerificationModule</code>.
+   * 
+   * @param request A <code>VerifyXMLSignatureRequest<code> API object 
+   * containing the data for verifying an XML signature.
+   * @return A <code>VerifyXMLSignatureResponse</code> containing the
+   * answert to the <code>VerifyXMLSignatureRequest</code>.
+   * MOA schema definition.
+   * @throws MOAException An error occurred during signature verification. 
+   */
+  public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
+    throws MOAException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    LoggingContext loggingCtx =
+      LoggingContextManager.getInstance().getLoggingContext();
+    XMLSignatureVerificationProfileFactory profileFactory =
+      new XMLSignatureVerificationProfileFactory(request);
+    VerifyXMLSignatureResponseBuilder responseBuilder =
+      new VerifyXMLSignatureResponseBuilder();
+    XMLSignatureVerificationResult result;
+    XMLSignatureVerificationProfile profile;
+    ReferencesCheckResult signatureManifestCheck;
+    DataObjectFactory dataObjFactory;
+    XMLDataObject signatureEnvironment;
+    Node signatureEnvironmentParent = null;
+    Element requestElement = null;
+    XMLSignature xmlSignature;
+    Date signingTime;
+    List supplements;
+    List dataObjectList;
+
+    // get the supplements
+    supplements = getSupplements(request);
+
+    // build XMLSignature
+    dataObjFactory = DataObjectFactory.getInstance();
+    signatureEnvironment =
+      dataObjFactory.createSignatureEnvironment(
+        request.getSignatureInfo().getVerifySignatureEnvironment(),
+        supplements);
+    xmlSignature = buildXMLSignature(signatureEnvironment, request);
+
+    // build the list of DataObjects
+    dataObjectList = buildDataObjectList(supplements);
+
+    // build profile
+    profile = profileFactory.createProfile();
+    
+    // get the signingTime
+    signingTime = request.getDateTime();
+
+    // make the signature environment the root of the document, if it is not a
+    // separate document anyway; this is done to assure that canonicalization
+    // of the signature environment contains the correct namespace declarations
+    requestElement =
+      signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
+    if (requestElement != signatureEnvironment.getElement()) {
+      signatureEnvironmentParent =
+        signatureEnvironment.getElement().getParentNode();
+      requestElement.getOwnerDocument().replaceChild(
+        signatureEnvironment.getElement(),
+        requestElement);
+    }
+
+    QCSSCDResult qcsscdresult = new QCSSCDResult();
+    String tpID =  profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
+    ConfigurationProvider config = ConfigurationProvider.getInstance();
+    TrustProfile tp = config.getTrustProfile(tpID);
+    
+    // verify the signature
+    try {
+      XMLSignatureVerificationModule module =
+        XMLSignatureVerificationModuleFactory.getInstance();
+
+      module.setLog(new IaikLog(loggingCtx.getNodeID()));
+
+      result =
+        module.verifySignature(
+          xmlSignature,
+          dataObjectList,
+          profile,
+          signingTime,
+          new TransactionId(context.getTransactionID()));
+    } catch (IAIKException e) {
+    	MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+        throw moaException;
+    } catch (IAIKRuntimeException e) {
+        MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+        throw moaException;
+    } 
+    
+
+    // QC/SSCD check
+    List list = result.getCertificateValidationResult().getCertificateChain();
+    if (list != null) {
+        X509Certificate[] chain = new X509Certificate[list.size()];
+        
+        Iterator it = list.iterator();
+        int i = 0;
+        while(it.hasNext()) {
+        	chain[i] = (X509Certificate)it.next();
+        	i++;
+        }
+        
+        qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
+    }
+    	
+
+    // get signer certificate issuer country code
+    String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
+    
+    // swap back in the request as root document
+    if (requestElement != signatureEnvironment.getElement()) {
+      requestElement.getOwnerDocument().replaceChild(
+        requestElement,
+        signatureEnvironment.getElement());
+      signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
+    }
+
+    // check the result
+    signatureManifestCheck =
+      validateSignatureManifest(request, result, profile);
+
+    // Check if signer certificate is in trust profile's allowed signer certificates pool
+    TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+    CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
+
+
+    // build the response
+    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
+    return responseBuilder.getResponse();
+  }
+
+  /**
+   * Checks if the signer certificate matches one of the allowed signer certificates specified 
+   * in the provided <code>trustProfile</code>.
+   * 
+   * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
+   * 
+   * @param trustProfile The trust profile the signer certificate is validated against.
+   * 
+   * @return The overal result of the certificate validation for the signer certificate.
+   * 
+   * @throws MOAException if one of the signer certificates specified in the <code>trustProfile</code>
+   *                      cannot be read from the file system.
+   */
+  private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
+    throws MOAException
+  {
+    MessageProvider msg = MessageProvider.getInstance();
+    
+    int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
+    if (resultCode == 0 && trustProfile.getSignerCertsUri() != null)
+    {
+      X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult().getCertificateChain().get(0); 
+      
+      File signerCertsDir = null;
+      try
+      {
+        signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
+      }
+      catch (URIException e)
+      {
+        throw new MOASystemException("2900", null, e); // Should not happen, already checked at loading the MOA configuration
+      }
+      
+      File[] files = signerCertsDir.listFiles();
+      if (files == null) resultCode = 1;
+      int i;
+      for (i = 0; i < files.length; i++)
+      {
+        if (!files[i].isDirectory())
+        {
+          FileInputStream currentFIS = null;
+          try
+          {
+            currentFIS = new FileInputStream(files[i]);
+          }
+          catch (FileNotFoundException e) {
+            throw new MOASystemException("2900", null, e); 
+          }
+          
+          try
+          {
+            X509Certificate currentCert = new X509Certificate(currentFIS);
+            currentFIS.close();
+            if (currentCert.equals(signerCertificate)) break;
+          }
+          catch (Exception e)
+          {
+            // Simply ignore file if it cannot be interpreted as certificate
+            String logMsg = msg.getMessage("invoker.03", new Object[]{trustProfile.getId(), files[i].getName()});
+            Logger.warn(logMsg);
+            try
+            {
+              currentFIS.close();
+            }
+            catch (IOException e1) {
+              // If clean-up fails, do nothing
+            }
+          }
+        }
+      }
+      if (i >= files.length)
+      {
+        resultCode = 1; // No signer certificate from the trustprofile pool matches the actual signer certificate
+      }
+    }
+    
+    SPSSFactory factory = SPSSFactory.getInstance();
+    return factory.createCheckResult(resultCode, null);
+  }
+  
+  
+
+  /**
+   * Select the <code>dsig:Signature</code> DOM element within the signature
+   * environment.
+   * 
+   * @param signatureEnvironment The signature environment containing the
+   * <code>dsig:Signature</code>.
+   * @param request The <code>VerifyXMLSignatureRequest</code> containing the
+   * signature environment.
+   * @return The <code>dsig:Signature</code> element wrapped in a
+   * <code>XMLSignature</code> object.
+   * @throws MOAApplicationException An error occurred locating the
+   * <code>dsig:Signature</code>.
+   */
+  private XMLSignature buildXMLSignature(
+    XMLDataObject signatureEnvironment,
+    VerifyXMLSignatureRequest request)
+    throws MOAApplicationException {
+
+    VerifySignatureLocation signatureLocation =
+      request.getSignatureInfo().getVerifySignatureLocation();
+    Element signatureParent;
+
+    // evaluate the VerifySignatureLocation to get the signature parent
+    signatureParent =
+      InvokerUtils.evaluateSignatureLocation(
+        signatureEnvironment.getElement(),
+        signatureLocation);
+
+    // check for signatureParent to be a dsig:Signature element
+    if (!"Signature".equals(signatureParent.getLocalName())
+      || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
+      throw new MOAApplicationException("2266", null);
+    }
+
+    return new XMLSignatureImpl(signatureParent);
+  }
+
+  /**
+   * Build the supplemental data objects contained in the
+   * <code>VerifyXMLSignatureRequest</code>.
+   *  
+   * @param supplements A <code>List</code> of 
+   * <code>XMLDataObjectAssociation</code>s containing the supplement data.
+   * @return A <code>List</code> of <code>DataObject</code>s representing the
+   * supplemental data objects.
+   * @throws MOASystemException A system error occurred building one of the data
+   * objects.
+   * @throws MOAApplicationException An error occurred building one of the data
+   * objects.
+   */
+  private List buildDataObjectList(List supplements)
+    throws MOASystemException, MOAApplicationException {
+    List dataObjectList = new ArrayList();
+
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    DataObject dataObject;
+    Iterator iter;
+    
+    if (supplements != null) {
+      for (iter = supplements.iterator(); iter.hasNext();) {
+        XMLDataObjectAssociation supplement =
+          (XMLDataObjectAssociation) iter.next();
+        dataObject =
+          factory.createFromXmlDataObjectAssociation(supplement, true, false);
+        dataObjectList.add(dataObject);
+      }
+    }
+    
+    return dataObjectList;
+    
+  }
+
+  /**
+   * Get the supplemental data contained in the 
+   * <code>VerifyXMLSignatureRequest</code>.
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> containing the
+   * supplemental data.
+   * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> 
+   * objects containing the supplemental data.
+   * @throws MOAApplicationException An error occurred resolving one of the
+   * supplement profiles.
+   */
+  private List getSupplements(VerifyXMLSignatureRequest request)
+    throws MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List supplementProfiles = request.getSupplementProfiles();
+    
+    List supplements = new ArrayList();
+    
+    if (supplementProfiles != null) {     
+      
+      List mappedProfiles =
+        ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
+      Iterator iter;
+
+      for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+        SupplementProfileExplicit profile =
+          (SupplementProfileExplicit) iter.next();
+        supplements.add(profile.getSupplementProfile());
+      }
+     
+    }
+    return supplements;
+  }
+
+  /**
+   * Perform additional validations of the
+   * <code>XMLSignatureVerificationResult</code>.
+   * 
+   * <p> In particular, it is verified that:
+   * <ul>
+   * <li>Each <code>ReferenceData</code> object contains transformation
+   * chain that matches one of the <code>Transforms</code> given in the
+   * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code></li>
+   * <li>The hash values of the <code>TransformParameter</code>s are valid.
+   * </li>
+   * </ul>
+   * </p>
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> containing the
+   * signature to verify.
+   * @param result The result produced by
+   * <code>XMLSignatureVerificationModule</code>.
+   * @param profile The profile used for validating the <code>request</code>.
+   * @return The result of additional validations of the signature manifest.
+   * @throws MOAApplicationException Post-validation of the
+   * <code>XMLSignatureVerificaitonResult</code> failed.
+   */
+  private ReferencesCheckResult validateSignatureManifest(
+    VerifyXMLSignatureRequest request,
+    XMLSignatureVerificationResult result,
+    XMLSignatureVerificationProfile profile)
+    throws MOAApplicationException {
+
+    SPSSFactory factory = SPSSFactory.getInstance();
+    MessageProvider msg = MessageProvider.getInstance();
+
+    // validate that each ReferenceData object contains transforms specified
+    // in the corresponding SignatureManifestCheckParams/ReferenceInfo
+    if (request.getSignatureManifestCheckParams() != null) {
+      List refInfos =
+        request.getSignatureManifestCheckParams().getReferenceInfos();
+      List refDatas = filterReferenceInfos(result.getReferenceDataList());
+      List failedReferencesList = new ArrayList();
+      Iterator refInfoIter;
+      Iterator refDataIter;
+
+      if (refInfos.size() != refDatas.size()) {
+        return factory.createReferencesCheckResult(1, null);
+      }
+
+      refInfoIter = refInfos.iterator();
+      refDataIter =
+        filterReferenceInfos(result.getReferenceDataList()).iterator();
+
+      while (refInfoIter.hasNext()) {
+        ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
+        ReferenceData refData = (ReferenceData) refDataIter.next();
+        List transforms = buildTransformsList(refInfo);
+        boolean found = false;
+        Iterator trIter;
+
+        for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
+          found = trIter.next().equals(refData.getTransformationList());
+        }
+
+        if (!found) {
+          Integer refIndex = new Integer(refData.getReferenceIndex());
+          String logMsg =
+            msg.getMessage("invoker.01", new Object[] { refIndex });
+
+          failedReferencesList.add(refIndex);
+          Logger.debug(new LogMsg(logMsg));
+        }
+      }
+
+      if (!failedReferencesList.isEmpty()) {
+        // at least one reference failed - return their indexes and check code 1
+        int[] failedReferences =
+          CollectionUtils.toIntArray(failedReferencesList);
+        ReferencesCheckResultInfo checkInfo =
+          factory.createReferencesCheckResultInfo(null, failedReferences);
+
+        return factory.createReferencesCheckResult(1, checkInfo);
+      }
+    }
+
+    // validate the hashes contained in all the ReferenceInfo objects of the
+    // security layer manifest 
+    if (request.getSignatureManifestCheckParams() != null 
+      && result.containsSecurityLayerManifest()) {
+      Map hashValues = buildTransformParameterHashValues(request);
+      Set transformParameterURIs =
+        buildTransformParameterURIs(profile.getTransformationSupplements());
+      List referenceInfoList =
+        result.getSecurityLayerManifest().getReferenceDataList();
+      Iterator refIter;
+
+      for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
+        iaik.server.modules.xmlverify.ReferenceInfo ref =
+          (iaik.server.modules.xmlverify.ReferenceInfo) refIter.next();
+        byte[] hash = (byte[]) hashValues.get(ref.getURI());
+
+        if (!transformParameterURIs.contains(ref.getURI())
+          || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) {
+
+          // the transform parameter doesn't exist or the hashs do not match
+          // return the index of the failed reference and check code 1
+          int[] failedReferences = new int[] { ref.getReferenceIndex()};
+          ReferencesCheckResultInfo checkInfo =
+            factory.createReferencesCheckResultInfo(null, failedReferences);
+          String logMsg =
+            msg.getMessage(
+              "invoker.02",
+              new Object[] { new Integer(ref.getReferenceIndex())});
+
+          Logger.debug(new LogMsg(logMsg));
+
+          return factory.createReferencesCheckResult(1, checkInfo);
+        }
+      }
+    }
+
+    return factory.createReferencesCheckResult(0, null);
+  }
+
+  /**
+   * Get all <code>Transform</code>s contained in all the
+   * <code>VerifyTransformsInfoProfile</code>s of the given
+   * <code>ReferenceInfo</code>.
+   * 
+   * @param refInfo The <code>ReferenceInfo</code> object containing
+   * the transformations.
+   * @return A <code>List</code> of <code>List</code>s. Each of the
+   * <code>List</code>s contains <code>Transformation</code> objects.
+   * @throws MOAApplicationException An error occurred building one of the
+   * <code>Transformation</code>s.
+   */
+  private List buildTransformsList(ReferenceInfo refInfo)
+    throws MOAApplicationException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    List profiles = refInfo.getVerifyTransformsInfoProfiles();
+    List mappedProfiles =
+      ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+    List transformsList = new ArrayList();
+    TransformationFactory factory = TransformationFactory.getInstance();
+    Iterator iter;
+
+    for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+      VerifyTransformsInfoProfileExplicit profile =
+        (VerifyTransformsInfoProfileExplicit) iter.next();
+      List transforms = profile.getTransforms();
+
+      if (transforms != null) {
+        transformsList.add(factory.createTransformationList(transforms));
+      }
+    }
+
+    return transformsList;
+  }
+
+  /**
+   * Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
+   * 
+   * @param transformParameters The <code>List</code> of 
+   * <code>TransformParameter</code>s, as provided to the verification. 
+   * @return The <code>Set</code> of all <code>TransformParameter</code> URIs. 
+   */
+  private Set buildTransformParameterURIs(List transformParameters) {
+    Set uris = new HashSet();
+    Iterator iter;
+
+    for (iter = transformParameters.iterator(); iter.hasNext();) {
+      DataObject transformParameter = (DataObject) iter.next();
+      uris.add(transformParameter.getURI());
+    }
+
+    return uris;
+  }
+
+  /**
+   * Build a mapping between <code>TransformParameter</code> URIs (a
+   * <code>String</code> and <code>dsig:HashValue</code> (a
+   * <code>byte[]</code>).
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code>.
+   * @return Map The resulting mapping.
+   * @throws MOAApplicationException An error occurred accessing one of
+   * the profiles.
+   */
+  private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request)
+    throws MOAApplicationException {
+
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    Map hashValues = new HashMap();
+    List refInfos =
+      request.getSignatureManifestCheckParams().getReferenceInfos();
+    Iterator refIter;
+
+    for (refIter = refInfos.iterator(); refIter.hasNext();) {
+      ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
+      List profiles = refInfo.getVerifyTransformsInfoProfiles();
+      List mappedProfiles =
+        ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+      Iterator prIter;
+
+      for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
+        VerifyTransformsInfoProfileExplicit profile =
+          (VerifyTransformsInfoProfileExplicit) prIter.next();
+        List trParameters = profile.getTransformParameters();
+        Iterator trIter;
+
+        for (trIter = trParameters.iterator(); trIter.hasNext();) {
+          TransformParameter transformParameter =
+            (TransformParameter) trIter.next();
+          String uri = transformParameter.getURI();
+
+          if (transformParameter.getTransformParameterType()
+            == TransformParameter.HASH_TRANSFORMPARAMETER) {
+            hashValues.put(
+              uri,
+              ((TransformParameterHash) transformParameter).getDigestValue());
+          }
+
+        }
+      }
+    }
+    return hashValues;
+  }
+
+  /**
+   * Filter the <code>ReferenceInfo</code>s returned by the
+   * <code>VerifyXMLSignatureResult</code> for comparison with the
+   * <code>ReferenceInfo</code> elements in the request.
+   * 
+   * @param referenceInfos The <code>ReferenceInfo</code>s from the
+   * <code>VerifyXMLSignatureResult</code>.
+   * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type
+   * is not a XMLDsig manifest, Security Layer manifest, or ETSI signed
+   * property.
+   */
+  private List filterReferenceInfos(List referenceInfos) {
+    List filtered = new ArrayList();
+    Iterator iter;
+
+    for (iter = referenceInfos.iterator(); iter.hasNext();) {
+      iaik.server.modules.xmlverify.ReferenceInfo refInfo =
+        (iaik.server.modules.xmlverify.ReferenceInfo) iter.next();
+      String refType = refInfo.getReferenceType();
+
+      if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
+        filtered.add(refInfo);
+      }
+    }
+
+    return filtered;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
new file mode 100644
index 0000000..3e4c712
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.invoke;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOASystemException;
+import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams;
+import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xmlverify.XMLSignatureVerificationProfileImpl;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+
+/**
+ * A factory to create a <code>XMLSignatureVerificationProfile</code> from a
+ * <code>VerifyXMLSignatureRequest</code>, based on the current MOA
+ * configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class XMLSignatureVerificationProfileFactory {
+
+  /** The <code>VerifyXMLSignatureRequest</code> for which to create profile
+   * information. */
+  private VerifyXMLSignatureRequest request;
+
+  /**
+   * Create a new <code>XMLSignatureVerificationProfileFactory</code>.
+   * 
+   * @param request The <code>VerifyXMLSignatureRequest</code> to extract 
+   * profile data from.
+   */
+  public XMLSignatureVerificationProfileFactory(VerifyXMLSignatureRequest request) {
+    this.request = request;
+  }
+
+  /**
+   * Create a <code>XMLSignatureCreationProfile</code> from the
+   * <code>VerifyXMLSignaturesRequest</code> and the current MOA configuration.
+   * 
+   * @return The <code>XMLSignatureVerificationProfile</code> containing
+   * additional information for verifying an XML signature.
+   * @throws MOASystemException A system error occurred building the profile.
+   * @throws MOAApplicationException An error occurred building the profile.
+   */
+  public XMLSignatureVerificationProfile createProfile()
+    throws MOASystemException, MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    XMLSignatureVerificationProfileImpl profile =
+      new XMLSignatureVerificationProfileImpl();
+    SignatureManifestCheckParams checkParams;
+    String trustProfileID;
+
+    // set whether to check XMLDsig manifests
+    profile.setCheckXMLDsigManifests(true);
+
+    // set the certificate validation profile
+    trustProfileID = request.getTrustProfileId();
+    profile.setCertificateValidationProfile(
+      new PKIProfileImpl(config, trustProfileID));
+
+    // set whether hash input data is to be included
+    profile.setIncludeHashInputData(request.getReturnHashInputData());
+
+    // set the security layer manifest check parameters
+    // and transformation supplements (if present) 
+    checkParams = request.getSignatureManifestCheckParams();
+    profile.setCheckSecurityLayerManifest(true);
+    profile.setIncludeReferenceInputData(checkParams != null ? checkParams.getReturnReferenceInputData() : false);
+    if (checkParams != null) {
+        List transformationSupplements;
+        transformationSupplements = buildTransformationSupplements();
+        profile.setTransformationSupplements(transformationSupplements);
+    } else {
+        profile.setTransformationSupplements(Collections.EMPTY_LIST);
+    }
+    
+    profile.setPermitFileURIs(config.getPermitFileURIs());
+    
+    return profile;
+  }
+
+  /**
+   * Build supplemental data objects used in the transformations.
+   * 
+   * @return A <code>List</code> of <code>DataObject</code>s providing
+   * supplemental data to the transformations.
+   * @throws MOASystemException A system error occurred building one of the
+   * transformations.
+   * @throws MOAApplicationException An error occurred building one of the
+   * transformations.
+   */
+  public List buildTransformationSupplements()
+    throws MOASystemException, MOAApplicationException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    SignatureManifestCheckParams checkParams =
+      request.getSignatureManifestCheckParams();
+    List transformsProfiles = new ArrayList();
+    List transformationSupplements = new ArrayList();
+    DataObjectFactory factory = DataObjectFactory.getInstance();
+    List refInfos = checkParams.getReferenceInfos();
+    Iterator refIter;
+    Iterator prIter;
+    Iterator trIter;
+
+    // build the list of all VerifyTransformsInfoProfiles in all ReferenceInfos
+    refInfos = checkParams.getReferenceInfos();
+    for (refIter = refInfos.iterator(); refIter.hasNext();) {
+      ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
+      List profiles = refInfo.getVerifyTransformsInfoProfiles();
+
+      transformsProfiles.addAll(
+        ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config));
+    }
+
+    // build the DataObjects
+    for (prIter = transformsProfiles.iterator(); prIter.hasNext();) {
+      VerifyTransformsInfoProfileExplicit profile =
+        (VerifyTransformsInfoProfileExplicit) prIter.next();
+      List transformParameters = profile.getTransformParameters();
+
+      for (trIter = transformParameters.iterator(); trIter.hasNext();) {
+        TransformParameter trParam = (TransformParameter) trIter.next();
+        transformationSupplements.add(
+          factory.createFromTransformParameter(trParam));
+      }
+    }
+    
+    return transformationSupplements;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
new file mode 100644
index 0000000..10dc79d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.logging;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import iaik.logging.TransactionId;
+
+/**
+ * An implementation of the <code>iaik.logging.Log</code>
+ * interface that is based on Jakarta Commons-Logging.
+ * 
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class IaikLog implements iaik.logging.Log {
+  /** The hierarchy to log all IAIK output to. */
+  public static final String IAIK_LOG_HIERARCHY = "iaik.server";
+  /** The commons-loggin <code>Log</code> to use for logging the messages. */
+  private static Log log = LogFactory.getLog(IAIK_LOG_HIERARCHY);
+  /** The node ID to use. */
+  private String nodeId;
+  
+  /**
+   * Create a new <code>IaikLog</code>.
+   * 
+   * @param nodeId The node ID for this <code>Log</code> object. 
+   */
+  public IaikLog(String nodeId) {
+    this.nodeId = nodeId;
+  }
+
+  /**
+   * @see iaik.logging.Log#isDebugEnabled()
+   */
+  public boolean isDebugEnabled() {
+    return log.isDebugEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#debug(TransactionId, Object, Throwable)
+   */
+  public void debug(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.debug(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#isInfoEnabled()
+   */
+  public boolean isInfoEnabled() {
+    return log.isInfoEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#info(TransactionId, Object, Throwable)
+   */
+  public void info(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.info(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#isWarnEnabled()
+   */
+  public boolean isWarnEnabled() {
+    return log.isWarnEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#warn(TransactionId, Object, Throwable)
+   */
+  public void warn(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.warn(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#isErrorEnabled()
+   */
+  public boolean isErrorEnabled() {
+    return log.isErrorEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#error(TransactionId, Object, Throwable)
+   */
+  public void error(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.error(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#isFatalEnabled()
+   */
+  public boolean isFatalEnabled() {
+    return log.isFatalEnabled();
+  }
+
+  /**
+   * @see iaik.logging.Log#fatal(TransactionId, Object, Throwable)
+   */
+  public void fatal(TransactionId transactionId, Object message, Throwable t) {
+    IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
+
+    log.fatal(msg, t);
+  }
+
+  /**
+   * @see iaik.logging.Log#setNodeId(String)
+   */
+  public void setNodeId(String nodeId) {
+    this.nodeId = nodeId;
+  }
+
+  /**
+   * @see iaik.logging.Log#getNodeId()
+   */
+  public String getNodeId() {
+    return nodeId;
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java
new file mode 100644
index 0000000..64810a8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.logging;
+
+import iaik.logging.Log;
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LogFactory;
+
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+/**
+ * An implementation of the <code>iaik.logging.LogFactory</code> abstract
+ * class to log messages to the MOA logging subsystem.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikLogFactory extends LogFactory {
+
+  public Log getInstance(Class clazz) throws LogConfigurationException {
+    return getInstanceImpl();
+  }
+
+  public Log getInstance(String name) throws LogConfigurationException {
+    return getInstanceImpl();
+  }
+
+  /**
+   * Return an instance of <code>iaik.logging.Log</code>.
+   * 
+   * @return The <code>iaik.logging.Log</code> object to log messages to.
+   */  
+  private Log getInstanceImpl() {
+    String nodeID = 
+      LoggingContextManager.getInstance().getLoggingContext().getNodeID();
+      
+    return new IaikLog(nodeID);
+  }
+
+  public void release() {
+    // we do not hold any resources
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogMsg.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogMsg.java
new file mode 100644
index 0000000..7e4ff84
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogMsg.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.logging;
+
+import iaik.logging.TransactionId;
+
+/**
+ * A unified message type to log messages from the IAIK subsystem.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IaikLogMsg {
+  
+  /** The transaction ID of this message. */
+  private TransactionId transactionId;
+  /** The node ID of this message. */
+  private String nodeId;
+  /** The message to log. */
+  private Object message;
+  
+  /**
+   * Create a <code>IaikLogMsg</code> object.
+   * 
+   * @param transactionId The transaction id of the transaction which
+   * generated this log message. May be <code>null</code>.
+   * @param nodeId The node id where this message was generated. May be
+   * <code>null</code>.
+   * @param message The actual message to log. May be <code>null</code>.
+   */
+  public IaikLogMsg(TransactionId transactionId, String nodeId, Object message) {
+    this.transactionId = transactionId;
+    this.nodeId = nodeId;
+    this.message = message;
+  }
+
+  
+  /**
+   * Convert this log message to a <code>String</code>.
+   * 
+   * @return The <code>String</code> representation of this log message. 
+   */
+  public String toString() {
+    StringBuffer msg = new StringBuffer();
+    
+    msg.append("TID=");
+    msg.append(transactionId != null ? transactionId.getLogID() : "<null>");
+    msg.append(" NID=");
+    msg.append(nodeId != null ? nodeId : "<null>");
+    msg.append(" MSG=");
+    msg.append(message != null ? message.toString() : "<null>");
+    
+    return msg.toString();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/TransactionId.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/TransactionId.java
new file mode 100644
index 0000000..ba76c0b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/TransactionId.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.logging;
+
+/**
+ * An implementation of the <code>iaik.logging.TransactionId</code> interface.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class TransactionId implements iaik.logging.TransactionId {
+  
+  /** The String representation for logging the transaction ID. */
+  private String logID;
+  
+  /**
+   * Create a <code>TransactionId</code> object.
+   * 
+   * @param logID The transaction id as it should be presented to the logging
+   * subsystem.
+   */
+  public TransactionId(String logID) {
+    this.logID = logID;
+  }
+
+  /**
+   * @see iaik.logging.TransactionId#getLogID()
+   */
+  public String getLogID() {
+    return logID;
+  }
+  
+  /**
+   * @see java.lang.Object#toString()
+   */
+  public String toString() {
+    return getLogID();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java
new file mode 100644
index 0000000..f6d84c7
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.service;
+
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.revocation.archive.Archive;
+import iaik.pki.store.revocation.archive.ArchiveFactory;
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * A <code>Runnable</code> for periodically cleaning up the revocation archive. 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class RevocationArchiveCleaner implements Runnable {
+
+  /** The inverval between two clean-ups of the revocation archive. */
+  private long archiveCleanupInterval;
+
+  /**
+   * Create a new <code>RevocationArchiveCleaner</code>.
+   * 
+   * @param archiveCleanupInterval The interval between two clean-ups of the
+   * revocation archive.
+   */
+  public RevocationArchiveCleaner(long archiveCleanupInterval) {
+    this.archiveCleanupInterval = archiveCleanupInterval;
+  }
+
+  /**
+   * Run the <code>RevocationArchiveCleaner</code> in its own 
+   * <code>Thread</code>.
+   */
+  public void run() {
+    while (true) {
+      try {
+        ConfigurationProvider config = ConfigurationProvider.getInstance();
+        boolean enableArchiving = config.getEnableRevocationArchiving();
+
+        if (enableArchiving) 
+        {
+          Archive archive = ArchiveFactory.getInstance().getArchive();
+          long archiveDurationMillis =
+            (long) config.getCRLArchiveDuration() * 86400000;
+
+          // delete old archive data
+          if (archiveDurationMillis > 0) {
+            Date olderThan =
+              new Date(System.currentTimeMillis() - archiveDurationMillis);
+
+            archive.deleteOldArchiveEntries(
+              RevocationSourceTypes.CRL,
+              olderThan,
+              new TransactionId("RevocationArchiveCleaner"));
+          }
+        }
+
+      } catch (Exception e) {
+        MessageProvider msg = MessageProvider.getInstance();
+        Logger.error(new LogMsg(msg.getMessage("init.02", null)), e);
+      }
+
+      // sleep 
+      try {
+        Thread.sleep(archiveCleanupInterval * 1000);
+      } catch (InterruptedException e) {
+        // ok to do nothing here
+      }
+
+    }
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
new file mode 100644
index 0000000..a5ea592
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.spss.server.transaction;
+
+import javax.activation.DataSource;
+
+public interface DeleteableDataSource extends DataSource {
+	public void delete();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
new file mode 100644
index 0000000..3425dac
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
@@ -0,0 +1,385 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.transaction;
+
+import iaik.xml.crypto.utils.URI;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+import javax.activation.DataSource;
+
+import java.util.Map.Entry;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
+/**
+ * Contains information about the current request.
+ * 
+ * @author Stefan Knirsch
+ * @author Patrick Peck 
+ */
+public class TransactionContext {
+
+  /** The client certificate. */
+  private X509Certificate[] clientCertificate = null;
+  /** The transaction ID. */
+  private String transactionID = null;
+  /** The name of the request. */
+  private String requestName = null;
+  /** The SOAP embedded request */
+  private Element request;
+  /** The response which is to embed by SOAP */
+  private Element response;
+  /** The map pointing to SOAP attachments needed by the request. */
+  private HashMap attachments = null;
+  /** The map containing cashed entities used in DataObjectFactory. */
+  private HashMap resolvedEntities = null;
+  /** The configuration to use throughout the request. */
+  private ConfigurationProvider configuration = null;
+  
+  /**
+   * Create a <code>TransactionContext</code> object.
+   * 
+   * @param transactionID A unique ID for this <code>TransactionContext</code>.
+   * @param clientCertificate The client certificate chain.
+   * @param configuration The MOA configuration to use for this transaction.
+   */
+  public TransactionContext(
+    String transactionID,
+    X509Certificate[] clientCertificate,
+    ConfigurationProvider configuration) {
+
+    this.transactionID = transactionID;
+    this.clientCertificate = clientCertificate;
+    this.configuration = configuration;
+  }
+
+  /**
+   * Create a <code>TransactionContext</code> object.
+   * 
+   * @param transactionID A unique ID for this <code>TransactionContext</code>.
+   * @param clientCertificate The client certificate chain.
+   * @param configuration The MOA configuration to use for this transaction.
+   * @param attachments to use for this transaction.
+   */
+  public TransactionContext(
+    String transactionID,
+    X509Certificate[] clientCertificate,
+    ConfigurationProvider configuration,
+    Element request,
+    HashMap attachments) {
+
+    this.transactionID = transactionID;
+    this.clientCertificate = clientCertificate;
+    this.configuration = configuration;
+    this.request = request;
+    this.attachments = attachments;
+  }
+  
+  /**
+   * Returns the client certificate.
+   * 
+   * @return The client certificate chain, if SSL client authentication has been
+   * configured in the web server and has been used by the client. The 0th
+   * element of the array contains the client certificate. <code>null</code>
+   * otherwise.
+   */
+  public X509Certificate[] getClientCertificate() {
+    return clientCertificate;
+  }
+
+  /**
+   * Returns the unique transaction ID.
+   * 
+   * @return The transaction ID.
+   */
+  public String getTransactionID() {
+    return transactionID;
+  }
+
+  /**
+   * Returns the name of the request.
+   * 
+   * @return The name of the request.
+   */
+  public String getRequestName() {
+    return requestName;
+  }
+
+  /**
+   * Sets the name of the request.
+   * 
+   * @param requestName The request name to set.
+   */
+  public void setRequestName(String requestName) {
+    this.requestName = requestName;
+  }
+
+  /**
+   * Sets the the request.
+   * 
+   * @param request The request to set.
+   */
+  public void setRequest(Element request) {
+    this.request = request;
+  }
+
+  /**
+   * Returns the request.
+   * 
+   * @return The request.
+   */
+  public Element getRequest() {
+    return request;
+  }
+
+  /**
+   * Sets the the response.
+   * 
+   * @param response The response to set.
+   */
+  public void setResponse(Element response) {
+    this.response = response;
+  }
+
+  /**
+   * Returns the response.
+   * 
+   * @return The response.
+   */
+  public Element getResponse() {
+    return response;
+  }
+  
+  /**
+   * Adds an attachment to the transactions list of SOAP attachments.
+   * 
+   * @param referenceId Identification value for the SOAP attachment.
+   * @param contentType MIME type of the SOAP attachment.
+   * @param is Handle to the ManagedMemoryDataSource of the SOAP attachment.
+   */
+  public void addAttachment(String referenceId, String contentType, DataSource is) {
+    if (this.attachments == null) this.attachments = new HashMap(); 
+    Vector entry = new Vector(2);
+    entry.add(contentType);
+    entry.add(is);
+    this.attachments.put(referenceId, entry);
+  }
+
+  /**
+   * Adds an attachment to the transactions list of SOAP attachments.
+   * 
+   * @param referenceId Identification value for the SOAP attachment.
+   * @param contentType MIME type of the SOAP attachment.
+   * @param is Handle to the InputStream of the SOAP attachment.
+   * @param filename Filename of the temporary file the InputStream belongs to
+   */
+  public void addAttachment(String referenceId, String contentType, InputStream is, String filename) {
+    if (this.attachments == null) this.attachments = new HashMap(); 
+    Vector entry = new Vector(3);
+    entry.add(contentType);
+    entry.add(is);
+    entry.add(filename);
+    this.attachments.put(referenceId, entry);
+  }
+  
+  /**
+   * Returns the ManagedMemoryDataSource to a specific SOAP attachment identified by referenceId.
+   * 
+   * @param referenceId Identification value for the SOAP attachment.
+   */
+  public DataSource getAttachment(String referenceId) {
+    if (attachments==null) {
+      return null;
+    }
+    Vector entry = (Vector) attachments.get(referenceId);
+    if (entry==null) {
+      return null;
+    }
+    Object object = entry.get(1);
+    if (object instanceof DataSource) {
+    	return (DataSource) object;
+    } else {
+    	return null;
+    }
+  }
+  
+  /**
+   * Returns the InputStream to a specific SOAP attachment identified by uri.
+   * 
+   * @param uri Identification value for the SOAP attachment.
+   */
+  public InputStream getAttachmentInputStream(URI uri) throws MOAApplicationException {
+    if (attachments==null) {
+      return null;
+    }
+    String referenceId = uri.getPath();
+    Vector entry = (Vector) attachments.get(referenceId);
+    if (entry==null) {
+      return null;
+    }
+
+    InputStream attachmentIs = null;
+    Object object = entry.get(1);
+       
+    if (object instanceof DataSource) {
+		try {
+		  attachmentIs =  (InputStream) ( ((DataSource)object).getInputStream());
+		} catch (IOException e) {
+		  throw new MOAApplicationException("2208", new Object[] { uri }, e);
+		}
+    } else {
+        attachmentIs = (InputStream) object;
+    }
+    return attachmentIs;
+    //If we would return the whole mmds: return (ManagedMemoryDataSource) entry.get(1);
+  }
+  
+  /**
+   * Returns the content type to a specific SOAP attachment identified by referenceId.
+   * 
+   * @param referenceId Identification value for the SOAP attachment.
+   */
+  public String getAttachmentContentType(String referenceId) {
+    Vector entry = (Vector) attachments.get(referenceId);
+    if (entry==null) {
+      return null;
+    }
+    return (String) entry.get(0);
+  }
+  
+  /**
+   * Delete the temporary attachment files.
+   */
+public void cleanAttachmentCache() {
+    if (null==attachments) {
+      return;
+    }
+    Iterator iterator = attachments.entrySet().iterator();
+    while (iterator.hasNext()) {
+      Entry hmEntry = (Entry) iterator.next();
+      Vector entry = (Vector)hmEntry.getValue();
+      Object object = entry.get(1);
+      if (object instanceof DataSource) {
+    	  DataSource mmds = (DataSource)object;
+	      try {
+	        if (mmds!=null) {
+	          InputStream is = mmds.getInputStream();
+	          if (is!=null) is.close();
+// not available in Axis 1.0 to 1.1	          
+//	          File f = mmds.getDiskCacheFile();
+//	          if (f!=null) f.delete();	   
+	          if(mmds instanceof DeleteableDataSource) {
+	        	  ((DeleteableDataSource)mmds).delete();
+	          }
+	          //mmds..delete();
+	        }
+	      } catch (IOException e) {
+	        // ok to do nothing here
+	      }
+      } else if (object instanceof InputStream) {
+         InputStream is = (InputStream)object;
+         try {
+	         if (is!=null) is.close();
+	         String tempFile = (String) entry.get(2);
+	         if (tempFile!=null){
+		         File f = new File(tempFile);
+		         f.delete();
+	         }
+	      } catch (IOException e) {
+		        // ok to do nothing here
+	      }
+      }
+    }
+  }
+  
+  /**
+   * Returns the <code>ConfigurationProvider</code> associated with this
+   * transaction.
+   * 
+   * @return The ConfigurationProvider associated with this transaction. 
+   */
+  public ConfigurationProvider getConfiguration() {
+    return configuration;
+  }
+  
+  /**
+   * Search an uri content in cashed map.
+   * 
+   * @param uri The value to look for.
+   * @return If found the cached entity, <code>null<code> otherwise.
+   */
+  public Vector FindResolvedEntity(String uri) {
+	  if (resolvedEntities==null) return null;
+	  return (Vector) resolvedEntities.get(uri);
+  }
+  
+  /**
+   * Get a new InputStream of a cached entity.
+   * 
+   * @param uri The value to look for.
+   * @return A new InputStream of the cached entity.
+   */
+  public InputStream ResolveURI(String uri) {
+	  InputStream is = null;
+	  Vector entity = FindResolvedEntity(uri);
+	  if (entity!=null) {
+		  byte[] contentBytes = (byte[]) entity.get(0);
+		  if (contentBytes!=null) {
+			  is = new ByteArrayInputStream(contentBytes);
+		  }
+	  }
+      return is;
+  }
+
+  /**
+   * Put a read entity (supplement, detached content, data object) on 
+   * transactions entity cash, to prevent repeated reading on slower channels.
+   * 
+   * @param uri A transaction-wide unique URI used as key of the entity cash 
+   * table.
+   * @param contentBytes The cached content belonging to the uri.
+   * @param contentType If known, the MIME-type of the cashed content.
+   */
+  public void PutResolvedEntity(String uri, byte[] contentBytes, String contentType) {
+	  Logger.trace("    storing uri content of uri \"" + uri + "\" for future references");
+	  if (resolvedEntities==null) resolvedEntities = new HashMap();
+      Vector entity = new Vector();
+      entity.add(contentBytes);
+      entity.add(contentType);
+      resolvedEntities.put(uri, entity);
+  }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContextManager.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContextManager.java
new file mode 100644
index 0000000..8a45ddf
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContextManager.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.transaction;
+
+/**
+ * Provides each thread with an instance of <code>TransactionContext</code>.
+ * 
+ * The single instance of the <code>TransactionContextManager</code> should be
+ * used to access contextual information for each web service transaction, e.g.
+ * the transaction ID, MOA configuration, client certificate, etc.
+ * 
+ * @author Stefan Knirsch
+ * @author Patrick Peck
+ */
+public class TransactionContextManager {
+
+  /** The single instance of <code>TransactionContextManager</code> */ 
+  private static TransactionContextManager instance = null;
+  
+  /** Contains a single <code>TransactionContext</code> for each thread. */
+  private ThreadLocal context = null;
+
+  /**
+   * Get the single instance of <code>TransactionContextManager</code>.
+   *   
+   * @return The single instanc of <code>TransactionContextManager</code>.
+   */
+  public static synchronized TransactionContextManager getInstance() {
+    if (instance == null) {
+      instance = new TransactionContextManager();
+    }
+    return instance;
+  }
+
+  /**
+   * Creates a new <code>TransactionContextManager</code>.
+   * 
+   * Protected to disallow direct instantiation.
+   */
+  protected TransactionContextManager() {
+    context = new ThreadLocal();
+  }
+
+  /**
+   * Set the <code>TransactionContext</code> for the current thread.
+   * 
+   * @param txContext The <code>TransactionContext</code> for this thread.
+   */
+  public void setTransactionContext(TransactionContext txContext) {
+    context.set(txContext);
+  }
+
+  /**
+   * Get the <code>TransactionContext</code> for the current thread.
+   * 
+   * @return The <code>TransactionContext</code> for the current thread or
+   * <code>null</code>, if none has been set (or if this method is being invoked
+   * outside the bounds of a transaction).
+   */
+  public TransactionContext getTransactionContext() {
+    return (TransactionContext) context.get();
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionIDGenerator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionIDGenerator.java
new file mode 100644
index 0000000..b173308
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionIDGenerator.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.transaction;
+
+
+/**
+ * A generator for unique transaction IDs.
+ * 
+ * <p>The transaction IDs are of the form "<base>-<counter>", where:
+ * <ul> 
+ * <li><code>base</code> is initialized with the system time when this class is
+ * being loaded</li>
+ * <li><code>counter</code> is incremented sequentially on each call to
+ * <code>nextID()</code></li>
+ * </ul>
+ * </p>
+ * 
+ * <p> Assuming that it is highly unlikely that MOA servers are started at
+ * exactly the same time instant, the mechanism provided by this class should
+ * guarantee unique transaction IDs across multiple restarts and/or instances of
+ * the server.</p>
+ * 
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ */
+public class TransactionIDGenerator {
+
+  /** Request sequence number. */
+  private static long counter = 0;
+  /** The base value to which to append the sequence number. */
+  private static String base = null;
+
+  /**
+   * Set up the initial base value.
+   */
+  static {
+    synchronized (TransactionIDGenerator.class) {
+      base = Long.toString(System.currentTimeMillis());
+    }
+  }
+
+  /**
+   * Returns the next transaction ID.
+   * 
+   * @return The next transaction ID.
+   */
+  public static synchronized String nextID() {
+    counter++;
+
+    return (base + "-" + counter);
+  }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/util/IdGenerator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/util/IdGenerator.java
new file mode 100644
index 0000000..a8d9e1b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/util/IdGenerator.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.server.util;
+
+import java.util.Set;
+
+/**
+ * Generate unique ID values for various objects in the response.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IdGenerator {
+  /** The base value to append the counter to. */
+  private String base;
+  /** The <code>Set</code> of reserved ID values. */
+  private Set reserved;
+  /** The sequence number. */
+  private int count;
+  
+  /**
+   * Create a new <code>IdGenerator</code>.
+   * 
+   * @param base A base value to append the IDs to. The creator of this object
+   * should provide a base value, so that appending the counter leads to unique
+   * IDs.
+   * @param reserved The <code>Set</code> of reserved IDs. A call to 
+   * <code>uniqueId()</code> will respect the reserved IDs.
+   */
+  public IdGenerator(String base, Set reserved) {
+    this.base = base;
+    this.reserved = reserved;
+    count = 1;
+  }
+  
+  /**
+   * Create the next ID value in the sequence.
+   * 
+   * @return The next ID value in the sequence.
+   */
+  protected String nextId() {
+    return base + "-" + count++;
+  }
+  
+  /**
+   * Create the next unique ID value which is unique in the reserved ID set.
+   * 
+   * The created ID is added to the set of reserved IDs.
+   * 
+   * @return The next ID value.
+   */
+  public String uniqueId() {
+    String nextId;
+
+    while (reserved.contains(nextId = nextId()));
+    
+    reserved.add(nextId);
+    
+    return nextId;
+        
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
new file mode 100644
index 0000000..defaedd
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java
@@ -0,0 +1,130 @@
+package at.gv.egovernment.moa.spss.tsl.config;

+

+import iaik.util.logging._l;

+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;

+

+import java.net.MalformedURLException;

+import java.net.URL;

+

+public class Configurator {

+

+	private static final String _TMPDBFILENAME = "temp_tsl.sqlite";

+	

+	private static boolean _sqlMultithreaded;

+	private static boolean _throwExceptions;

+	private static boolean _logExceptions;

+	private static boolean _throwWarnings;

+	private static boolean _logWarnings;

+	private static boolean _nullRedundancies;

+	private static URL _euTSLURL;

+	private static String _TSLWorkingDirectoryPath;

+	private static String _dbFile;

+	private static String _euTrustAnchorsPath;

+	private static String _msTrustAnchorsPath;

+	

+	

+	private static boolean _isInitialised = false;

+	

+	

+	/**

+	 * 

+	 */

+	public static void initial(String euTSLURL, String TSLWorkingDirectoryPath, String jdbcURL, String jdbcDriverClass) 

+			throws TSLEngineDiedException {

+		

+		

+		if (!_isInitialised) {	

+			try {

+				_euTSLURL = new URL(euTSLURL);

+			} catch (MalformedURLException e) {

+				_l.err("Bad TSL URL: " + euTSLURL, e);

+				throw new TSLEngineDiedException(e);

+			}

+			

+			if (!TSLWorkingDirectoryPath.endsWith("/"))

+				TSLWorkingDirectoryPath += "/";

+			

+			Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath;

+			

+			initialDefaultConfig();

+			

+			_isInitialised = true;

+		}

+	}

+	

+	public static String get_TSLWorkingDirectoryPath() {

+		return _TSLWorkingDirectoryPath;

+	}

+	

+	public static String get_dbFile() {

+		return _dbFile;

+	}

+

+	public static void set_dbFileName(String _dbFile) {

+		Configurator._dbFile = _TSLWorkingDirectoryPath + _dbFile;

+	}

+	

+	public static String get_euTrustAnchorsPath() {

+		return _euTrustAnchorsPath;

+	}

+

+	public static String get_msTrustAnchorsPath() {

+		return _msTrustAnchorsPath;

+	}

+

+	public static boolean is_sqlMultithreaded() {

+		return _sqlMultithreaded;

+	}

+

+	public static boolean is_throwExceptions() {

+		return _throwExceptions;

+	}

+

+	public static boolean is_logExceptions() {

+		return _logExceptions;

+	}

+

+	public static boolean is_throwWarnings() {

+		return _throwWarnings;

+	}

+

+	public static boolean is_logWarnings() {

+		return _logWarnings;

+	}

+

+	public static boolean is_nullRedundancies() {

+		return _nullRedundancies;

+	}

+

+	public static URL get_euTSLURL() {

+		return _euTSLURL;

+	}

+

+	public static boolean is_isInitialised() {

+		return _isInitialised;

+	}

+

+	public static String get_TempdbFile() {

+		return _TSLWorkingDirectoryPath + _TMPDBFILENAME;

+	}

+	

+	public static void set_euTrustAnchorsPath(String _euTrustAnchorsPath) {

+		Configurator._euTrustAnchorsPath = _euTrustAnchorsPath;

+	}

+

+	public static void set_msTrustAnchorsPath(String _msTrustAnchorsPath) {

+		Configurator._msTrustAnchorsPath = _msTrustAnchorsPath;

+	}

+	

+	private static void initialDefaultConfig() {		

+		_sqlMultithreaded = false;

+		_throwExceptions = true;

+		_logExceptions = true;

+		_throwWarnings = false;

+		_logWarnings = true;

+		_nullRedundancies = false;

+		_dbFile = _TSLWorkingDirectoryPath + "tsl.sqlite";

+		_euTrustAnchorsPath = _TSLWorkingDirectoryPath +  "trust/eu/";

+		_msTrustAnchorsPath = "/trust/ms/";

+	}	

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
new file mode 100644
index 0000000..82df37b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -0,0 +1,972 @@
+package at.gv.egovernment.moa.spss.tsl.connector;

+

+import java.io.File;

+import java.io.FileInputStream;

+import java.io.FileOutputStream;

+import java.io.IOException;

+import java.net.MalformedURLException;

+import java.net.URL;

+import java.nio.channels.ByteChannel;

+import java.nio.channels.FileChannel;

+import java.security.Security;

+import java.security.cert.X509Certificate;

+import java.util.ArrayList;

+import java.util.Collections;

+import java.util.Date;

+import java.util.HashMap;

+import java.util.Iterator;

+import java.util.LinkedHashMap;

+import java.util.List;

+import java.util.ListIterator;

+import java.util.Map;

+import java.util.Map.Entry;

+import java.util.Set;

+

+import org.apache.log4j.Logger;

+

+import at.gv.egovernment.moa.spss.tsl.config.Configurator;

+import at.gv.egovernment.moa.spss.tsl.utils.TSLEUImportFromFileContext;

+import at.gv.egovernment.moa.spss.tsl.utils.TSLEvaluationContext;

+import at.gv.egovernment.moa.spss.tsl.utils.TSLImportFromFileContext;

+import iaik.asn1.ObjectID;

+import iaik.util._15;

+import iaik.util.logging._l;

+import iaik.utils.RFC2253NameParser;

+import iaik.xml.crypto.EccProviderAdapter;

+import iaik.xml.crypto.XSecProvider;

+import iaik.xml.crypto.tsl.DbTables;

+import iaik.xml.crypto.tsl.DbTables.MODE;

+import iaik.xml.crypto.tsl.DbTables.Service;

+import iaik.xml.crypto.tsl.TSLCertEvaluator;

+import iaik.xml.crypto.tsl.TSLCertsExporter;

+import iaik.xml.crypto.tsl.TSLEngine;

+import iaik.xml.crypto.tsl.TSLEngine.LocationAndCertHash;

+import iaik.xml.crypto.tsl.TSLEngine.TSLEngineEU;

+import iaik.xml.crypto.tsl.TSLImportContext;

+import iaik.xml.crypto.tsl.TSLResult;

+import iaik.xml.crypto.tsl.TSLResultEndEntity;

+import iaik.xml.crypto.tsl.TSLResultImpl;

+import iaik.xml.crypto.tsl.TslSqlConnectionWrapper;

+import iaik.xml.crypto.tsl.constants.Countries;

+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;

+import iaik.xml.crypto.tsl.ex.TSLEngineFatalException;

+import iaik.xml.crypto.tsl.ex.TSLEngineFatalRuntimeException;

+import iaik.xml.crypto.tsl.ex.TSLExceptionB;

+import iaik.xml.crypto.tsl.ex.TSLRuntimeException;

+import iaik.xml.crypto.tsl.ex.TSLSearchException;

+import iaik.xml.crypto.tsl.ex.TSLTransactionFailedRuntimeException;

+import iaik.xml.crypto.tsl.fetch.TLS;

+import iaik.xml.crypto.tsl.sie.gen.QualifierType;

+

+public class TSLConnector implements TSLConnectorInterface {

+	

+	static final String _QCSSCDURI = "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/SvcInfoExt/QCWithSSCD";

+	static final String _STYPETEMPLATE_CAQC = "CA/QC";

+	static final String _STYPETEMPLATE_TSAQTST = "TSA/QTST";

+	

+	private static final String DEFAULT_HASHCACHE_DIR = "./hashcache/";

+	

+	static final List<String> STYPETEMPLATES = Collections.unmodifiableList(new ArrayList<String>(){

+		private static final long serialVersionUID = 1L;

+			{

+				add(_STYPETEMPLATE_CAQC);

+				add(_STYPETEMPLATE_TSAQTST);				

+			}

+		});

+	

+	

+	static Logger log = Logger.getLogger(TSLConnector.class);

+		

+	public void initialize(String euTSLURL, String TSLWorkingDirectoryPath, String jdbcURL, String jdbcDriverClass) 

+			throws TSLEngineDiedException {

+

+		Configurator.initial(euTSLURL, TSLWorkingDirectoryPath, jdbcURL, jdbcDriverClass);

+

+	}

+	

+	public ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime,

+			String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		return updateAndGetQualifiedCACertificates(dateTime, null, serviceLevelStatus);

+	}

+	

+	public void updateTSLs(Date dateTime,

+			String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		updateTSLs(dateTime, null, serviceLevelStatus);

+	}

+	

+	public ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime,

+			String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+

+		String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";

+		

+//		String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");

+//		System.out.println("hashcachedir: " + hashcachedir);

+//		if (hashcachedir==null)

+//			hashcachedir = DEFAULT_HASHCACHE_DIR;

+

+//		File hashcachefile = new File(hashcachedir);

+//		File[] filelist = hashcachefile.listFiles();

+//		if (filelist != null) {

+//			for (File f : filelist)

+//				f.delete();

+//		}

+	

+		File tsldownloadfile = new File(tsldownloaddir);

+		if (!tsldownloadfile.exists()) {

+			tsldownloadfile.mkdir();

+		}

+		File[] tslfilelist = tsldownloadfile.listFiles();

+		if (tslfilelist != null) {

+			for (File f : tslfilelist)

+				f.delete();

+		}

+		

+		//create sqlLite database

+		File dbFile = new File(Configurator.get_TempdbFile());

+		try {

+			dbFile.delete();

+			dbFile.createNewFile();

+		} catch (IOException e) {

+			throw new TSLEngineDiedException("Could not create temporary data base file", e);

+		}

+		

+		//the TSL library uses the iaik.util.logging environment.

+		//iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.WARN);

+		iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.OFF);

+		

+		log.info("Starting EU TSL import.");

+

+		// Certificates in Germany, Estonia, Greece, Cyprus,

+		// Lithuainia, Hungary, Poland, Finland, Norway use SURNAME

+		log.debug("### SURNAME registered as " + ObjectID.surName + " ###");

+		RFC2253NameParser.register("SURNAME", ObjectID.surName);

+

+		XSecProvider.addAsProvider(false);

+

+		TSLEngine tslEngine;

+		TslSqlConnectionWrapper connection = null;

+

+		try {

+			// register the Https JSSE Wrapper

+			TLS.register();

+			log.trace("### Https JSSE Wrapper registered ###");

+			

+

+			log.debug("### Connect to Database.###");

+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);

+

+			log.trace("### Connected ###");

+

+			// empty the database and recreate the tables

+			tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(), 

+					connection, true, true);

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+			

+		}

+

+		// H.2.2.1 Same-scheme searching

+		// H.2.2.2 Known scheme searching

+		// H.2.2.3 "Blind" (unknown) scheme searching

+		Number tId = null;

+		Countries euTerritory = Countries.EU;

+		TSLImportContext topLevelTslContext = new TSLEUImportFromFileContext(

+			euTerritory, Configurator.get_euTSLURL(), Configurator.get_TSLWorkingDirectoryPath(), 

+			Configurator.is_sqlMultithreaded(), 

+			Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 

+			Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 

+			Configurator.is_nullRedundancies());

+

+		TSLEngineEU tslengineEU;

+		try {

+			tslengineEU = tslEngine.new TSLEngineEU();

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+		}

+

+		// establish EU TSL trust anchor

+		ListIterator<java.security.cert.X509Certificate> expectedEuTslSignerCerts =

+			tslEngine.loadCertificatesFromResource(

+			Configurator.get_euTrustAnchorsPath(), topLevelTslContext);

+

+		log.debug("Process EU TSL");

+		// process the EU TSL to receive the pointers to the other TSLs

+		// and the trust anchors for the TSL signers

+		Set<Entry<Number, LocationAndCertHash>> pointersToMsTSLs = null;

+		

+		try {

+			

+			tId = tslengineEU.processEUTSL(topLevelTslContext, expectedEuTslSignerCerts);

+			log.info("Process EU TSL finished");

+			

+			log.debug(Thread.currentThread() + " waiting for other threads ...");

+			

+			topLevelTslContext.waitForAllOtherThreads();

+			log.debug(Thread.currentThread()

+				+ " reactivated after other threads finished ...");

+

+

+			// get the TSLs pointed from the EU TSL

+			LinkedHashMap<Number, LocationAndCertHash> tslMap = tslengineEU

+				.getOtherTslMap(tId, topLevelTslContext);

+

+			pointersToMsTSLs = tslMap.entrySet();

+			

+			//set Errors and Warrnings

+			

+		} catch (TSLEngineFatalRuntimeException e) {

+			throw new TSLEngineDiedException(topLevelTslContext.dumpFatals());

+			

+		} catch (TSLTransactionFailedRuntimeException e) {

+			throw new TSLEngineDiedException(topLevelTslContext.dumpTransactionFaliures());

+		}

+

+		//Backup implementation if the EU TSL includes a false signer certificate 

+		// establish additional trust anchors for member states

+//			Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {

+//				Countries.CZ,

+//				Countries.LU,

+//				Countries.ES,

+//				Countries.AT,

+//			};

+		Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {};

+

+		Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>

+			trustAnchorsWrongOnEuTsl = loadCertificatesFromResource(

+					Configurator.get_msTrustAnchorsPath(), tslEngine, topLevelTslContext,

+					countriesWithPotentiallyWrongCertsOnEuTsl);

+

+		log.info("Starting EU member TSL import.");

+		

+		for (Entry<Number, LocationAndCertHash> entry : pointersToMsTSLs) {

+

+			TSLImportContext msTslContext;

+			

+			Countries expectedTerritory = entry.getValue().getSchemeTerritory();

+			try {

+				

+//				if (expectedTerritory.equals("RO"))

+//					System.out.println("Stop");

+				

+				Number otpId = entry.getKey();

+				LocationAndCertHash lac = entry.getValue();

+

+				URL uriReference = null;

+				try {

+					uriReference = new URL(lac.getUrl());

+					

+				} catch (MalformedURLException e) {

+					log.warn("Could not process: " + uriReference, e);

+					continue;

+				}

+

+				String baseURI = uriReference == null ? "" : "" + uriReference;

+

+				msTslContext = new TSLImportFromFileContext(

+					expectedTerritory, uriReference, otpId, Configurator.get_TSLWorkingDirectoryPath(),

+					Configurator.is_sqlMultithreaded(),

+					Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 

+					Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 

+					Configurator.is_nullRedundancies(), baseURI, trustAnchorsWrongOnEuTsl, 

+					topLevelTslContext);

+

+				ListIterator<X509Certificate> expectedTslSignerCerts = null;

+				expectedTslSignerCerts = tslEngine.getCertificates(lac, msTslContext);

+

+				if (expectedTslSignerCerts == null) {

+					

+					// no signer certificate on the EU TSL

+					// ignore this msTSL and log a warning

+					log.warn("NO signer certificate found on EU TSL! " 

+							+ lac.getSchemeTerritory() + "TSL ignored.");

+					

+				}

+				else {

+					tslEngine.processMSTSL(topLevelTslContext, msTslContext, expectedTslSignerCerts);

+				}

+				

+			} catch (TSLExceptionB e) {

+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory() 

+						+ " TSL ignored.");

+				log.debug("Failed to process TSL. " + entry, e);

+				continue;

+			} catch (TSLRuntimeException e) {

+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()

+						+ " TSL ignored.");

+				log.debug("Failed to process TSL. " + entry, e);

+				continue;

+			}				

+		}

+				

+		log.debug(Thread.currentThread() + " waiting for other threads ...");

+		topLevelTslContext.waitForAllOtherThreads();

+

+		log.debug(_15.dumpAllThreads());

+		log.debug(Thread.currentThread() + " reactivated after other threads finished ...");

+		

+		connection = null;

+		try {

+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);				

+			tslEngine.recreateTablesInvalidatedByImport(connection);

+			

+			

+			//TODO: implement database copy operation!

+			File working_database = new File(Configurator.get_dbFile());

+			working_database.delete();

+			copy(dbFile, working_database);

+

+			

+		} catch (TSLEngineFatalException e) {

+			throw new TSLEngineDiedException(e);

+			

+		} finally {

+			try {

+				connection.closeConnection();

+				

+			} catch (TSLEngineFatalException e) {

+				throw new TSLEngineDiedException(e);

+				

+			}

+		}

+		

+		return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);

+	}

+

+	public void updateTSLs(Date dateTime,

+			String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+

+		String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";

+		

+//		String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");

+//		System.out.println("hashcachedir: " + hashcachedir);

+//		if (hashcachedir==null)

+//			hashcachedir = DEFAULT_HASHCACHE_DIR;

+

+//		File hashcachefile = new File(hashcachedir);

+//		File[] filelist = hashcachefile.listFiles();

+//		if (filelist != null) {

+//			for (File f : filelist)

+//				f.delete();

+//		}

+	

+		File tsldownloadfile = new File(tsldownloaddir);

+		if (!tsldownloadfile.exists()) {

+			tsldownloadfile.mkdir();

+		}

+		File[] tslfilelist = tsldownloadfile.listFiles();

+		if (tslfilelist != null) {

+			for (File f : tslfilelist)

+				f.delete();

+		}

+		

+		//create sqlLite database

+		File dbFile = new File(Configurator.get_TempdbFile());

+		try {

+			dbFile.delete();

+			dbFile.createNewFile();

+		} catch (IOException e) {

+			throw new TSLEngineDiedException("Could not create temporary data base file", e);

+		}

+		

+		//the TSL library uses the iaik.util.logging environment.

+		//iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.WARN);

+		iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.OFF);

+		

+		log.info("Starting EU TSL import.");

+

+		// Certificates in Germany, Estonia, Greece, Cyprus,

+		// Lithuainia, Hungary, Poland, Finland, Norway use SURNAME

+		log.debug("### SURNAME registered as " + ObjectID.surName + " ###");

+		RFC2253NameParser.register("SURNAME", ObjectID.surName);

+

+		XSecProvider.addAsProvider(false);

+

+		TSLEngine tslEngine;

+		TslSqlConnectionWrapper connection = null;

+

+		try {

+			// register the Https JSSE Wrapper

+			TLS.register();

+			log.trace("### Https JSSE Wrapper registered ###");

+			

+

+			log.debug("### Connect to Database.###");

+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);

+

+			log.trace("### Connected ###");

+

+			// empty the database and recreate the tables

+			tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(), 

+					connection, true, true);

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+			

+		}

+

+		// H.2.2.1 Same-scheme searching

+		// H.2.2.2 Known scheme searching

+		// H.2.2.3 "Blind" (unknown) scheme searching

+		Number tId = null;

+		Countries euTerritory = Countries.EU;

+		TSLImportContext topLevelTslContext = new TSLEUImportFromFileContext(

+			euTerritory, Configurator.get_euTSLURL(), Configurator.get_TSLWorkingDirectoryPath(), 

+			Configurator.is_sqlMultithreaded(), 

+			Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 

+			Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 

+			Configurator.is_nullRedundancies());

+

+		TSLEngineEU tslengineEU;

+		try {

+			tslengineEU = tslEngine.new TSLEngineEU();

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+		}

+

+		// establish EU TSL trust anchor

+		ListIterator<java.security.cert.X509Certificate> expectedEuTslSignerCerts =

+			tslEngine.loadCertificatesFromResource(

+			Configurator.get_euTrustAnchorsPath(), topLevelTslContext);

+

+		log.debug("Process EU TSL");

+		// process the EU TSL to receive the pointers to the other TSLs

+		// and the trust anchors for the TSL signers

+		Set<Entry<Number, LocationAndCertHash>> pointersToMsTSLs = null;

+		

+		try {

+			

+			tId = tslengineEU.processEUTSL(topLevelTslContext, expectedEuTslSignerCerts);

+			log.info("Process EU TSL finished");

+			

+			log.debug(Thread.currentThread() + " waiting for other threads ...");

+			

+			topLevelTslContext.waitForAllOtherThreads();

+			log.debug(Thread.currentThread()

+				+ " reactivated after other threads finished ...");

+

+

+			// get the TSLs pointed from the EU TSL

+			LinkedHashMap<Number, LocationAndCertHash> tslMap = tslengineEU

+				.getOtherTslMap(tId, topLevelTslContext);

+

+			pointersToMsTSLs = tslMap.entrySet();

+			

+			//set Errors and Warrnings

+			

+		} catch (TSLEngineFatalRuntimeException e) {

+			throw new TSLEngineDiedException(topLevelTslContext.dumpFatals());

+			

+		} catch (TSLTransactionFailedRuntimeException e) {

+			throw new TSLEngineDiedException(topLevelTslContext.dumpTransactionFaliures());

+		}

+

+		//Backup implementation if the EU TSL includes a false signer certificate 

+		// establish additional trust anchors for member states

+//			Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {

+//				Countries.CZ,

+//				Countries.LU,

+//				Countries.ES,

+//				Countries.AT,

+//			};

+		Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {};

+

+		Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>

+			trustAnchorsWrongOnEuTsl = loadCertificatesFromResource(

+					Configurator.get_msTrustAnchorsPath(), tslEngine, topLevelTslContext,

+					countriesWithPotentiallyWrongCertsOnEuTsl);

+

+		log.info("Starting EU member TSL import.");

+		

+		for (Entry<Number, LocationAndCertHash> entry : pointersToMsTSLs) {

+

+			TSLImportContext msTslContext;

+			

+			Countries expectedTerritory = entry.getValue().getSchemeTerritory();

+			try {

+				

+//				if (expectedTerritory.equals("RO"))

+//					System.out.println("Stop");

+				

+				Number otpId = entry.getKey();

+				LocationAndCertHash lac = entry.getValue();

+

+				URL uriReference = null;

+				try {

+					uriReference = new URL(lac.getUrl());

+					

+				} catch (MalformedURLException e) {

+					log.warn("Could not process: " + uriReference, e);

+					continue;

+				}

+

+				String baseURI = uriReference == null ? "" : "" + uriReference;

+

+				msTslContext = new TSLImportFromFileContext(

+					expectedTerritory, uriReference, otpId, Configurator.get_TSLWorkingDirectoryPath(),

+					Configurator.is_sqlMultithreaded(),

+					Configurator.is_throwExceptions(), Configurator.is_logExceptions(), 

+					Configurator.is_throwWarnings(), Configurator.is_logWarnings(), 

+					Configurator.is_nullRedundancies(), baseURI, trustAnchorsWrongOnEuTsl, 

+					topLevelTslContext);

+

+				ListIterator<X509Certificate> expectedTslSignerCerts = null;

+				expectedTslSignerCerts = tslEngine.getCertificates(lac, msTslContext);

+

+				if (expectedTslSignerCerts == null) {

+					

+					// no signer certificate on the EU TSL

+					// ignore this msTSL and log a warning

+					log.warn("NO signer certificate found on EU TSL! " 

+							+ lac.getSchemeTerritory() + "TSL ignored.");

+					

+				}

+				else {

+					tslEngine.processMSTSL(topLevelTslContext, msTslContext, expectedTslSignerCerts);

+				}

+				

+			} catch (TSLExceptionB e) {

+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory() 

+						+ " TSL ignored.");

+				log.debug("Failed to process TSL. " + entry, e);

+				continue;

+			} catch (TSLRuntimeException e) {

+				log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()

+						+ " TSL ignored.");

+				log.debug("Failed to process TSL. " + entry, e);

+				continue;

+			}				

+		}

+				

+		log.debug(Thread.currentThread() + " waiting for other threads ...");

+		topLevelTslContext.waitForAllOtherThreads();

+

+		log.debug(_15.dumpAllThreads());

+		log.debug(Thread.currentThread() + " reactivated after other threads finished ...");

+		

+		connection = null;

+		try {

+			connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);				

+			tslEngine.recreateTablesInvalidatedByImport(connection);

+			

+			

+			//TODO: implement database copy operation!

+			File working_database = new File(Configurator.get_dbFile());

+			working_database.delete();

+			copy(dbFile, working_database);

+

+			

+		} catch (TSLEngineFatalException e) {

+			throw new TSLEngineDiedException(e);

+			

+		} finally {

+			try {

+				connection.closeConnection();

+				

+			} catch (TSLEngineFatalException e) {

+				throw new TSLEngineDiedException(e);

+				

+			}

+		}

+		

+		//return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);

+	}

+

+	public ArrayList<File> getQualifiedCACertificates(Date dateTime,

+			String[] serviceLevelStatus) throws TSLEngineDiedException,

+			TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		return getQualifiedCACertificates(dateTime, null, serviceLevelStatus);

+	}

+

+	public ArrayList<File> getQualifiedCACertificates(Date dateTime,

+			String[] countries, String[] serviceLevelStatus)

+			throws TSLEngineDiedException, TSLSearchException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		//TODO: database

+		File dbFile = new File(Configurator.get_TempdbFile());

+		//File dbFile = new File(Configurator.get_dbFile());

+		if(!dbFile.exists())

+			throw new TSLEngineDiedException("Could not open data base file");

+

+		log.debug("### Connect to Database ###");		

+		TslSqlConnectionWrapper readConnection = null;

+		

+		try {

+			readConnection = DbTables.connectToDatabaBase(dbFile, MODE.READ_ONLY);

+			

+			TSLEngine tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(), 

+					readConnection, false, false);

+			

+			log.debug("### Connected ###");

+			//TODO: maybe add "TSA/QTST for qualified timestamps

+			 try {

+				 TSLCertsExporter certsExporter;

+				 certsExporter = tslEngine.createCertsExporter(

+						 readConnection,

+						 countries, 

+						 new String[]{_STYPETEMPLATE_CAQC},

+						 serviceLevelStatus

+						 );

+			 				

+				return certsExporter.exportAsArray(dateTime, null);

+				 

+			 } catch (TSLEngineFatalException e) {

+				 e.printStackTrace();

+				 _l.err("could not export Certs", e);

+				 throw new TSLEngineDiedException(e);

+			 }

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+			

+		} finally {

+			try {

+				readConnection.closeConnection();

+				

+			} catch (TSLEngineFatalException e) {

+				throw new TSLEngineDiedException(e);

+			}

+		}	

+	}

+	

+	public boolean checkQC(java.security.cert.X509Certificate[] chain) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		return checkQC(chain, 1);

+	}

+	

+	public boolean checkSSCD(java.security.cert.X509Certificate[] chain) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		return checkSSCD(chain, 1);

+	}

+	

+	public boolean checkQC(java.security.cert.X509Certificate[] chain, int cnt) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+			if (Configurator.is_isInitialised() == false)

+				new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+			LinkedHashMap<X509Certificate, TSLResult> tslResultC = checkchain(chain, cnt);

+

+			//get first result

+			java.util.Map.Entry<java.security.cert.X509Certificate, TSLResult> resultmap = tslResultC.entrySet().iterator().next();

+			TSLResult tslresult = tslResultC.entrySet().iterator().next().getValue();

+			

+			

+			

+			if (tslresult == null) {

+				log.info("Certificate: " + resultmap.getKey().getSubjectDN()

+						+ " not on the TSL");

+				throw new TSLSearchException("Certificate: " + resultmap.getKey().getSubjectDN() 

+						+ " not on the TSL");

+			}

+			

+			if (tslresult instanceof TSLResultEndEntity) {

+				TSLResultEndEntity ree = (TSLResultEndEntity) tslresult;

+				

+				

+				String sType = (String) ree.get(Service.C.sType);

+				

+				log.info("Cert: " +  resultmap.getKey().getSubjectDN() + " sType=" + sType);

+				

+				//TODO: maybe add "TSA/QTST for qualified timestamps

+				if (sType.equals(_STYPETEMPLATE_CAQC))

+					return true;

+				else

+					return false;

+			}

+			

+			else if (tslresult instanceof TSLResultImpl) {

+				

+				//TODO: Certificate is not of Type EndEntity (equal to QCSSCD check)

+				// Is FALSE the correct answer?

+				return false;

+			}

+			

+			throw new TSLEngineDiedException("TSL Result has an unknown Class type");

+	}

+

+	public boolean checkSSCD(java.security.cert.X509Certificate[] chain, int cnt) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+		if (Configurator.is_isInitialised() == false)

+			new TSLEngineFatalException("The TSL Engine is not initialized!");

+		

+		LinkedHashMap<X509Certificate, TSLResult> tslResultC = checkchain(chain, cnt);

+		

+		//get first result

+		java.util.Map.Entry<java.security.cert.X509Certificate, TSLResult> resultmap = tslResultC.entrySet().iterator().next();

+		TSLResult tslresult = tslResultC.entrySet().iterator().next().getValue();

+		

+		if (tslresult == null) {

+			log.info("Certificate: " + resultmap.getKey().getSubjectDN() + " not on the TSL");

+			throw new TSLSearchException("Certificate: " + resultmap.getKey().getSubjectDN() 

+					+ " not on the TSL");

+		}

+		

+		if (tslresult instanceof TSLResultEndEntity) {

+			TSLResultEndEntity ree = (TSLResultEndEntity) tslresult;

+			

+			List<QualifierType> qualifier = ree.getQualifierList();

+			

+			Iterator<QualifierType> qualifierlist = qualifier.iterator();

+			

+			String uri = "";

+		

+			while (qualifierlist.hasNext()) {

+				uri = qualifierlist.next().getUri();

+				

+				log.debug("Cert: " +  resultmap.getKey().getSubjectDN() + " SSCD=" + uri);

+				

+				if (uri.contains(_QCSSCDURI)) {

+					return true;

+				}

+				else {

+					return false;

+				}				

+			}	

+			return false;

+		}

+		

+		else if (tslresult instanceof TSLResultImpl) {

+			

+			//TODO: Certificate is not of Type EndEntity (equal to QC check)

+			// Is FALSE the correct answer?

+			return false;

+		}

+		

+		throw new TSLEngineDiedException("TSL Result has an unknown Class type");

+	}

+	

+

+	

+	private LinkedHashMap<java.security.cert.X509Certificate, TSLResult> checkchain(java.security.cert.X509Certificate[] chain, int cnt) 

+			throws TSLSearchException, TSLEngineDiedException {

+		

+		File dbFile = new File(Configurator.get_dbFile());

+		if(!dbFile.exists())

+			throw new TSLEngineDiedException("Could not open data base file");

+

+		try {

+

+			log.debug("### Connect to Database ###");

+			TslSqlConnectionWrapper readConnection;

+			readConnection = DbTables.connectToDatabaBase(dbFile, MODE.READ_ONLY);

+			log.debug("### Connected ###");

+			

+			TSLEngine tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(),

+					readConnection, false, false);

+						

+			XSecProvider.addAsProvider(false);

+			log.debug("### XSECT registered ###");

+			// register the additional IAIK ECC provider

+			Security.addProvider(EccProviderAdapter.getEccProvider());

+			log.debug("### ECC registered ###");

+			

+			

+			TSLEvaluationContext context = new TSLEvaluationContext(

+					  Configurator.get_TSLWorkingDirectoryPath(),

+					  Configurator.is_sqlMultithreaded(),

+					  Configurator.is_throwExceptions(),

+					  Configurator.is_logExceptions(),

+					  Configurator.is_throwWarnings(),

+					  Configurator.is_logWarnings());

+								

+			TSLCertEvaluator tslCertEvaluator = tslEngine.createEvaluator(context,

+					readConnection);

+			

+			Date signingTime = new Date();

+			

+			// has to be later or equal

+			Date now = new Date();

+

+			LinkedHashMap<java.security.cert.X509Certificate, TSLResult> tslResultC = tslCertEvaluator

+				.evaluate(TSLCertEvaluator.CHAIN_MODEL, chain, signingTime, now, context);

+		

+			return tslResultC;

+			

+		} catch (TSLEngineFatalException e1) {

+			throw new TSLEngineDiedException(e1);

+		}

+		

+		

+	}

+	

+	private static Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>> loadCertificatesFromResource(

+			final String msTrustAnchorsPath, TSLEngine tslEngine,

+			TSLImportContext topLevelTslContext, Countries[] countriesWithNoCertsOnEuTsl)

+			throws TSLEngineDiedException {

+			Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>> trustAnchorsMissingOnEuTsl;

+			trustAnchorsMissingOnEuTsl =

+			  	new HashMap<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>(

+			  		countriesWithNoCertsOnEuTsl.length);

+

+			for (int i = 0; i < countriesWithNoCertsOnEuTsl.length; i++) {

+				Countries country = countriesWithNoCertsOnEuTsl[i];

+

+				final String mspath = msTrustAnchorsPath + country + "/";

+

+				ListIterator<java.security.cert.X509Certificate> msCerts =

+					tslEngine.loadCertificatesFromResource(mspath, topLevelTslContext);

+

+				trustAnchorsMissingOnEuTsl.put(country, msCerts);

+			}

+			return trustAnchorsMissingOnEuTsl;

+		}

+	

+	

+	private void copy(File source, File destination) throws TSLEngineDiedException {

+		try {

+			FileInputStream fileInputStream = new FileInputStream(source);

+			FileOutputStream fileOutputStream = new FileOutputStream(destination);

+			FileChannel inputChannel = fileInputStream.getChannel();

+			FileChannel outputChannel = fileOutputStream.getChannel();

+			

+			transfer(inputChannel, outputChannel, source.length(), false);

+			

+			fileInputStream.close();

+			fileOutputStream.close();

+		

+			destination.setLastModified(source.lastModified());

+		} catch (Exception e) {

+			

+			throw new TSLEngineDiedException("Error during TSL database copy operation!.");

+		}

+	}

+	

+	private void transfer(FileChannel fileChannel, ByteChannel byteChannel, long lengthInBytes, boolean verbose)

+		throws IOException {

+		

+		long overallBytesTransfered = 0L;

+		long time = -System.currentTimeMillis();

+		

+		while (overallBytesTransfered < lengthInBytes) {

+			long bytesTransfered = 0L;

+			bytesTransfered = fileChannel.transferTo(overallBytesTransfered, Math.min(1024 * 1024, lengthInBytes - overallBytesTransfered), byteChannel);

+			overallBytesTransfered += bytesTransfered;

+			if (verbose) {

+					System.out.println("overall bytes transfered: " + overallBytesTransfered + " progress " + (Math.round(overallBytesTransfered / ((double) lengthInBytes) * 100.0)) + "%");

+			}

+		}

+		time += System.currentTimeMillis();

+		

+		if (verbose) {

+			System.out.println("Transfered: " + overallBytesTransfered + " bytes in: " + (time / 1000) + " s -> " + (overallBytesTransfered / 1024.0) / (time / 1000.0) + " kbytes/s");

+		}

+	}

+	

+	

+//	/**

+//	 * @param tslResultC

+//	 * @param context

+//	 */

+//	private static void printResultDetails(

+//		LinkedHashMap<java.security.cert.X509Certificate, TSLResult> tslResultC, TSLContext context) {

+//

+//		for (java.util.Map.Entry<java.security.cert.X509Certificate, TSLResult> e : tslResultC

+//			.entrySet()) {

+//

+//			TSLResult r = e.getValue();

+//

+//			if (r == null) {

+//				log.info("Certificate: " + e.getKey().getSubjectDN()

+//					+ " not on the TSL");

+//				continue;

+//			}

+//

+//			if (r instanceof TSLResultEndEntity) {

+//				TSLResultEndEntity ree = (TSLResultEndEntity) r;

+//

+//				String status = (String) ree.get(Service.C.status);

+//

+//				Date startDate = context.getDate(ree.get(Service.C.startDate));

+//				Long endDateL = (Long) ree.get(ServiceView.C.endDate);

+//				Date endDate = endDateL == null ? null : new Date(endDateL);

+//

+//				String sType = (String) ree.get(Service.C.sType);

+//

+//				List<QualifierType> tslQual = ree.getQualifierList();

+//

+//				StringBuilder qualList = new StringBuilder("");

+//				if (!tslQual.isEmpty()) {

+//					qualList.append("\n~~~~~~~~~~~~ TSL-Qualifiers ~~~~~~~~~~~~\n");

+//					for (QualifierType qual : tslQual) {

+//						qualList.append(qual.getUri() + "\n");

+//					}

+//					qualList.append("~~~~~~~~~~~~~~~~~  End  ~~~~~~~~~~~~~~~~\n");

+//				}

+//

+//				log.info("############### EndEntity ###############\n"

+//					+ _.printCertificate(e.getKey()) + qualList + "\nServiceProvider: "

+//					+ ree.getSerivceProvider().getSubjectDN() + "\n" + Service.C.sType

+//					+ ": " + sType + "\n" + Service.C.status + ": " + status + "\n"

+//					+ Service.C.startDate + ": " + startDate + "\n"

+//					+ ServiceView.C.endDate + ": " + endDate);

+//				log.info("############ ServiceProvider ############\n"

+//					+ _.printCertificate(ree.getSerivceProvider()));

+//				log.info("#################  END  #################");

+//

+//				continue;

+//			}

+//

+//			if (r instanceof TSLResultImpl) {

+//				TSLResultImpl ri = (TSLResultImpl) r;

+//				log.info("----------------- BEGIN -----------------\n"

+//					+ "Certificate: " + e.getKey().getSubjectDN() + "\n" + ri.toString());

+//

+//				int i = 1;

+//				for (Iterator iter = ri.getRows().iterator(); iter.hasNext();) {

+//					Row row = (Row) iter.next();

+//					// TSPServiceInformationType sInfo =

+//					// ((JAXBElement<TSPServiceInformationType>)

+//					// row.s_.get(Service.C.sInfo)).getValue();

+//					String status = (String) row.s_.get(Service.C.status);

+//

+//					Date startDate = context.getDate(row.s_.get(Service.C.startDate));

+//

+//					Date endDate = context.getDate(row.s_.get(ServiceView.C.endDate));

+//

+//					String sType = (String) row.s_.get(Service.C.sType);

+//

+//					log.info("-----------------  (" + (i++) + ")  -----------------\n"

+//						+ Service.C.sType + ": " + sType + " " + Service.C.status + ": "

+//						+ status + "\n" + Service.C.startDate + ": " + startDate + "\n"

+//						+ ServiceView.C.endDate + ": " + endDate + "\n" + row.s_);

+//					

+//					row.s_.get(Service.C.sExt);

+//				}

+//				log.info("-----------------  END  -----------------");

+//			}

+//		}

+//	}

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnectorInterface.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnectorInterface.java
new file mode 100644
index 0000000..4992f75
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnectorInterface.java
@@ -0,0 +1,95 @@
+package at.gv.egovernment.moa.spss.tsl.connector;

+

+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;

+import iaik.xml.crypto.tsl.ex.TSLSearchException;

+

+import java.io.File;

+import java.util.ArrayList;

+import java.util.Date;

+

+import java.security.cert.X509Certificate;

+

+public interface TSLConnectorInterface {

+	

+	/**

+	 * Initial the MOA TSL Connector.<br>

+	 * <b>The hashcache directory must be set via "System-Property "iaik.xml.crypto.tsl.BinaryHashCache.DIR"!!!</b>

+	 * 

+	 * @author TLenz

+	 * @param euTSLURL - URL to TrustList

+	 * @param TSLWorkingDirectoryPath - Path to a folder which should be used by the TSL engine. (/A/B/.../)

+	 * @param jdbcURL - ...

+	 * @param jdbcDriverClass - ...

+	 */

+	void initialize(String euTSLURL, String TSLWorkingDirectoryPath, String jdbcURL, String jdbcDriverClass) throws TSLEngineDiedException;

+	

+	

+	/**

+	 * Perform an update of all certificates which are on EU TSL and all MS TSLs and create an locale TSL database. 

+	 * The old locale TSL database is removed and a new database is created.   

+	 * 

+	 * @author TLenz

+	 * @param dateTime - ...

+	 * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}

+	 * @return List of certificates with the selected properties

+	 */

+	ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime, String[] serviceLevelStatus) 

+			throws TSLEngineDiedException, TSLSearchException ;

+	

+	/**

+	 * Perform an update of all certificates which are on EU TSL and all MS TSLs and create an locale TSL database. 

+	 * The old locale TSL database is removed and a new database is created. 

+	 * 

+	 * @author TLenz

+	 * @param dateTime - ...

+	 * @param countries - String Array of country codes. For example new Sting[]{"AT","IT","BE"}

+	 * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}

+	 * @return List of certificates with the selected properties

+	 */

+	ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime, String[] countries, String[] serviceLevelStatus) 

+			throws TSLEngineDiedException, TSLSearchException ;

+	

+	/**

+	 * Check the http://uri.etis.org/TrstSvc/Svctype/CA/QC characteristic of a certificate by using the TSL information.

+	 * This method uses information from the local TSL database. 

+	 * 

+	 * @author TLenz

+	 * @param certificate - An X509 certificate.

+	 * @return Return true, if the certificate comprises the http://uri.etis.org/TrstSvc/Svctype/CA/QC characteristic.

+	 */

+	boolean checkQC(X509Certificate[] certificate) throws TSLSearchException, TSLEngineDiedException;

+	

+	/**

+	 * Check the http://uri.etis.org/TrstSvc/eSigDir-1999-93-ECTrustedList/SvcInfoExt/QCWithSSCD characteristic of a certificate by using the TSL information.

+	 * This method uses information from the local TSL database.

+	 * 

+	 * @author TLenz

+	 * @param certificate - An X509 certificate.

+	 * @return Return true, if the certificate comprises the http://uri.etis.org/TrstSvc/eSigDir-1999-93-ECTrustedList/SvcInfoExt/QCWithSSCD characteristic.

+	 */

+	boolean checkSSCD(X509Certificate[] certificate) throws TSLSearchException, TSLEngineDiedException;

+	

+	/**

+	 * Get a list of certificates form the local TSL database with the selected properties. 

+	 * 

+	 * @author TLenz

+	 * @param dateTime - ...

+	 * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}

+	 * @return List of certificates with the selected properties

+	 */

+	ArrayList<File> getQualifiedCACertificates(Date dateTime, String[] serviceLevelStatus) 

+			throws TSLEngineDiedException, TSLSearchException;

+	

+	/**

+	 * Get a list of certificates form the local TSL database with the selected properties.

+	 * 

+	 * @author TLenz

+	 * @param dateTime - ...

+	 * @param countries - String Array of countrie codes. For example new Sting[]{"AT","IT","BE"}

+	 * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}

+	 * @return List of certificates with the selected properties

+	 */

+	ArrayList<File> getQualifiedCACertificates(Date dateTime, String[] countries, String[] serviceLevelStatus) 

+			throws TSLEngineDiedException, TSLSearchException; 

+	

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/exception/MitigatedTSLSecurityException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/exception/MitigatedTSLSecurityException.java
new file mode 100644
index 0000000..d580405
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/exception/MitigatedTSLSecurityException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.spss.tsl.exception;

+

+import iaik.xml.crypto.tsl.ex.TSLSecurityException;

+

+import org.xml.sax.Locator;

+

+public final class MitigatedTSLSecurityException extends

+	TSLSecurityException {

+	/**

+	 * 

+	 */

+	private static final long serialVersionUID = 1L;

+

+	public MitigatedTSLSecurityException(Type t, Locator l) {

+		super(t, l);

+	}

+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
new file mode 100644
index 0000000..e06abe4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -0,0 +1,212 @@
+package at.gv.egovernment.moa.spss.tsl.timer;

+

+import iaik.pki.store.certstore.CertStoreException;

+import iaik.pki.store.certstore.CertStoreParameters;

+import iaik.pki.store.truststore.TrustStoreException;

+import iaik.pki.store.truststore.TrustStoreProfile;

+import iaik.pki.store.utils.StoreUpdater;

+import iaik.server.ConfigurationData;

+import iaik.x509.X509Certificate;

+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;

+import iaik.xml.crypto.tsl.ex.TSLSearchException;

+

+import java.io.File;

+import java.io.FileInputStream;

+import java.io.FileNotFoundException;

+import java.io.IOException;

+import java.security.cert.CertificateException;

+import java.util.ArrayList;

+import java.util.Date;

+import java.util.Iterator;

+import java.util.Map;

+import java.util.TimerTask;

+

+import at.gv.egovernment.moa.logging.LogMsg;

+import at.gv.egovernment.moa.logging.Logger;

+import at.gv.egovernment.moa.spss.MOAApplicationException;

+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;

+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;

+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;

+import at.gv.egovernment.moa.spss.server.config.TrustProfile;

+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;

+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;

+import at.gv.egovernment.moa.spss.server.logging.TransactionId;

+import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;

+import at.gv.egovernment.moa.spss.util.MessageProvider;

+import at.gv.egovernment.moa.util.StringUtils;

+

+

+public class TSLUpdaterTimerTask extends TimerTask {

+	

+	public static TSLConnector tslconnector_;

+	

+	public static ConfigurationData configData_ = null;

+

+	@Override

+	public void run() {

+		

+		try {

+			Logger.info("Start TSL Update");

+			update();

+			Logger.info("Finished TSL Update");

+		} catch (TSLEngineDiedException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (TSLSearchException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (ConfigurationException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (MOAApplicationException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (CertStoreException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (TrustStoreException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		}  catch (FileNotFoundException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (IOException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		} catch (CertificateException e) {

+			MessageProvider msg = MessageProvider.getInstance();

+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

+		}

+

+	}

+	

+	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, IOException {

+		MessageProvider msg = MessageProvider.getInstance();

+		

+		//TrustProfile tp = null;

+		TrustStoreProfile tsp = null;

+		StoreUpdater storeUpdater = null;

+		TransactionId tid = null;

+		

+			//get TSl configuration

+			ConfigurationProvider config = ConfigurationProvider.getInstance();

+			if (configData_ == null)

+				configData_ = new IaikConfigurator().configure(config);

+			

+			TSLConfiguration tslconfig = config.getTSLConfiguration();

+			if (tslconfig != null) {

+				

+				tslconnector_.updateTSLs(new Date(), new String[]{"accredited","undersupervision"});

+				

+				Logger.info(new LogMsg(msg.getMessage("config.42", null)));

+				

+				// get certstore parameters

+				CertStoreParameters[] certStoreParameters = configData_.getPKIConfiguration().getCertStoreConfiguration().getParameters();

+					

+				// iterate over all truststores

+				Map mapTrustProfiles = config.getTrustProfiles();

+				Iterator it = mapTrustProfiles.entrySet().iterator();

+				while (it.hasNext()) {

+					Map.Entry pairs = (Map.Entry)it.next();

+					TrustProfile tp = (TrustProfile) pairs.getValue();

+					if (tp.isTSLEnabled()) {

+						tsp = new TrustStoreProfileImpl(config, tp.getId());

+						TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];

+						trustStoreProfiles[0] = tsp;

+						

+						Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));

+			         

+						tid = new TransactionId("TSLConfigurator-" + tp.getId());

+						ArrayList tsl_certs = null;

+						if (StringUtils.isEmpty(tp.getCountries())) {

+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));

+	

+							// get certificates from TSL from all countries

+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});

+						}

+						else {

+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));

+							// get selected countries as array

+							String countries = tp.getCountries();

+							String[] array = countries.split(",");

+							for (int i = 0; i < array.length; i++)

+								array[i] = array[i].trim();

+			                	  

+							// get certificates from TSL from given countries

+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});

+						}

+						

+						// create store updater for each TSL enabled truststore 

+						Logger.debug(new LogMsg(msg.getMessage("config.45", null)));

+						storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);

+						

+						// delete files in trustprofile

+						

+						File ftp = new File(tp.getUri());

+						File[] files = ftp.listFiles();

+						X509Certificate[] removeCertificates = new X509Certificate[files.length];

+						int i = 0;

+						for (File file : files) {

+							FileInputStream fis = new FileInputStream(file);

+							removeCertificates[i] = new X509Certificate(fis);

+							i++;

+							fis.close();

+								//file.delete();

+						}

+						

+						// remove all certificates

+						storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);

+						storeUpdater.removeCertificatesFromCertStores(removeCertificates, tid);

+						

+						

+						// copy files from original trustAnchorsLocURI into tslworking trust profile

+				    	File src = new File(tp.getUriOrig());

+				    	files = src.listFiles();

+				    	X509Certificate[] addCertificates = new X509Certificate[files.length];

+				    	i = 0;

+				        for (File file : files) {

+				        	FileInputStream fis = new FileInputStream(file);

+				        	addCertificates[i] = new X509Certificate(fis);

+				        	//FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));

+				        	i++;

+				        	fis.close();

+				        }

+						

+				        // convert ArrayList<File> to X509Certificate[]						

+				        if (tsl_certs == null) {

+				        	Logger.warn("No certificates from TSL imported.");

+				        	//throw new TSLSearchException("No certificates from TSL imported.");

+				        }

+				        else {

+				        

+				        	X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];

+				        	Iterator itcert = tsl_certs.iterator();

+				        	i = 0;

+				        	File f = null;

+				        	while(itcert.hasNext()) {

+				        		f = (File)itcert.next();

+				        		FileInputStream fis = new FileInputStream(f);

+				        		X509Certificate cert = new X509Certificate(fis);

+				        		addCertificatesTSL[i] = cert;

+								

+				        		i++;

+				        		fis.close();

+				        	}

+						  

+				        	Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));

+				        	storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);

+				        	storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);

+						

+				        	Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));

+				        	storeUpdater.addCertificatesToTrustStores(addCertificates, tid);

+				        	storeUpdater.addCertificatesToCertStores(addCertificates, tid);

+				        }			            

+					}

+				}

+			}

+		

+

+		

+	}

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/CertificateReader.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/CertificateReader.java
new file mode 100644
index 0000000..763382a
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/CertificateReader.java
@@ -0,0 +1,155 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+import iaik.pkcs.PKCS7CertList;

+import iaik.pkcs.PKCSParsingException;

+import iaik.security.provider.IAIK;

+import iaik.utils.Util;

+import iaik.x509.X509Certificate;

+import iaik.xml.crypto.EccProviderAdapter;

+

+import java.io.BufferedInputStream;

+import java.io.File;

+import java.io.FileFilter;

+import java.io.FileInputStream;

+import java.io.FileNotFoundException;

+import java.io.IOException;

+import java.security.Security;

+import java.security.cert.CertificateException;

+import java.util.Arrays;

+import java.util.Iterator;

+import java.util.List;

+

+// Copyright (C) 2011 IAIK

+// http://jce.iaik.at

+//

+// Copyright (C) 2011 Stiftung Secure Information and

+// Communication Technologies SIC

+// http://www.sic.st

+//

+// All rights reserved.

+//

+// This source is provided for inspection purposes and recompilation only,

+// unless specified differently in a contract with IAIK. This source has to

+// be kept in strict confidence and must not be disclosed to any third party

+// under any circumstances. Redistribution in source and binary forms, with

+// or without modification, are <not> permitted in any case!

+//

+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

+// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

+// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

+// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

+// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

+// SUCH DAMAGE.

+//

+//

+

+public class CertificateReader {

+

+    /**

+     * Filter for reading certificate files from a directory.

+     * The filter accepts a file if its name ends with

+     * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot;

+     * or &quot;.pem&quot;.

+     *

+     * @author Harald Bratko

+     * @author Konrad Lanz

+     */

+    static class CertificateFileFilter implements FileFilter {

+

+      /**

+       * Accepts a file if it is not a directory and its name ends with

+       * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot; or &quot;.pem&quot;.

+       *

+       * @see java.io.FileFilter#accept(java.io.File)

+       */

+      public boolean accept(File file) {

+        String name = file.getName();

+        if (name.endsWith(".der") ||

+          name.endsWith(".cer") ||

+          name.endsWith(".crt") ||

+          name.endsWith(".pem"))

+        {

+          return true;

+        } else {

+          return false;

+        }

+      }

+    }

+

+

+

+    /**

+     * Reads the certificates from the given directory and

+     * returns the certificates as sorted list (end user certificate first).

+     * @param directory

+     * @return

+     * @throws IOException

+     * @throws FileNotFoundException

+     * @throws CertificateException

+     * @throws Exception

+     */

+    public static X509Certificate[] readCertificatesIntoArray(String directory) throws CertificateException, FileNotFoundException, IOException{

+      File file = new File(directory);

+      File[] certificateFiles = file.listFiles(new CertificateFileFilter());

+      int l = certificateFiles.length;

+      X509Certificate[] certs = new X509Certificate[l];

+      for (int i=0; i<certificateFiles.length; i++) {

+        X509Certificate certificate = new X509Certificate(new FileInputStream(certificateFiles[i]));

+        certs[i] = certificate;

+      }

+      return Util.arrangeCertificateChain(certs, false);

+    }

+

+    /**

+     * Reads the certificates from the given directory and

+     * returns the certificates as sorted list (end user certificate first).

+     * @param directory

+     * @return

+     * @throws IOException

+     * @throws FileNotFoundException

+     * @throws CertificateException

+     * @throws Exception

+     */

+    public static List<X509Certificate> readCertificates(String directory) throws CertificateException, FileNotFoundException, IOException{

+

+      return Arrays.asList(readCertificatesIntoArray(directory));

+    }

+

+    public static void main(String[] args) {

+      try {

+

+      	IAIK.addAsJDK14Provider();

+      	 //IAIK.addAsProvider();

+      	 //Security.addProvider(new IAIK());

+

+      	// install ECC provider

+      	Security.addProvider(EccProviderAdapter.getEccProvider());

+

+        String dir = "spec/examples/EU/AT/certs/on-tsl/chain/";

+        List l = readCertificates(dir);

+        Iterator<X509Certificate> it = l.iterator();

+        while (it.hasNext()) {

+          System.out.println(((X509Certificate)it.next()).getSubjectDN().getName());

+        }

+      } catch (Exception e) {

+        e.printStackTrace();

+        System.exit(1);

+      }

+

+    }

+

+		public static X509Certificate[] p7read(File path) throws PKCSParsingException, FileNotFoundException, IOException {

+    	PKCS7CertList p7certList = new PKCS7CertList(

+    		new BufferedInputStream(

+    			new FileInputStream(

+    				path

+    			)

+    		)

+    	);

+    	return p7certList.getCertificateList();

+		}

+  }
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/Mitigation.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/Mitigation.java
new file mode 100644
index 0000000..a1635b8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/Mitigation.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+

+public class Mitigation extends iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation {

+

+	String report_;

+

+	public Mitigation(String report) {

+		report_ = report;

+	}

+

+	@Override

+	public String getReport() {

+		return report_;

+	}

+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java
new file mode 100644
index 0000000..453ee2b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java
@@ -0,0 +1,140 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+

+import java.io.File;

+import java.io.IOException;

+import java.lang.reflect.Method;

+import java.net.URL;

+import java.sql.SQLException;

+import java.util.ArrayList;

+import java.util.List;

+

+import org.sqlite.SQLiteErrorCode;

+

+import iaik.util.logging.Log;

+import iaik.util.logging._l;

+import iaik.util.logging.Log.MultiThreadLoggingGroup;

+import iaik.xml.crypto.tsl.DbTables;

+import iaik.xml.crypto.tsl.TSLImportFromFileContext;

+import iaik.xml.crypto.tsl.TSLOpenURIException;

+import iaik.xml.crypto.tsl.constants.Countries;

+import iaik.xml.crypto.tsl.ex.TSLExceptionB;

+import iaik.xml.crypto.tsl.ex.ThrowableAndLocatorAndMitigation;

+import iaik.xml.crypto.tsl.ex.SeverityAspect.Severity;

+import iaik.xml.crypto.tsl.fetch.TopLevelTslFetchContext;

+

+public class TSLEUImportFromFileContext extends TopLevelTslFetchContext {

+

+	public TSLEUImportFromFileContext(

+			Countries euTerritory,

+			URL euTslURL,

+			String workingdirectory,

+			boolean sqlMultithreaded,

+			boolean throwExceptions,

+			boolean logExceptions,

+			boolean throwWarnings,

+			boolean logWarnings,

+			boolean nullRedundancies) {

+

+			super(

+				euTerritory,

+				euTslURL,

+				workingdirectory,

+				sqlMultithreaded,

+				throwExceptions,

+				logExceptions,

+				throwWarnings,

+				logWarnings,

+				nullRedundancies);

+

+		}

+	

+	public List<ThrowableAndLocatorAndMitigation> getErrorsAndWarnings() {

+		List<ThrowableAndLocatorAndMitigation> errorsAndWarnings = new ArrayList<ThrowableAndLocatorAndMitigation>();

+		errorsAndWarnings.addAll(this.fatals_);

+		errorsAndWarnings.addAll(this.faildTransactions_);

+		errorsAndWarnings.addAll(this.warnings_);

+		

+		return errorsAndWarnings;

+	}

+	

+	@Override

+	  public boolean normalizeXML() {

+		  return true;

+	  }

+		

+	@Override

+	public Object throwException(Throwable e, Method enclosingMethod,

+		Object thisObject, Object[] parameters) {

+

+		if (enclosingMethod != null){

+			if (

+				e instanceof TSLOpenURIException &&

+				enclosingMethod.getName().equals("processUrl") &&

+				TSLImportFromFileContext.class.isAssignableFrom(enclosingMethod.getDeclaringClass()) &&

+				parameters[1] instanceof File &&

+				e.getCause() instanceof IOException &&

+				parameters[0] instanceof URL

+			){

+

+				_l.err("Ignoring download error using old: " + parameters[0],null);

+				wrapException(e);

+				return parameters[1];

+			}

+		}

+

+		//we allow each and every funny stuff from the EU as long as it's not insecure

+		if (e instanceof TSLExceptionB){

+			TSLExceptionB ve = (TSLExceptionB) e;

+			Severity s = ve.getSeverity();

+			if ( s != null && s.ordinal() < Severity.insecure.ordinal()){

+				_l.err("Ignored Exception: ",ve);

+//			    if(logExceptions_){

+		    	warnings_.add(

+		    		new ThrowableAndLocatorAndMitigation(

+		    			ve, null, ve.getLocator(), ve.getMitigation()

+		    		)

+		    	);

+//			    }

+				return null;

+			}

+		}

+

+

+		return super.throwException(e, enclosingMethod, thisObject, parameters);

+	}

+

+		@Override

+		public Boolean doesViolateRawHash(SQLException e, byte[] rawHash) {

+

+			String msg = e.getMessage();

+			return (

+				msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&

+			  msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")

+				);

+		}

+

+		public MultiThreadLoggingGroup getLoggingGroup() {

+		  return this;

+	  }

+		

+		StringBuilder log = new StringBuilder();

+		

+		public void flushLog() {

+			if (log != null && log.length() > 0) {

+				Thread currentThread = Thread.currentThread();

+				String ncName = getNcName(currentThread);

+				

+				synchronized (log) {

+					print(

+							"<" + ncName + " state=\"" + currentThread.getState() + "\" " + " id=\"" + currentThread.getId() + "\">\n"

+					        + log.toString() + "</" + ncName + ">\n");

+					log.setLength(0);	      

+	      }

+			}

+	  }

+

+		public void print(Object msg) {

+		  Log.print(msg);

+	  }

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java
new file mode 100644
index 0000000..a656f11
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java
@@ -0,0 +1,134 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+

+import iaik.util.logging.Log.MultiThreadLoggingGroup;

+import iaik.util.logging.Log;

+import iaik.util.logging._l;

+import iaik.xml.crypto.tsl.BaseClass;

+import iaik.xml.crypto.tsl.SIEExtensionChecker;

+import iaik.xml.crypto.tsl.constants.Countries;

+import iaik.xml.crypto.tsl.ex.TSLSIEExtensionException;

+import iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation;

+import iaik.xml.crypto.tsl.sie.gen.CriteriaListType;

+import iaik.xml.crypto.tsl.sie.gen.KeyUsageBitType;

+import iaik.xml.crypto.tsl.sie.gen.KeyUsageType;

+import iaik.xml.crypto.tsl.sie.gen.ObjectFactory;

+

+import java.lang.reflect.InvocationTargetException;

+import java.lang.reflect.Method;

+

+public final class TSLEvaluationContext extends iaik.xml.crypto.tsl.TSLEvaluationContext {

+	

+	public TSLEvaluationContext(

+	    String workingdirectory,

+		boolean sqlMultithreaded,

+		boolean throwExceptions,

+		boolean logExceptions,

+		boolean throwWarnings,

+		boolean logWarnings) {

+		super(workingdirectory,

+			sqlMultithreaded,

+			throwExceptions,

+			logExceptions,

+			throwWarnings,

+			logWarnings);

+	}

+

+	@Override

+	public Object throwException(Throwable e, Method enclosingMethod,

+		Object thisObject, Object[] parameters) {

+

+		if (e instanceof TSLSIEExtensionException

+			&& e.getMessage() == TSLSIEExtensionException.NO_KEYUSEAGE_NOR_POLICYSET) {

+

+			CriteriaListType criteriaList = (CriteriaListType) parameters[1];

+

+			_l.warn(criteriaList.getDescription());

+

+			String description = criteriaList.getDescription();

+			if (description

+				.trim()

+				.equals(

+					"This service issues qualified certificates for e-signing and "

+						+ "e-authentication within the same process. The Relaying Party shall "

+						+ "make distinction by inspection of keyUsage field contents - "

+						+ "e-signature certificates have non-repudation bit set exclusively.")) {

+				criteriaList.setAssert(SIEExtensionChecker.Asssert.all.toString());

+

+				ObjectFactory of = new ObjectFactory();

+				KeyUsageType ku = of.createKeyUsageType();

+				KeyUsageBitType kb = of.createKeyUsageBitType();

+				kb.setName(SIEExtensionChecker.KeyUseageBit.nonRepudiation

+					.toString());

+				kb.setValue(true);

+				ku.getKeyUsageBit().add(kb);

+				criteriaList.getKeyUsage().add(ku);

+

+				Object mitigatedResult = null;

+				try {

+					mitigatedResult = enclosingMethod.invoke(thisObject, parameters);

+

+				} catch (IllegalAccessException e1) {

+					wrapException(e1);

+				} catch (InvocationTargetException e1) {

+					wrapException(e1);

+				}

+

+				if (mitigatedResult != null) {

+					wrapException(e, criteriaList.sourceLocation(), new Mitigation() {

+						@Override

+						public String getReport() {

+							return "Fixed invalid criteria list";

+						}

+					});

+					return mitigatedResult;

+				}

+

+			}

+		}

+		return super.throwException(e, enclosingMethod, thisObject, parameters);

+	}

+

+	@Override

+	protected long howLongWaitForThreads() {

+		return 10000;

+	}

+

+	@Override

+	protected BaseClass getCurrentBaseClass() {

+		//TODO check whether we can avoid by redesign to focus this only on import

+		return null;

+	}

+

+	@Override

+  public boolean normalizeXML() {

+	  return true;

+  }

+

+	public Countries getExpectedTerritory() {

+	  return null;

+  }

+

+	public MultiThreadLoggingGroup getLoggingGroup() {

+	  return this;

+  }

+

+	StringBuffer log = new StringBuffer();

+	

+	public void flushLog() {

+	  if (log != null && log.length() > 0) {

+			synchronized (System.out) {

+				Thread currentThread = Thread.currentThread();

+				print("# # # " + getHint() + " Thread: "

+				    + currentThread.getName() + "(" + currentThread.getId()

+				    + ") collected logs - BEGIN # # #\n" + log.toString() + "# # # "

+				    + getHint() + " Thread: " + currentThread.getName()

+				    + "(" + currentThread.getId() + ") collected logs -  END  # # #\n");

+			}

+			log = null;

+		}

+  }

+

+	public void print(Object msg) {

+    Log.print(msg);

+  }

+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
new file mode 100644
index 0000000..5d69f69
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java
@@ -0,0 +1,850 @@
+package at.gv.egovernment.moa.spss.tsl.utils;

+

+import java.io.BufferedOutputStream;

+import java.io.File;

+import java.io.FileNotFoundException;

+import java.io.FileOutputStream;

+import java.io.OutputStream;

+import java.lang.reflect.InvocationTargetException;

+import java.lang.reflect.Method;

+import java.net.MalformedURLException;

+import java.net.URL;

+import java.security.InvalidKeyException;

+import java.security.KeyFactory;

+import java.security.NoSuchAlgorithmException;

+import java.security.PublicKey;

+import java.security.cert.CertificateException;

+import java.security.cert.X509Certificate;

+import java.sql.SQLException;

+import java.util.ArrayList;

+import java.util.Arrays;

+import java.util.Collections;

+import java.util.Iterator;

+import java.util.List;

+import java.util.ListIterator;

+import java.util.Map;

+

+import javax.xml.bind.Unmarshaller;

+import javax.xml.crypto.AlgorithmMethod;

+import javax.xml.crypto.KeySelectorException;

+

+import org.apache.log4j.Logger;

+import org.sqlite.SQLiteErrorCode;

+import org.w3c.dom.DOMError;

+import org.xml.sax.Locator;

+import org.xml.sax.SAXParseException;

+

+import at.gv.egovernment.moa.spss.tsl.exception.MitigatedTSLSecurityException;

+import iaik.util.logging.Log.MultiThreadLoggingGroup;

+import iaik.util.logging._l;

+import iaik.utils.RFC2253NameParserException;

+import iaik.utils.Util;

+import iaik.util._15;

+import iaik.xml.crypto.dsig.keyinfo.X509DataImpl;

+import iaik.xml.crypto.tsl.DbTables;

+import iaik.xml.crypto.tsl.TSLConstants;

+import iaik.xml.crypto.tsl.TSLContext;

+import iaik.xml.crypto.tsl.TSLEngine;

+import iaik.xml.crypto.tsl.TSLImportContext;

+import iaik.xml.crypto.tsl.TSLOpenURIException;

+import iaik.xml.crypto.tsl.TSLThreadContext;

+import iaik.xml.crypto.tsl.ValidationFixupFilter;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.AttributeValueFixup;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.DeleteAttrFixup;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.ElementStringValueFixup;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.FixedSaxLevelValidationExcption;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup;

+import iaik.xml.crypto.tsl.ValidationFixupFilter.LocalNameFixup;

+import iaik.xml.crypto.tsl.constants.Countries;

+import iaik.xml.crypto.tsl.ex.LocatorAspect;

+import iaik.xml.crypto.tsl.ex.TSLEngineFatalException;

+import iaik.xml.crypto.tsl.ex.TSLRuntimeWarning;

+import iaik.xml.crypto.tsl.ex.TSLSecurityException;

+import iaik.xml.crypto.tsl.ex.TSLSecurityException.Type;

+import iaik.xml.crypto.tsl.ex.TSLVerificationException;

+import iaik.xml.crypto.tsl.gen.DigitalIdentityType;

+import iaik.xml.crypto.tsl.verify.TSLDOMErrorHandler;

+import iaik.xml.crypto.tsl.verify.TSLValidationException;

+import iaik.xml.crypto.tsl.verify.TslKeySelector;

+import iaik.xml.crypto.utils.KeySelectorImpl.X509KeySelectorResultImpl;

+

+/**

+ *

+ */

+

+public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromFileContext {

+

+	static Logger l = Logger.getLogger(TSLImportFromFileContext.class);

+	

+	public static final class ExceptionalMitigation extends Mitigation {

+		public ExceptionalMitigation(String report) {

+			super(report);

+		}

+	}

+

+	public static final class FixedValidationMitigation extends Mitigation {

+		public FixedValidationMitigation(String report) {

+			super(report);

+		}

+	}

+

+	private final String baseuri_;

+	private Map<Countries, ListIterator<X509Certificate>>

+	  trustAnchorsWrongOnEuTsl_;

+

+	public TSLImportFromFileContext(

+			Countries expectedTerritory,

+			URL url,

+			Number otherTslPointerId,

+			String workingdirectory,

+			boolean sqlMultithreaded,

+			boolean throwExceptions,

+			boolean logExceptions,

+			boolean throwWarnings,

+			boolean logWarnings,

+			boolean nullRedundancies,

+			String baseuri,

+			Map <Countries, ListIterator<X509Certificate>> trustAnchorsWrongOnEuTsl, 

+			TSLThreadContext parentContext) {

+			super(

+				expectedTerritory,

+				url,

+				otherTslPointerId,

+				workingdirectory,

+				sqlMultithreaded,

+				throwExceptions,

+				logExceptions,

+				throwWarnings,

+				logWarnings,

+				nullRedundancies,

+				parentContext);

+			baseuri_ = baseuri;

+			trustAnchorsWrongOnEuTsl_ = trustAnchorsWrongOnEuTsl;

+		}

+	/* (non-Javadoc)

+	 * @see iaik.xml.crypto.tsl.TSLImportFromFileContext#getbaseURI()

+	 */

+	@Override

+	public String getbaseURI() {

+		return this.baseuri_;

+	}

+

+

+

+

+	//@Override

+		protected RuntimeException wrapException(Throwable t, Locator l, Mitigation m) {

+			return super.wrapException(t, l, m);

+		}

+

+	@Override

+  public

+	synchronized void throwException(Throwable e) {

+

+		if (e instanceof TSLValidationException) {

+			// we do not throw dom validation errors for testing

+			// and just collect them

+			wrapException(e);

+		} else if (e instanceof TSLVerificationException) {

+			

+			boolean corrected = false;

+			// we do not throw verification errors for testing

+			// and just collect them

+			

+//			// NEVER DO THIS! unless you want to import TSLs without signatures.

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NO_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NO_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//			}

+//			

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//			}

+			

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//				

+//				corrected = true;

+//			}

+//			

+//			

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//

+//				corrected = true;

+//			}

+//			

+//			if (Boolean.valueOf(_.getSysProperty(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE

+//			    .getClass().getName(), "true"))

+//			    && ((TSLVerificationException) e).getType() == TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) {

+//				((TSLVerificationException) e).setMitigation(Mitigation.IGNORED);

+//				

+//				corrected = true;

+//			}

+//			

+//			if (corrected)

+//				wrapException(e);

+//			else

+//				super.throwException(e);

+

+			super.throwException(e);

+			

+		} else if (e instanceof FileNotFoundException) {

+			// we do not stop and continue processing

+			wrapException(e);

+		} else if (e instanceof IllegalArgumentException) {

+			// we do not stop and continue processing

+			wrapException(e);

+		} else {

+			// all other errors are treated as per default

+			super.throwException(e);

+		}

+	}

+

+	/* (non-Javadoc)

+	 * @see iaik.xml.crypto.tsl.TSLContext#throwException(java.lang.Exception, java.lang.reflect.Method, java.lang.Object, java.lang.Object[])

+	 */

+	@Override

+	public Object throwException(

+		Throwable e, Method enclosingMethod, Object thisObject, final Object[] parameters) {

+

+		if (enclosingMethod != null){

+

+			if(

+				e instanceof FixedSaxLevelValidationExcption &&

+				enclosingMethod.getDeclaringClass().equals(ValidationFixupFilter.class)){

+				wrapException(e,

+					((LocatorAspect) e).getLocator(),

+					new FixedValidationMitigation("Performed SAX Level Fixup."));

+				return null;

+			}

+

+			if(e instanceof CertificateException &&

+				enclosingMethod.getDeclaringClass().equals(TSLImportContext.class) &&

+				enclosingMethod.getName().equals("parseCertificate")) {

+

+				wrapException(e);

+				//				((DigitalIdentityType)parameters[1]).sourceLocation();

+

+				return null;

+			}

+

+			if (e instanceof TSLValidationException&&

+				enclosingMethod.getDeclaringClass().equals(TSLDOMErrorHandler.class) &&

+				enclosingMethod.getName().equals("handleError")) {

+

+				if (parameters[0] instanceof DOMError) {

+					DOMError domError = (DOMError) parameters[0];

+

+					_l.warn(""+domError.getRelatedData());

+

+					//					domError.getRelatedData().getClass().getField("")

+

+					wrapException(e);

+					return Boolean.TRUE;

+				}

+			}

+

+			if (e instanceof RFC2253NameParserException&&

+				enclosingMethod.getDeclaringClass().equals(TSLImportContext.class) &&

+				enclosingMethod.getName().equals("getNormalizedDN") &&

+				parameters[0] instanceof DigitalIdentityType ) {

+

+				DigitalIdentityType digitalId = (DigitalIdentityType) parameters[0];

+

+				String subDN = digitalId.getX509SubjectName();

+

+				//				String openSslRdnRegExp = "/([^=]+)=?(([^/]+)|\"([^\"]+)\"";

+

+				String openSslRdnRegExp = "/([^=]+)=(\"([^\"]*)\"|([^/\"][^/]*)|(.{0}))";

+				//                          1       2  3          4             5

+				// 1 matches Attribute

+				// 2 matches values

+				// 2 greedy matches properly quoted values

+				// 3 greedy matches values without quotes

+				// 4 matches the empty value

+				if (subDN.matches("^("+openSslRdnRegExp+")+$")){

+					//trigger openSSL format error handling

+

+					Object mitigatedResult = null;

+

+					String[] rdns = subDN.substring(1, subDN.length()).split("/");

+

+					rdns = (String[]) _15.reverseInPlace(rdns);

+

+					subDN = "/"+_15.implode("/", rdns);

+

+					//for now we only support properly quoted values or such without quotes

+

+					subDN = subDN.replaceAll(openSslRdnRegExp, "$1=\"$2$3\",");

+					subDN = subDN.substring(0, subDN.length()-1);

+

+					digitalId.setX509SubjectName(subDN);

+					try {

+						mitigatedResult = enclosingMethod.invoke(thisObject, new Object[]{digitalId});

+

+					} catch (IllegalAccessException e1) {

+						wrapException(e1);

+					} catch (InvocationTargetException e1) {

+						wrapException(e1);

+					}

+

+					if (mitigatedResult != null){

+						wrapException(e, digitalId.sourceLocation(), new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {

+							@Override

+							public String getReport() {

+								return "Converted OpenSSL SubjectDN";

+							}

+						});

+						return mitigatedResult;

+						

+					}

+				}

+

+				wrapException(

+					new TSLRuntimeWarning("Could not normalize :" + (digitalId).getX509SubjectName(), e),

+					digitalId.sourceLocation());

+

+				//if we cannot Normalize the DN we simply don't

+				return (digitalId).getX509SubjectName();

+			}

+

+			//TODO check if this is really needed for ESP TSL

+			if (e instanceof RFC2253NameParserException &&

+				enclosingMethod.getDeclaringClass().equals(TSLImportContext.class) &&

+				enclosingMethod.getName().equals("getNormalizedSubjectDN") &&

+				parameters[0] instanceof X509Certificate ) {

+

+				X509Certificate cert = (X509Certificate) parameters[0];

+

+

+				wrapException(e, null);

+				//if we cannot Normalize the DN we simply don't

+				return cert.getSubjectDN().getName();

+			}

+

+			if (

+				(expectedTerritory_ == Countries.MT || expectedTerritory_ == Countries.LT)&&

+				e instanceof TSLOpenURIException &&

+				enclosingMethod.getDeclaringClass().equals(TSLImportFromFileContext.class) &&

+				enclosingMethod.getName().equals("processUrl") &&

+				parameters[1] instanceof File){

+

+				URL url = null;

+				if (

+					e.getCause() instanceof FileNotFoundException &&

+					parameters[0] instanceof URL &&

+					(url =((URL)parameters[0])).getProtocol().equalsIgnoreCase("http")

+				){

+					try {

+						//Malta just changed their URL ...

+						if ("http://www.mca.org.mt/tsl/MT_TSL.xml".equalsIgnoreCase(url.toString())){

+							url = new URL("http://www.mca.org.mt/sites/default/files/pageattachments/MT_TSL.xml");

+						} else {

+							url = new URL("https", url.getHost(), url.getFile());

+						}

+					}  catch (MalformedURLException e1) {

+						wrapException(e1);

+					}

+

+					Object mitigatedResult = null;

+					try {

+

+						mitigatedResult = enclosingMethod.invoke(thisObject, new Object[]{url,parameters[1]});

+					} catch (IllegalAccessException e1) {

+						wrapException(e1);

+					} catch (InvocationTargetException e1) {

+						wrapException(e1);

+					}

+

+					if (mitigatedResult != null){

+						wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {

+							@Override

+							public String getReport() {

+								return "Trying https:// ...";

+							}

+						});

+						return mitigatedResult;

+					}

+				}

+

+				_l.err("Ignoring download error using old: " + parameters[0], null);

+				wrapException(e);

+				return parameters[1];

+			}

+

+//		if (

+//		expectedTerritory_ == Countries.PL &&(

+//			(e.getCause() instanceof java.io.EOFException ||

+//				e.getCause() instanceof iaik.security.ssl.SSLException) &&

+//				parameters[0] instanceof URL &&

+//				((URL)parameters[0]).getProtocol().equalsIgnoreCase("https")

+//		)){

+//		File f = null;

+//		System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

+//		TLS.register("TLSv1");

+//		try {

+//			f = (File) enclosingMethod.invoke(thisObject, parameters);

+//		} catch (IllegalAccessException e1) {

+//			wrapException(e1);

+//		} catch (InvocationTargetException e1) {

+//			wrapException(e1);

+//		}

+//

+//		//					System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", null);

+//		TLS.register();

+//

+//		if (f != null){

+//			wrapException(e, null, new Mitigation() {

+//				@Override

+//				public String getReport() {

+//					return "Trying TLSv1 and sun.security.ssl.allowUnsafeRenegotiation=true";

+//				}

+//			});

+//			return f;

+//		}

+//	}

+

+			if (

+				e instanceof TSLSecurityException &&

+				enclosingMethod.getDeclaringClass().equals(TSLContext.class) &&

+				enclosingMethod.getName().equals("securityCheck") &&

+				parameters[0] == TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER &&

+				trustAnchorsWrongOnEuTsl_.containsKey(expectedTerritory_) &&

+				parameters[1] instanceof X509Certificate &&

+				parameters[2] instanceof 	ListIterator<?>

+			)

+			{

+				final ListIterator<X509Certificate> trustAnchorsWrongOnEuTsl =

+					trustAnchorsWrongOnEuTsl_.get(expectedTerritory_);

+

+				if (trustAnchorsWrongOnEuTsl != parameters[2]){ //prevents recursion

+					try {

+						enclosingMethod.invoke(thisObject,

+							new Object[]{parameters[0],parameters[1], trustAnchorsWrongOnEuTsl});

+					} catch (IllegalAccessException e1) {

+						wrapException(e1);

+					} catch (InvocationTargetException e1) {

+						wrapException(e1);

+					}

+					wrapException(e, getLocator(),

+							new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation(){

+							@Override

+							public String getReport() {

+								return "make an exception for " + expectedTerritory_ + " who have the wrong certificate in " +

+								"the EU TSL and allow the certificate " +

+								parameters[1];

+							}

+						});

+					return null;

+				}

+				X509Certificate crt = (X509Certificate)parameters[1];

+

+		    File f = new File("./wrong/"+expectedTerritory_+"/",

+		    	iaik.util._15.toHexString(getFingerPrint(crt,

+		    		new byte[TSLConstants.CertHash.LENGTH]))+".der");

+		    File parent = f.getParentFile();

+		    if(!parent.exists() && !parent.mkdirs()){

+		        throw new IllegalStateException("Couldn't create dir: " + parent);

+		    }

+

+		    if (!f.exists()){

+		      try {

+		        OutputStream os = new BufferedOutputStream(

+		          new FileOutputStream(f)

+		          );

+		        os.write(crt.getEncoded());

+		        os.close();

+		      } catch (Exception e1) {

+		        e1.printStackTrace();

+		        System.exit(1);

+		      }

+		    }

+

+				//continue ...

+			}

+

+			if (

+				( expectedTerritory_ == Countries.SK ||

+					expectedTerritory_ == Countries.SE ||

+					expectedTerritory_ == Countries.NO ||

+					expectedTerritory_ == Countries.PL) &&

+				e instanceof KeySelectorException &&

+				enclosingMethod.getDeclaringClass().equals(TslKeySelector.class) &&

+				enclosingMethod.getName().equals("select") &&

+				parameters[0] instanceof X509DataImpl){

+

+				X509DataImpl x509Data = (X509DataImpl) parameters[0];

+				AlgorithmMethod method = (AlgorithmMethod) parameters[2];

+

+				List certificates = new ArrayList();

+

+				Iterator x509content = x509Data.getContent().iterator();

+				while (x509content.hasNext()) {

+					Object element = x509content.next();

+					if (element instanceof X509Certificate) {

+						X509Certificate rawCert = (X509Certificate)element;

+						certificates.add(rawCert);

+					}

+				}

+

+				if (!certificates.isEmpty()) {

+					X509Certificate[] rawCertificates = new X509Certificate[certificates.size()];

+					certificates.toArray(rawCertificates);

+					certificates.clear();

+					Iterator certs = null;

+					try {

+						// convert the certificates to IAIK certifcates

+						iaik.x509.X509Certificate[] iaikCertificates = Util.convertCertificateChain(rawCertificates);

+						// sort the certificate chain

+						iaik.x509.X509Certificate[] sortedChain = Util.arrangeCertificateChain(iaikCertificates, false);

+						if (sortedChain == null) {

+							// chain could not be sorted; maybe there are two different certificates

+							// containing the same public key; use the unsorted chain

+							certificates = Arrays.asList(iaikCertificates);

+							certs = certificates.iterator();

+						} else {

+							certs = (Collections.nCopies(1, sortedChain[0])).iterator();

+							certificates = Arrays.asList(sortedChain);

+						}

+					} catch (CertificateException e1) {

+						//cannot handle this throw error

+						return super.throwException(e, enclosingMethod, thisObject, parameters);

+					}

+

+					PublicKey oldPublicKey = null;

+					while (certs.hasNext()) {

+

+						iaik.x509.X509Certificate cert = (iaik.x509.X509Certificate)certs.next();

+

+						boolean hit = false;

+

+						PublicKey publicKey = cert.getPublicKey();

+

+						//            failReason_ = "";

+

+						// Does the certificate provide a key for the requested algorithm?

+						try {

+							KeyFactory kfac = KeyFactory.getInstance(method.getAlgorithm());

+							kfac.translateKey(publicKey);

+							hit = true;

+							if (oldPublicKey != null) {

+								if (!publicKey.equals(oldPublicKey)) {

+									//cannot handle this throw error

+									return super.throwException(e, enclosingMethod, thisObject, parameters);

+								}

+							}

+							oldPublicKey = publicKey;

+						} catch (NoSuchAlgorithmException e1) {

+							//cannot handle this throw error

+							return super.throwException(e, enclosingMethod, thisObject, parameters);

+						} catch (InvalidKeyException e1) {

+							//cannot handle this throw error

+							return super.throwException(e, enclosingMethod, thisObject, parameters);

+						}

+						if (hit) {

+							//make an exception for SK, SE who violate XMLDSig ds:KeyInfo/ds:X509Data

+							wrapException(e, getLocator(),

+								new ExceptionalMitigation("make an exception for " + expectedTerritory_ + " who violate XMLDSig ds:KeyInfo"));

+							return new X509KeySelectorResultImpl(publicKey, certificates, null);

+						}

+					}

+				}

+			}

+			

+			if	( expectedTerritory_ == Countries.DK && 

+					e instanceof KeySelectorException &&

+					parameters[0] instanceof X509DataImpl){

+				if (e.getMessage().equals("KeyInfo X509SubjectName (CN=Adam Arndt                Digst,serialNumber=CVR:34051178-RID:25902029,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) does not match SubjectDN (serialNumber=CVR:34051178-RID:25902029+CN=Adam Arndt                Digst,O=Digitaliseringsstyrelsen // CVR:34051178,C=DK) of KeyInfo X509Certificate.\n"+

+						"Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear MUST refer to the certificate or certificates containing the validation key.")) {

+						

+			    	X509DataImpl x509DataImpl = (X509DataImpl) parameters[0];

+			    		

+			    	ListIterator li = x509DataImpl.getContent().listIterator();

+			    	li.next();

+			    	String sn = (String) li.next();

+			    	

+			    	_l.err(sn, null);

+			    	

+			    	System.exit(1);

+			    	

+						Object mitigatedResult = null;

+						try {

+

+							mitigatedResult = enclosingMethod.invoke(thisObject, parameters);

+						} catch (IllegalAccessException e1) {

+							wrapException(e1);

+						} catch (InvocationTargetException e1) {

+							wrapException(e1);

+						}

+

+						if (mitigatedResult != null){

+							wrapException(e, null, new iaik.xml.crypto.tsl.ex.SeverityAspect.Mitigation() {

+								@Override

+								public String getReport() {

+									return "Deleted wrong X509SubjectName from XMLDSIG Signature.";

+								}

+							});

+							return mitigatedResult;

+							

+						}

+					}

+			}

+

+

+		} else {

+			if (e instanceof MitigatedTSLSecurityException){

+				// we allow to mitigate Security exceptions for testing

+				// and collect them

+				wrapException(e);

+				return null;

+			} else if (e instanceof FixedSaxLevelValidationExcption) {

+				// we allow to mitigate Sax Level Fixup for testing

+				// and collect them

+				wrapException(e);

+				return null;

+			}

+		}

+

+		return super.throwException(e, enclosingMethod, thisObject, parameters);

+	}

+

+

+

+	@Override

+	public Unmarshaller createTSLUnmarshaller()

+		throws TSLEngineFatalException {

+		if (expectedTerritory_ == Countries.FI){

+			//we cannot fix FI at SAX Level and re-validate

+			return TSLEngine.createTSLUnmarshaller(false);

+		}

+		return super.createTSLUnmarshaller();

+	}

+

+	@Override

+	public String compressStatus(String status) {

+		if(expectedTerritory_ == Countries.EL){

+			//fix the whitespace in Greece TSL

+			status = status.trim();

+		}		

+		if (status != null && status.startsWith("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/")) {

+		        status = status.substring("http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/".length());

+		      }

+

+		return super.compressStatus(status);

+	}

+

+

+	@Override

+	public String compressServiceType(String sType) {

+		if(expectedTerritory_ == Countries.EL){

+			//fix the whitespace in Greece TSL

+			sType = sType.trim();

+		}

+		return super.compressServiceType(sType);

+	}

+

+

+	@Override

+	public iaik.xml.crypto.tsl.ValidationFixupFilter.Fixup getSaxLevelValidationFixup(SAXParseException e) {

+

+		if (expectedTerritory_ == Countries.AT){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+		if (expectedTerritory_ == Countries.CZ){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+		if (expectedTerritory_ == Countries.FR){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+		if (expectedTerritory_ == Countries.NO){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+		if (expectedTerritory_ == Countries.SK){

+			if (e.getMessage().equals("cvc-type.3.1.1: Element 'tsl:URI' is a simple type, so it cannot have attributes, excepting those whose namespace name is identical to 'http://www.w3.org/2001/XMLSchema-instance' and whose [local name] is one of 'type', 'nil', 'schemaLocation' or 'noNamespaceSchemaLocation'. However, the attribute, 'xml:lang' was found.")){

+				return new DeleteAttrFixup("http://www.w3.org/XML/1998/namespace","lang", e, this);

+			}

+		}

+		

+

+		if (expectedTerritory_ == Countries.ES && getDownloadLocation().toString().contains(".es/")){

+			if (e.getMessage().equals("cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tslx:CertSubjectDNAttributeType'.")){

+				return new LocalNameFixup("CertSubjectDNAttributeType","CertSubjectDNAttribute",e, this);

+			}

+		}

+

+		if (expectedTerritory_ == Countries.MT && getDownloadLocation().toString().contains(".mt/")){

+			if (e.getMessage().equals("cvc-complex-type.2.4.a: Invalid content was found starting with element 'tsl:TSLPolicy'. One of '{\"http://uri.etsi.org/02231/v2#\":TSLLegalNotice}' is expected.")){

+				return new LocalNameFixup("TSLPolicy","TSLLegalNotice",e, this);

+			}

+		}

+

+		if (e.getMessage().equals("cvc-complex-type.3.2.2: Attribute 'assert' is not allowed to appear in element 'ecc:otherCriteriaList'.")){

+			return new LocalNameFixup("otherCriteriaList","CriteriaList",e, this);

+		} else if (e.getMessage().startsWith("cvc-datatype-valid.1.2.1: '") &&  e.getMessage().endsWith("' is not a valid value for 'dateTime'.")){

+			return new ElementStringValueFixup("-(.)-","-0$1-",e, this);

+		} else if (e.getMessage().startsWith("cvc-type.3.1.3: The value '") &&  e.getMessage().endsWith("' of element 'tsl:ListIssueDateTime' is not valid.")){

+			//			return new DateTimeFixup();

+		} else if (e.getMessage().startsWith("cvc-datatype-valid.1.2.1: '") &&  e.getMessage().endsWith("' is not a valid value for 'base64Binary'.")){

+			return new ElementStringValueFixup("(\\s)=([^=]+)","$1$2",e, this);

+		} else if (e.getMessage().startsWith("cvc-type.3.1.3: The value '") &&  e.getMessage().endsWith("' of element 'tsl:X509Certificate' is not valid.")){

+			//			return new Base64BinaryFixup();

+		} else if (e.getMessage().startsWith("cvc-datatype-valid.1.2.1: '") &&  e.getMessage().endsWith("' is not a valid value for 'anyURI'.")){

+

+			//TODO only for sweden and find a better discriminatory than the URI

+//			if (expectedTerritory_ == Countries.SE){

+//			return new ElementStringValueFixup(

+//			"-http://www.pts.se/upload/Ovrigt/Internet/Branschinformation/Trusted%20List%20SE%20MR.xml",

+//			"http://www.pts.se/upload/Ovrigt/Internet/Branschinformation/Trusted%20List%20SE%20MR.xml");

+				return new ElementStringValueFixup("-http://www.pts.se/",	"http://www.pts.se/", e, this);

+//			}

+

+

+		} else if (e.getMessage().startsWith("cvc-datatype-valid.1.2.1: '") &&  e.getMessage().endsWith("' is not a valid value for 'NCName'.")){

+			if (expectedTerritory_ == Countries.CY || expectedTerritory_ == Countries.LV ||

+					expectedTerritory_ == Countries.HR || expectedTerritory_ == Countries.NL){

+				return new AttributeValueFixup("","Id","(.+)","x$1",e, this);

+			}

+		} else if (e.getMessage().startsWith("cvc-complex-type.2.3: Element '") &&  e.getMessage().endsWith("' cannot have character [children], because the type's content type is element-only.")) {

+			//cvc-complex-type.2.3: Element 'tsl:ServiceDigitalIdentity' cannot have character [children], because the type's content type is element-only.

+			if (expectedTerritory_ == Countries.FI){

+//				return new ElementStringValueFixup("(\\s*)-(\\s*)","$1$2",e, this);

+				return new Fixup(e, this){

+					{

+					  changed_ = true;

+					  fixupPerformed();

+					}

+					@Override

+					public String fixup(String input) {

+						return null;

+					}

+

+					@Override

+					public Mitigation getMitigation() {

+						return new Mitigation("Ignored");

+					}

+

+				};

+			}

+		}

+

+		if (e.getMessage().startsWith("cvc-elt")){

+

+		}	else if (e.getMessage().startsWith("cvc-type")) {

+

+		} else if (e.getMessage().startsWith("cvc-complex-type")) {

+

+		} else if (e.getMessage().startsWith("cvc-datatype-valid")) {

+

+		} else if (e.getMessage().startsWith("cvc-attribute")) {

+

+		}

+		//cvc-complex-type.2.4.a: Invalid content was found starting with element 'tsl:TSLPolicy'. One of '{"http://uri.etsi.org/02231/v2#":TSLLegalNotice}' is expected.

+

+		//cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'ecc:PolicySet'

+		//cvc-complex-type.2.4.a: Invalid content was found starting with element 'ecc:Identifier'. One of '{"http://uri.etsi.org/02231/v2/additionaltypes#":AttributeOID}' is expected.

+		//cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'tsl:ExtensionOID'.

+		//cvc-type.3.1.3: The value '-http://www.pts.se/upload/Ovrigt/Internet/Branschinformation/Trusted%20List%20SE%20MR.xml' of element 'tsl:URI' is not valid.,locator=[node=null,object=null,url=file:/C:/Gesichert/Development/projects/TSL/./hashcache/900BA6AB3702EC9518627496749AA28129C56100.tsl.xml,line=109,col=118,offset=-1]]

+

+		return super.getSaxLevelValidationFixup(e);

+	}

+

+	@Override

+	public void securityCheck(Type securityCheckType,

+		java.security.cert.X509Certificate[] certs,

+		ListIterator<java.security.cert.X509Certificate> expectedTslSignerCerts) {

+

+		//TODO check whether we always want to do that to make sure we use the endentity

+		try {

+			certs = Util.convertCertificateChain(certs);

+		} catch (CertificateException e) {

+			throwException(e);

+		}

+  	certs = Util.arrangeCertificateChain((iaik.x509.X509Certificate[]) certs, false);

+		super.securityCheck(securityCheckType, certs, expectedTslSignerCerts);

+	}

+

+

+	@Override

+	public boolean doRollback() {

+		//accept each and every TSL ... even partially ... for testing

+		return false;

+//		return true;

+	}

+

+	@Override

+	public Boolean doesViolateRawHash(SQLException e, byte[] rawHash) {

+

+		String msg = e.getMessage();

+

+		_l.info(msg);

+		return(

+			msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&

+			msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")

+		);

+	}

+

+	@Override

+	protected Long getLocalLastModified(File targetFile) {

+		return super.getLocalLastModified(targetFile);

+	}

+	@Override

+	protected long howLongWaitForThreads() {

+		// TODO Auto-generated method stub

+		return 100000;

+	}

+	

+	@Override

+  protected boolean normalizeXML() {

+	  return true;

+  }

+	public MultiThreadLoggingGroup getLoggingGroup() {

+	  return this;

+  }

+	

+	StringBuilder log = new StringBuilder();

+	

+	public void flushLog() {

+	  if (log != null && log.length() > 0) {

+			Thread currentThread = Thread.currentThread();

+			String ncName = getNcName(currentThread);

+			synchronized (log) {

+				parentContext_.print("<" + ncName + " state=\"" + currentThread.getState()

+				    + "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "</"

+				    + ncName + ">" + _15.LB);

+				parentContext_.flushLog();

+				log.setLength(0);

+			}

+		}

+  }

+	

+	/**

+	 * Collect all the logs for this context

+	 * @see iaik.util.logging.Log.MultiThreadLoggingGroup#print(java.lang.Object)

+	 */

+	public void print(Object msg) {

+		synchronized (log) {

+			log.append(msg);

+		}

+	}

+	

+}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java
new file mode 100644
index 0000000..0956617
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java
@@ -0,0 +1,109 @@
+package at.gv.egovernment.moa.spss.util;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.commons.io.FileUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egovernment.moa.spss.server.logging.IaikLog;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import iaik.pki.store.certstore.directory.DirectoryStoreException;
+import iaik.pki.store.certstore.utils.DirectoryCertStoreConverter;
+
+public class CertStoreConverter {
+
+	private static final Logger logger = LoggerFactory.getLogger(CertStoreConverter.class);
+	
+	public static boolean convert(String certStoreRoot, TransactionId transId) {
+		String certStoreSubjectDN = certStoreRoot + File.separator + "subjectdn";
+
+		logger.error("checking for new cert store format {} -> {}", certStoreRoot, certStoreSubjectDN);
+
+		File certStoreDirectory = new File(certStoreRoot);
+		if (certStoreDirectory.isDirectory() && certStoreDirectory.exists()) {
+
+			File file = new File(certStoreSubjectDN);
+
+			if (file.isDirectory() && file.exists()) {
+				// Is new Format!
+				logger.error("Cert store is allready new format!");
+				return false;
+			} else {
+				try {
+					logger.error(
+							"###########################################################################################");
+					logger.error(
+							"###########################################################################################");
+					logger.error("The certificate store @ {} will now be converted into the new format!",
+							certStoreDirectory.getAbsolutePath());
+
+					String backup = certStoreRoot;
+
+					if (certStoreRoot.endsWith(File.separator)) {
+						backup = certStoreRoot.substring(0, certStoreRoot.length() - File.separator.length());
+					}
+
+					String timestamp = String.valueOf(System.currentTimeMillis());
+					backup = backup + "_" + timestamp;
+
+					logger.error("Creating a backup of the certstore @ {}", backup);
+
+					File backupDirectory = new File(backup);
+					try {
+						FileUtils.copyDirectory(certStoreDirectory, backupDirectory);
+					} catch (IOException e) {
+						logger.error("Failed to create certstore backup!", e);
+						throw new RuntimeException("Failed to create certstore backup!", e);
+					}
+
+					logger.error("deleting original certstore @ {}", certStoreRoot);
+
+					try {
+						FileUtils.deleteDirectory(certStoreDirectory);
+					} catch (IOException e1) {
+						logger.error("Failed to delete old certstore!", e1);
+						throw new RuntimeException("Failed to delete old certstore!", e1);
+					}
+					certStoreDirectory.mkdir();
+
+					DirectoryCertStoreConverter directoryCertStoreConverter = new DirectoryCertStoreConverter();
+
+					try {
+						logger.error("running conversion of certstore @ {}", certStoreRoot);
+						directoryCertStoreConverter.convert(backupDirectory.getAbsolutePath(),
+								certStoreDirectory.getAbsolutePath(), true, false,
+								new IaikLog("DirectoryCertStoreConverter"), transId);
+					} catch (DirectoryStoreException e) {
+						logger.error("Failed to run conversion of old certstore!", e);
+
+						try {
+							FileUtils.copyDirectory(backupDirectory, certStoreDirectory);
+						} catch (IOException e1) {
+							logger.error("!!!!Failed to restore original certstore!!!! CHECK LOGS", e1);
+							throw new RuntimeException("!!!!Failed to restore original certstore!!!! CHECK LOGS", e);
+
+						}
+						throw new RuntimeException("Failed to run conversion of old certstore!", e);
+					}
+
+					logger.error("Conversion of certstore succseeded");
+					logger.error("Certstore in new format is located @ {}", certStoreDirectory.getAbsolutePath());
+					logger.error("Backup of Certstore in old format is located @ {}",
+							certStoreDirectory.getAbsolutePath());
+				} finally {
+					logger.error(
+							"###########################################################################################");
+					logger.error(
+							"###########################################################################################");
+				}
+				return true;
+			}
+		} else {
+			logger.error("Certstore does not exist yet");
+		}
+		return false;
+	}
+	
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
new file mode 100644
index 0000000..544ea91
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -0,0 +1,286 @@
+package at.gv.egovernment.moa.spss.util;
+
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.Name;
+import iaik.asn1.structures.PolicyInformation;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+import iaik.x509.extensions.CertificatePolicies;
+import iaik.x509.extensions.qualified.QCStatements;
+import iaik.x509.extensions.qualified.structures.QCStatement;
+import iaik.x509.extensions.qualified.structures.etsi.QcEuCompliance;
+import iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
+
+import java.security.Principal;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+
+public class CertificateUtils {
+	
+	
+	/**
+	 * Verifies if the given certificate contains QCP+ statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QCP+ statement, else false
+	 */
+	private static boolean checkQCPPlus(X509Certificate cert) {
+		Logger.debug("Checking QCP+ extension");
+		String OID_QCPPlus = "0.4.0.1456.1.1";
+		try {
+			CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid);
+			if (certPol == null) {
+				Logger.debug("No CertificatePolicies extension found");
+				return false;
+			}
+			
+			PolicyInformation[] polInfo = certPol.getPolicyInformation();
+			if (polInfo == null) {
+				Logger.debug("No policy information found");
+				return false;
+			}
+			
+			for (int i = 0; i < polInfo.length; i++) {
+				ObjectID oid = polInfo[i].getPolicyIdentifier();
+				String oidStr = oid.getID();
+				if (oidStr.compareToIgnoreCase(OID_QCPPlus) == 0) {
+					Logger.debug("QCP+ extension found");
+					return true;
+				}
+			}
+			
+			Logger.debug("No QCP+ extension found");
+			
+			return false;
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QCP+ extension found");
+			
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QCP statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QCP statement, else false
+	 */
+	private static boolean checkQCP(X509Certificate cert) {
+		Logger.debug("Checking QCP extension");
+		String OID_QCP = "0.4.0.1456.1.2";
+		try {
+			CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid);
+			if (certPol == null) {
+				Logger.debug("No CertificatePolicies extension found");
+				return false;
+			}
+			
+			PolicyInformation[] polInfo = certPol.getPolicyInformation();
+			if (polInfo == null) {
+				Logger.debug("No policy information found");
+				return false;
+			}
+			
+			for (int i = 0; i < polInfo.length; i++) {
+				ObjectID oid = polInfo[i].getPolicyIdentifier();
+				String oidStr = oid.getID();
+				if (oidStr.compareToIgnoreCase(OID_QCP) == 0) {
+					Logger.debug("QCP extension found");
+					return true;
+				}
+				
+			}
+			
+			Logger.debug("No QCP extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QCP extension found");
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QcEuCompliance statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QcEuCompliance statement, else false
+	 */
+	private static boolean checkQcEuCompliance(X509Certificate cert) {
+		Logger.debug("Checking QcEUCompliance extension");
+		try {
+			QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid);
+			
+			if (qcStatements == null) {
+				Logger.debug("No QcStatements extension found");
+				return false;
+			}
+			
+			QCStatement qcEuCompliance = qcStatements.getQCStatements(QcEuCompliance.statementID);
+			
+			if (qcEuCompliance != null) {
+				Logger.debug("QcEuCompliance extension found");
+				return true;
+			}
+			
+			Logger.debug("No QcEuCompliance extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QcEuCompliance extension found");
+			return false;
+		}
+		
+	}
+	
+	/**
+	 * Verifies if the given certificate contains QcEuSSCD statement
+	 * @param cert X509Certificate
+	 * @return true if the given certificate contains QcEuSSCD statement, else false
+	 */
+	private static boolean checkQcEuSSCD(X509Certificate cert) {
+		Logger.debug("Checking QcEuSSCD extension");
+		try {
+			QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid);
+			if (qcStatements == null) {
+				Logger.debug("No QcStatements extension found");
+				return false;
+			}
+			
+			QCStatement qcEuSSCD = qcStatements.getQCStatements(QcEuSSCD.statementID);
+			
+			if (qcEuSSCD != null) {
+				Logger.debug("QcEuSSCD extension found");
+				return true;
+			}
+						
+			Logger.debug("No QcEuSSCD extension found");
+			return false;
+
+		} catch (X509ExtensionInitException e) {
+			Logger.debug("No QcEuSSCD extension found");
+			return false;
+		}
+		
+	}
+
+	public static QCSSCDResult checkQCSSCD(X509Certificate[] chain, boolean isTSLenabledTrustprofile) {
+		
+		boolean qc = false;
+		boolean qcSourceTSL = false;
+		boolean sscd = false;
+		boolean sscdSourceTSL = false;
+		
+		try { 
+		
+			if (isTSLenabledTrustprofile) {
+				// perform QC check via TSL
+				boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
+				if (!checkQCFromTSL) { 
+					// if QC check via TSL returns false
+					// try certificate extensions QCP and QcEuCompliance
+					Logger.debug("QC check via TSL returned false - checking certificate extensions");
+			     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+			        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+			        
+			        if (checkQCP || checkQcEuCompliance) {
+			        	Logger.debug("Certificate is QC (Source: Certificate)");
+			        	qc = true;			        	
+			        }
+			        
+		        	qcSourceTSL = false;
+		        }
+		        else {
+		        	// use TSL result
+		        	Logger.debug("Certificate is QC (Source: TSL)");
+		        	qc = true;
+		        	qcSourceTSL = true;
+		        }
+				
+				// perform SSCD check via TSL
+	        	boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+	        	if (!checkSSCDFromTSL) {
+	        		// if SSCD check via TSL returns false
+					// try certificate extensions QCP+ and QcEuSSCD			       
+	        		Logger.debug("SSCD check via TSL returned false - checking certificate extensions");
+		        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+			        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+			        
+			        if (checkQCPPlus || checkQcEuSSCD) {
+			        	Logger.debug("Certificate is SSCD (Source: Certificate)");
+			        	sscd = true;
+			        }
+			        
+		        	sscdSourceTSL = false;
+		        }
+		        else {
+		        	// use TSL result
+		        	Logger.debug("Certificate is SSCD (Source: TSL)");
+		        	sscd = true;
+		        	sscdSourceTSL = true;
+		        }
+	        	
+			}
+			else {
+				// Trustprofile is not TSL enabled - use certificate extensions only
+
+				// perform QC check
+				// try certificate extensions QCP and QcEuCompliance
+		     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+		        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+		        
+		        if (checkQCP || checkQcEuCompliance)
+		        	qc = true;
+		        
+	        	qcSourceTSL = false;
+	        	
+	        	// perform SSCD check
+	        	// try certificate extensions QCP+ and QcEuSSCD			       
+	        	boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+		        boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+		        
+		        if (checkQCPPlus || checkQcEuSSCD)
+		        	sscd = true;
+		        
+	        	sscdSourceTSL = false;
+			}
+		}
+		catch (TSLEngineDiedException e) {
+	    	MessageProvider msg = MessageProvider.getInstance();
+	        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+		} catch (TSLSearchException e) {
+	    	MessageProvider msg = MessageProvider.getInstance();
+	        Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e);
+		}
+		
+		QCSSCDResult result = new QCSSCDResult(qc, qcSourceTSL, sscd, sscdSourceTSL);
+		
+		return result;
+	}
+	
+	/**
+	    * Gets the country from the certificate issuer
+	    * @param cert X509 certificate
+	    * @return Country code from the certificate issuer
+	    */
+	   public static String getIssuerCountry(X509Certificate cert) {
+		   String country = null;
+		   Principal issuerdn = cert.getIssuerX500Principal();
+		   RFC2253NameParser nameParser = new RFC2253NameParser(issuerdn.getName());
+		   
+		   try {
+			   Name name = nameParser.parse();
+			   country = name.getRDN(ObjectID.country);
+		   } catch (RFC2253NameParserException e) {
+			   Logger.warn("Could not get country code from issuer.");
+		   }
+		   
+		    
+		   return country;
+	   }
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
new file mode 100644
index 0000000..219bb7c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.spss.util;

+

+import java.net.InetAddress;

+import java.net.UnknownHostException;

+import java.util.Iterator;

+import java.util.List;

+

+import at.gv.egovernment.moa.logging.LogMsg;

+import at.gv.egovernment.moa.logging.Logger;

+import at.gv.egovernment.moa.spss.MOAApplicationException;

+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;

+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;

+

+public class ExternalURIVerifier {

+	

+	public static void verify(String host, int port) throws MOAApplicationException {

+		

+		

+		if (host == null)

+			return;

+		if (host.equalsIgnoreCase(""))

+			return;

+		

+			try {

+				ConfigurationProvider config = ConfigurationProvider.getInstance();

+				

+				boolean allowExternalUris = config.getAllowExternalUris();

+				List blacklist = config.getBlackListedUris();

+				List whitelist = config.getWhiteListedUris();

+				

+				InetAddress hostInetAddress = InetAddress.getByName(host);

+				String ip = hostInetAddress.getHostAddress();

+				

+				

+				if (allowExternalUris) {

+					// external URIs are allowed - check blacklist

+					Iterator it = blacklist.iterator();

+					while (it.hasNext()) {

+						String[] array = (String[])it.next();

+						String bhost = array[0];

+						String bport = array[1];

+						if (bport == null || port == -1) {

+							// check only host

+							if (ip.startsWith(bhost)) {

+								Logger.debug(new LogMsg("Blacklist check: " + host + " (" + ip + ") blacklisted"));

+								throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});

+							}

+						}

+						else {

+							// check host and port

+							int iport = new Integer(bport).intValue();

+							if (ip.startsWith(bhost) && (iport == port)) {

+								Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted"));

+								throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});							

+							}

+								

+						}

+					}

+				}

+				else {	

+					// external uris are forbidden - check whitelist

+					Iterator it = whitelist.iterator();

+					boolean allowed = false;

+					while (it.hasNext()) {

+						String[] array = (String[])it.next();

+						String bhost = array[0];

+						String bport = array[1];

+						if (bport == null || port == -1) {

+							// check only host

+							if (ip.startsWith(bhost)) {

+								Logger.debug(new LogMsg("Whitelist check: " + host + " (" + ip + ") whitelisted"));

+								allowed = true;

+								//throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});

+							}

+						}

+						else {

+							// check host and port

+							int iport = new Integer(bport).intValue();

+							if (ip.startsWith(bhost) && (iport == port)) {

+								Logger.debug(new LogMsg("Whitelist check: " + host + ":" + port + " (" + ip + ":" + port + " whitelisted"));

+								//throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});

+								allowed = true;

+							}

+								

+						}

+					}

+					

+					if (!allowed) {

+						if (port != -1) {

+							Logger.debug(new LogMsg("No external URIs allowed (" + host + ")"));

+							throw new MOAApplicationException("4001", new Object[]{host + "(" + ip + ")"});

+						}							

+						else {

+							Logger.debug(new LogMsg("No external URIs allowed (" + host + ":" + port + ")"));

+							throw new MOAApplicationException("4001", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});

+						}

+							

+					}

+					

+				}

+				

+				Logger.debug(new LogMsg("URI allowed: " + ip + ":" + port));

+			  	  

+			} catch (ConfigurationException e) {

+				throw new MOAApplicationException("config.10", null);

+			} catch (UnknownHostException e) {

+				throw new MOAApplicationException("4003", new Object[]{host});

+			}

+			

+			

+		

+	}

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
new file mode 100644
index 0000000..b5f72c4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
@@ -0,0 +1,142 @@
+/*

+ * Copyright 2003 Federal Chancellery Austria

+ * MOA-ID has been developed in a cooperation between BRZ, the Federal

+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.

+ *

+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by

+ * the European Commission - subsequent versions of the EUPL (the "Licence");

+ * You may not use this work except in compliance with the Licence.

+ * You may obtain a copy of the Licence at:

+ * http://www.osor.eu/eupl/

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the Licence is distributed on an "AS IS" basis,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the Licence for the specific language governing permissions and

+ * limitations under the Licence.

+ *

+ * This product combines work with different licenses. See the "NOTICE" text

+ * file for details on the various modules and licenses.

+ * The "NOTICE" text file is part of the distribution. Any derivative works

+ * that you distribute must include a readable copy of the "NOTICE" text file.

+ */

+

+package at.gv.egovernment.moa.spss.util;

+

+import java.io.InputStream;

+

+import org.apache.xerces.util.URI;

+import org.apache.xerces.util.URI.MalformedURIException;

+import org.xml.sax.EntityResolver;

+import org.xml.sax.InputSource;

+import org.xml.sax.SAXException;

+

+import at.gv.egovernment.moa.logging.LogMsg;

+import at.gv.egovernment.moa.logging.Logger;

+import at.gv.egovernment.moa.spss.MOAApplicationException;

+import at.gv.egovernment.moa.util.Constants;

+

+

+/**

+ * An <code>EntityResolver</code> that looks up entities stored as

+ * local resources.

+ * 

+ * <p>The following DTDs are mapped to local resources: 

+ * <ul>

+ * <li>The XMLSchema.dtd</li>

+ * <li>The datatypes.dtd</li>

+ * </ul>

+ * </p>

+ * <p>For all other resources, an attempt is made to resolve them as resources,

+ * either absolute or relative to <code>Constants.SCHEMA_ROOT</code>.

+ * 

+ * @author Patrick Peck

+ * @author Sven Aigner

+ */

+public class MOASPSSEntityResolver implements EntityResolver {

+

+  /**

+   * Resolve an entity.

+   * 

+   * The <code>systemId</code> parameter is used to perform the lookup of the

+   * entity as a resource, either by interpreting the <code>systemId</code> as

+   * an absolute resource path, or by appending the last path component of

+   * <code>systemId</code> to <code>Constants.SCHEMA_ROOT</code>.

+   * 

+   * @param publicId The public ID of the resource.

+   * @param systemId The system ID of the resource.

+   * @return An <code>InputSource</code> from which the entity can be read, or

+   * <code>null</code>, if the entity could not be found.

+   * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)

+   */

+  public InputSource resolveEntity(String publicId, String systemId) throws SAXException {

+    InputStream stream;

+    int slashPos;

+    

+    if (Logger.isDebugEnabled()) {

+      Logger.debug(

+        new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));

+    }

+

+    if (publicId != null) {

+      // check if we can resolve some standard dtd's

+      if (publicId.equalsIgnoreCase("-//W3C//DTD XMLSchema 200102//EN")) {

+        return new InputSource(

+          getClass().getResourceAsStream(

+            Constants.SCHEMA_ROOT + "XMLSchema.dtd"));

+      } else if (publicId.equalsIgnoreCase("datatypes")) {

+        return new InputSource(

+          getClass().getResourceAsStream(

+            Constants.SCHEMA_ROOT + "datatypes.dtd"));

+      }

+    } else if (systemId != null) {

+      // get the URI path

+      try {

+        URI uri = new URI(systemId);

+        systemId = uri.getPath();

+        

+        if ("".equals(systemId.trim())) {

+          return null;

+        }

+        

+//        if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {

+//          return null;

+//        }

+

+        ExternalURIVerifier.verify(uri.getHost(), uri.getPort());

+        

+      } catch (MalformedURIException e) {

+        return null;

+      } 

+      catch (MOAApplicationException e) {

+			throw new SAXException(e);

+      }

+      

+      // try to get the resource from the full path

+      stream = getClass().getResourceAsStream(systemId);

+      if (stream != null) {

+        InputSource source = new InputSource(stream);

+

+        source.setSystemId(systemId);

+        return source;

+      }

+

+      // try to get the resource from the last path component

+      slashPos = systemId.lastIndexOf('/');

+      if (slashPos >= 0 && systemId.length() > slashPos) {

+        systemId = systemId.substring(slashPos + 1, systemId.length());

+        stream =

+          getClass().getResourceAsStream(Constants.SCHEMA_ROOT + systemId);

+        if (stream != null) {

+          InputSource source = new InputSource(stream);

+

+          source.setSystemId(systemId);

+          return source;

+        }

+      }

+    }

+

+    return null; // nothing found - let the parser handle the entity

+  }

+

+}

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java
new file mode 100644
index 0000000..6c8a833
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.spss.util;
+
+import java.util.Locale;
+
+import at.gv.egovernment.moa.util.Messages;
+
+/**
+ * Singleton wrapper around a <code>Messages</code> object.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MessageProvider {
+  
+  /** The resource names of the messages to load. */  
+  private static final String[] DEFAULT_MESSAGE_RESOURCES =
+    { "resources/properties/spss_messages" };
+  /** The corresponding message locales. */
+  private static final Locale[] DEFAULT_MESSAGE_LOCALES =
+    new Locale[] { new Locale("de", "AT") };
+  /** The single instance of this class. */
+  private static MessageProvider instance;
+  
+  /** The messages provided by the <code>MessageProvider</code>. */
+  private Messages messages;
+  
+  /**
+   * Return the single instance of the <code>MessageProvider</code>.
+   * 
+   * Intialilizes the <code>MessageProvider</code> with the default message
+   * locations: <code>/resources/properties/spss_messages</code>.
+   * 
+   * @return The single <code>MessageProvider</code>.
+   */
+  public static synchronized MessageProvider getInstance() {
+    if (instance == null) {
+      instance =
+        new MessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+    }
+    return instance;
+  }
+
+  /**
+   * Create a <code>MessageProvider</code>.
+   * 
+   * @param resourceNames The names of the resources containing the messages.
+   * @param locales The corresponding locales.
+   */
+  protected MessageProvider(String[] resourceNames, Locale[] locales) {
+    this.messages = new Messages(resourceNames, locales);
+  }
+
+  /**
+   * Get the message corresponding to a given message ID.
+   *
+   * @param messageId The ID of the message.
+   * @param parameters The parameters to fill in into the message arguments.
+   * @return The formatted message. 
+   */
+  public String getMessage(String messageId, Object[] parameters) {
+    return messages.getMessage(messageId, parameters);
+  }
+
+   
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java
new file mode 100644
index 0000000..e9b1f7d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java
@@ -0,0 +1,26 @@
+package at.gv.egovernment.moa.spss.util;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.crypto.NodeSetData;
+
+import org.w3c.dom.NodeList;
+
+public class NodeListToNodeSetDataAdapter implements NodeSetData {
+
+	private List list = new ArrayList();
+	
+	public NodeListToNodeSetDataAdapter(NodeList list) {
+		for(int i = 0; i < list.getLength(); i++) {
+			this.list.add(list.item(i));
+		}
+	}
+	
+	@Override
+	public Iterator iterator() {
+		return this.list.iterator();
+	}
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java
new file mode 100644
index 0000000..99af843
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.spss.util;
+
+public class QCSSCDResult {
+
+	private boolean qc;
+	private boolean qcSourceTSL;
+	
+	private boolean sscd;
+	private boolean sscdSourceTSL;
+	
+	public QCSSCDResult() {
+		this.qc = false;
+		this.qcSourceTSL = false;
+		this.sscd = false;
+		this.sscdSourceTSL = false;
+	}
+	
+	public QCSSCDResult(boolean qc, boolean qcSourceTSL, boolean sscd, boolean sscdSourceTSL) {
+		this.qc = qc;
+		this.qcSourceTSL = qcSourceTSL;
+		this.sscd = sscd;
+		this.sscdSourceTSL = sscdSourceTSL;
+	}
+	
+	public boolean isQC() {
+		return this.qc;
+	}
+	public boolean isQCSourceTSL() {
+		return this.qcSourceTSL;
+	}
+	public boolean isSSCD() {
+		return this.sscd;
+	}
+	public boolean isSSCDSourceTSL() {
+		return this.sscdSourceTSL;
+	}
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java
new file mode 100644
index 0000000..edcac97
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.spss.util;
+
+import java.security.Provider;
+import java.security.Security;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SecProviderUtils {
+	
+	private static final Logger logger = LoggerFactory.getLogger(SecProviderUtils.class);
+	
+	
+	public static void dumpSecProviders(String message) {
+		
+		logger.info("Security Providers: {}", message);
+		
+		for(Provider provider : Security.getProviders()) {
+			logger.info("  - {} - {}", provider.getName(), provider.getVersion());
+		}
+	}
+}