IAIK Moa CAdES added, cms verification not working

14 files changed, 208 insertions, 49 deletions

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index b725422..d216569 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -467,7 +467,8 @@ public abstract class SPSSFactory {
     Date dateTime,
     InputStream cmsSignature,
     CMSDataObject dataObject,
-    String trustProfileID);
+    String trustProfileID,
+    boolean pdf);
 
   /**
    * Create a new <code>CMSDataObject</code> object from data at a given URI.
@@ -543,7 +544,8 @@ public abstract class SPSSFactory {
   public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
     SignerInfo signerInfo,
     CheckResult signatureCheck,
-    CheckResult certificateCheck);
+    CheckResult certificateCheck, 
+    List adesResult);
 
   //
   // Factory methods for verifying XML signatures
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java
index 225f685..3adb381 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureRequest.java
@@ -73,4 +73,6 @@ public interface VerifyCMSSignatureRequest {
    * @return The profile ID of trusted certificates.
    */
   public String getTrustProfileId();
+  
+  public boolean isPDF();
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
index a1135ba..8579a2f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
@@ -24,6 +24,8 @@
 
 package at.gv.egovernment.moa.spss.api.cmsverify;
 
+import java.util.List;
+
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 
@@ -54,4 +56,12 @@ public interface VerifyCMSSignatureResponseElement {
    */
   public CheckResult getCertificateCheck();
   
+  /**
+   * Gets AdES Form results
+   * 
+   * This might be null!
+   * 
+   * @return The result of the AdES Form validation
+   */
+  public List getAdESFormResults();
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index 8a46219..478dcb4 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -260,7 +260,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
     Date dateTime,
     InputStream cmsSignature,
     CMSDataObject dataObject,
-    String trustProfileID) {
+    String trustProfileID,
+    boolean pdf) {
     VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest =
       new VerifyCMSSignatureRequestImpl();
     verifyCMSSignatureRequest.setDateTime(dateTime);
@@ -268,6 +269,7 @@ public class SPSSFactoryImpl extends SPSSFactory {
     verifyCMSSignatureRequest.setDataObject(dataObject);
     verifyCMSSignatureRequest.setTrustProfileId(trustProfileID);
     verifyCMSSignatureRequest.setSignatories(signatories);
+    verifyCMSSignatureRequest.setPDF(pdf);
     return verifyCMSSignatureRequest;
   }
 
@@ -321,13 +323,14 @@ public class SPSSFactoryImpl extends SPSSFactory {
   public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
     SignerInfo signerInfo,
     CheckResult signatureCheck,
-    CheckResult certificateCheck) {
+    CheckResult certificateCheck, 
+    List adesResult) {
     VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement =
       new VerifyCMSSignatureResponseElementImpl();
     verifyCMSSignatureResponseElement.setSignerInfo(signerInfo);
     verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck);
     verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck);
-    
+    verifyCMSSignatureResponseElement.setAdESFormResults(adesResult);
     return verifyCMSSignatureResponseElement;
   }
 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java
index c759f5f..78d817b 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureRequestImpl.java
@@ -49,6 +49,8 @@ public class VerifyCMSSignatureRequestImpl
   private InputStream cmsSignature;
   /** The date for which to verify the signature. */
   private Date dateTime;
+  
+  private boolean pdf = false;
 
   /**
    * Sets the indexes of the signatories whose signature should be verified.
@@ -114,4 +116,12 @@ public class VerifyCMSSignatureRequestImpl
     return trustProfileId;
   }
 
+  public void setPDF(boolean value) {
+	  this.pdf = value;
+  }
+  
+  public boolean isPDF() {
+	  return this.pdf;
+  }
+
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
index f258b3b..3d6b72a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
@@ -24,6 +24,8 @@
 
 package at.gv.egovernment.moa.spss.api.impl;
 
+import java.util.List;
+
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -44,6 +46,8 @@ public class VerifyCMSSignatureResponseElementImpl
   /** Information about the certificate check. */
   private CheckResult certificateCheck;
   
+  private List adesResults = null;
+  
   /**
    * Sets a SignerInfo element according to CMS.
    * 
@@ -82,5 +86,13 @@ public class VerifyCMSSignatureResponseElementImpl
   public CheckResult getCertificateCheck() {
     return certificateCheck;
   }
+
+  public void setAdESFormResults(List adesResults) {
+	this.adesResults = adesResults;
+  }
+  
+  public List getAdESFormResults() {
+	return adesResults;
+  }
   
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index 6b3f430..bc92b7a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -103,7 +103,8 @@ public class VerifyCMSSignatureRequestParser {
       dateTime,
       cmsSignature,
       dataObject,
-      trustProfileID);
+      trustProfileID,
+      false);
   }
 
   /**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
index 972b540..9fda5e0 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java
@@ -21,7 +21,6 @@
  * that you distribute must include a readable copy of the "NOTICE" text file.
  */
 
-
 package at.gv.egovernment.moa.spss.server.iaik.cmsverify;
 
 import iaik.pki.PKIProfile;
@@ -35,27 +34,25 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
  * @author Patrick Peck
  * @version $Id$
  */
-public class CMSSignatureVerificationProfileImpl
-  implements CMSSignatureVerificationProfile {
-    
-  /** The profile for validating the certificate. */
-  private PKIProfile certificateValidationProfile;
+public class CMSSignatureVerificationProfileImpl implements CMSSignatureVerificationProfile {
+	/** The profile for validating the certificate. */
+	private PKIProfile certificateValidationProfile;
 
-  /**
-   * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile#getCertificateValidationProfile()
-   */
-  public PKIProfile getCertificateValidationProfile() {
-    return certificateValidationProfile;
-  }
+	/**
+	 * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile#getCertificateValidationProfile()
+	 */
+	public PKIProfile getCertificateValidationProfile() {
+		return certificateValidationProfile;
+	}
 
-  /**
-   * Sets the profile for validating the signer certificate.
-   * 
-   * @param certificateValidationProfile The certificate validation profile to
-   * set.
-   */
-  public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) {
-    this.certificateValidationProfile = certificateValidationProfile;
-  }
+	/**
+	 * Sets the profile for validating the signer certificate.
+	 * 
+	 * @param certificateValidationProfile
+	 *            The certificate validation profile to set.
+	 */
+	public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) {
+		this.certificateValidationProfile = certificateValidationProfile;
+	}
 
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java
new file mode 100644
index 0000000..9189597
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/PDFSignatureVerificationProfileImpl.java
@@ -0,0 +1,8 @@
+package at.gv.egovernment.moa.spss.server.iaik.cmsverify;
+
+import iaik.server.modules.cmsverify.PDFSignatureVerificationProfile;
+
+public class PDFSignatureVerificationProfileImpl extends CMSSignatureVerificationProfileImpl
+		implements PDFSignatureVerificationProfile {
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
index 87dd572..ef9ddeb 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -24,6 +24,7 @@
 
 package at.gv.egovernment.moa.spss.server.iaik.config;
 
+import iaik.cms.IaikCCProvider;
 import iaik.pki.store.revocation.RevocationFactory;
 import iaik.pki.store.revocation.RevocationSourceStore;
 import iaik.pki.store.truststore.TrustStoreFactory;
@@ -34,6 +35,7 @@ import iaik.server.modules.keys.KeyEntryID;
 import iaik.server.modules.keys.KeyModule;
 import iaik.server.modules.keys.KeyModuleFactory;
 
+import java.security.Provider;
 import java.security.Security;
 import java.util.ArrayList;
 import java.util.Iterator;
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index aca6f58..905254e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -24,12 +24,16 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
+import iaik.server.modules.AdESFormVerificationResult;
+import iaik.server.modules.AdESVerificationResult;
 import iaik.server.modules.IAIKException;
 import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.SignatureVerificationProfile;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationModule;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult;
 import iaik.x509.X509Certificate;
 
 import java.io.ByteArrayInputStream;
@@ -37,10 +41,17 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigDecimal;
+import java.security.MessageDigest;
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.io.HexDump;
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.logging.LoggingContext;
 import at.gv.egovernment.moa.logging.LoggingContextManager;
 import at.gv.egovernment.moa.spss.MOAApplicationException;
@@ -51,6 +62,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl;
 import at.gv.egovernment.moa.spss.server.config.TrustProfile;
 import at.gv.egovernment.moa.spss.server.logging.IaikLog;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
@@ -121,14 +133,14 @@ public class CMSSignatureVerificationInvoker {
     CMSSignatureVerificationProfile profile;
     Date signingTime;
     List results;
-    CMSSignatureVerificationResult result;
+    ExtendedCMSSignatureVerificationResult result;
     int[] signatories;
     InputStream input;
-    byte[] buf = new byte[256];
+    byte[] buf = new byte[2048];
 
     // get the signature
     signature = request.getCMSSignature();
-
+    
  // get the actual trustprofile
     TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
     
@@ -137,7 +149,11 @@ public class CMSSignatureVerificationInvoker {
       signedContent = getSignedContent(request);
       
       // build the profile
-      profile = profileFactory.createProfile();
+      if(request.isPDF()) {
+    	  profile = profileFactory.createPDFProfile();
+      } else {
+    	  profile = profileFactory.createProfile();
+      }
 
       // get the signing time
       signingTime = request.getDateTime();
@@ -156,9 +172,9 @@ public class CMSSignatureVerificationInvoker {
       input = module.getInputStream();
 
       while (input.read(buf) > 0);
+      //results = module.verifyCAdESSignature(signingTime);
       results = module.verifySignature(signingTime);
       
-      
     } catch (IAIKException e) {
       MOAException moaException = IaikExceptionMapper.getInstance().map(e);
       throw moaException;
@@ -191,10 +207,29 @@ public class CMSSignatureVerificationInvoker {
       Iterator resultIter;
 
       for (resultIter = results.iterator(); resultIter.hasNext();) {
-        result = (CMSSignatureVerificationResult) resultIter.next();
+    	  Object resultObject = resultIter.next();
+    	  CMSSignatureVerificationResult cmsResult = null;
+    	  List adesResults = null;
+    	  if(resultObject instanceof ExtendedCMSSignatureVerificationResult) {
+    		  result = (ExtendedCMSSignatureVerificationResult) resultObject;
+
+    		  adesResults = getAdESResult(result.getFormVerificationResult());
+
+    			if (adesResults != null) {
+    				Iterator adesIterator = adesResults.iterator();
+    				while (adesIterator.hasNext()) {
+    					Logger.info("ADES Formresults: " + adesIterator.next().toString());
+    				}
+    			}
+    	  } else {
+    		  cmsResult = (CMSSignatureVerificationResult)resultObject;
+    	  }
+    	  
+        
         String issuerCountryCode = null;
         // QC/SSCD check
-        List list = result.getCertificateValidationResult().getCertificateChain();
+        
+        List list = cmsResult.getCertificateValidationResult().getCertificateChain();
         if (list != null) {
             X509Certificate[] chain = new X509Certificate[list.size()];
             
@@ -213,7 +248,7 @@ public class CMSSignatureVerificationInvoker {
 
         }
         
-        responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+        responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
       }
     } else {
       int i;
@@ -223,11 +258,23 @@ public class CMSSignatureVerificationInvoker {
 
         try {
           result =
-            (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
+            (ExtendedCMSSignatureVerificationResult) results.get(signatories[i] - 1);
           
           String issuerCountryCode = null;
+          
+          CMSSignatureVerificationResult cmsResult = result.getCMSSignatureVerificationResult();
+          
+          List adesResults = getAdESResult(result.getFormVerificationResult());
+
+  		if (adesResults != null) {
+  			Iterator adesIterator = adesResults.iterator();
+  			while (adesIterator.hasNext()) {
+  				Logger.info("ADES Formresults: " + adesIterator.next().toString());
+  			}
+  		}
+          
           // QC/SSCD check
-          List list = result.getCertificateValidationResult().getCertificateChain();
+          List list = cmsResult.getCertificateValidationResult().getCertificateChain();
           if (list != null) {
               X509Certificate[] chain = new X509Certificate[list.size()];
               
@@ -244,7 +291,7 @@ public class CMSSignatureVerificationInvoker {
               issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); 
           }
             
-          responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+          responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
         } catch (IndexOutOfBoundsException e) {
           throw new MOAApplicationException(
             "2249",
@@ -368,4 +415,41 @@ public class CMSSignatureVerificationInvoker {
 	  
   }
 
+  
+  private List getAdESResult(AdESFormVerificationResult adesFormVerification) {
+		if (adesFormVerification == null) {
+			// no form information
+			return null;
+		}
+
+		List adesList = new ArrayList();
+
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA),
+				SignatureVerificationProfile.LEVEL_LTA, adesList);
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT),
+				SignatureVerificationProfile.LEVEL_LT, adesList);
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T),
+				SignatureVerificationProfile.LEVEL_T, adesList);
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B),
+				SignatureVerificationProfile.LEVEL_B, adesList);
+
+		return adesList;
+	}
+
+	private void checkSubResult(AdESVerificationResult subResult, String level, List adesList) {
+		if (subResult != null) {
+			Logger.info("Checking Level: " + level);
+			try {
+				AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl();
+				adESFormResultsImpl.setCode(subResult.getResultCode());
+				adESFormResultsImpl.setInfo(subResult.getInfo());
+				adESFormResultsImpl.setName(subResult.getName());
+
+				adesList.add(adESFormResultsImpl);
+			} catch (NullPointerException e) {
+				Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e);
+			}
+		}
+	}
+  
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java
index 5f459ac..74b2a89 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java
@@ -24,15 +24,15 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
-
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.iaik.cmsverify.CMSSignatureVerificationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.cmsverify.PDFSignatureVerificationProfileImpl;
 import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
 
 /**
  * A factory to create a <code>CMSSignatureVerificationProfile</code> from a
@@ -65,6 +65,31 @@ public class CMSSignatureVerificationProfileFactory {
    * <code>request</code>, based on the current configuration.
    * @throws MOAException An error occurred creating the profile.
    */
+  public CMSSignatureVerificationProfile createPDFProfile()
+    throws MOAException {
+    TransactionContext context =
+      TransactionContextManager.getInstance().getTransactionContext();
+    ConfigurationProvider config = context.getConfiguration();
+    PDFSignatureVerificationProfileImpl profile =
+      new PDFSignatureVerificationProfileImpl();
+    String trustProfileID;
+
+    // set the certificate validation profile
+    trustProfileID = request.getTrustProfileId();
+    profile.setCertificateValidationProfile(
+      new PKIProfileImpl(config, trustProfileID));
+
+    return profile;
+  }
+  
+  /**
+   * Create a <code>CMSSignatureVerificationProfile</code> from the given
+   * request and the current MOA configuration.
+   * 
+   * @return The <code>CMSSignatureVerificationProfile</code> for the
+   * <code>request</code>, based on the current configuration.
+   * @throws MOAException An error occurred creating the profile.
+   */
   public CMSSignatureVerificationProfile createProfile()
     throws MOAException {
     TransactionContext context =
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 1ea10cb..f32093a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -79,7 +79,7 @@ public class VerifyCMSSignatureResponseBuilder {
    * 		otherwise <code>false</code>.
  * @throws MOAException 
    */
-  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode)
+  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults)
     throws MOAException {
 	  
     CertificateValidationResult certResult =
@@ -118,7 +118,8 @@ public class VerifyCMSSignatureResponseBuilder {
       factory.createVerifyCMSSignatureResponseElement(
         signerInfo,
         signatureCheck,
-        certificateCheck);
+        certificateCheck, 
+        adesResults);
     responseElements.add(responseElement);
   }
   
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
index 10dc79d..dcb1397 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.logging;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import iaik.logging.TransactionId;
 
@@ -40,7 +42,7 @@ public class IaikLog implements iaik.logging.Log {
   /** The hierarchy to log all IAIK output to. */
   public static final String IAIK_LOG_HIERARCHY = "iaik.server";
   /** The commons-loggin <code>Log</code> to use for logging the messages. */
-  private static Log log = LogFactory.getLog(IAIK_LOG_HIERARCHY);
+  private static Logger log = LoggerFactory.getLogger(IAIK_LOG_HIERARCHY);
   /** The node ID to use. */
   private String nodeId;
   
@@ -66,7 +68,7 @@ public class IaikLog implements iaik.logging.Log {
   public void debug(TransactionId transactionId, Object message, Throwable t) {
     IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
 
-    log.debug(msg, t);
+    log.debug(msg.toString(), t);
   }
 
   /**
@@ -82,7 +84,7 @@ public class IaikLog implements iaik.logging.Log {
   public void info(TransactionId transactionId, Object message, Throwable t) {
     IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
 
-    log.info(msg, t);
+    log.info(msg.toString(), t);
   }
 
   /**
@@ -98,7 +100,7 @@ public class IaikLog implements iaik.logging.Log {
   public void warn(TransactionId transactionId, Object message, Throwable t) {
     IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
 
-    log.warn(msg, t);
+    log.warn(msg.toString(), t);
   }
 
   /**
@@ -114,14 +116,14 @@ public class IaikLog implements iaik.logging.Log {
   public void error(TransactionId transactionId, Object message, Throwable t) {
     IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
 
-    log.error(msg, t);
+    log.error(msg.toString(), t);
   }
 
   /**
    * @see iaik.logging.Log#isFatalEnabled()
    */
   public boolean isFatalEnabled() {
-    return log.isFatalEnabled();
+    return log.isErrorEnabled();
   }
 
   /**
@@ -130,7 +132,7 @@ public class IaikLog implements iaik.logging.Log {
   public void fatal(TransactionId transactionId, Object message, Throwable t) {
     IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message);
 
-    log.fatal(msg, t);
+    log.error(msg.toString(), t);
   }
 
   /**