test(pkix): add certStore tests

21 files changed, 694 insertions, 6 deletions

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 533931d..5daf1a6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -1562,10 +1562,12 @@ public class ConfigurationPartsBuilder {
 
   public boolean getAutoEEAddCertificates() {
     final String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_EE_CERTIFICATES_XPATH_, null);
-    if (autoAdd != null) {
+    if (autoAdd != null) {      
       return Boolean.valueOf(autoAdd).booleanValue();
+      
     } else {
       return false;
+      
     }
 
   }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
index 0032dc6..a53bce8 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
@@ -211,12 +211,15 @@ public class PKIProfileImpl implements PKIProfile {
     if (config.getAutoAddCertificates()) {
       if (config.getAutoAddEECertificates()) {
         return PKIProfile.AUTO_ADD_ENABLE;
+        
       } else {
         return PKIProfile.AUTO_ADD_EE_DISABLE;
+        
       }
 
     } else {
       return PKIProfile.AUTO_ADD_DISABLE;
+      
     }
 
   }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java
new file mode 100644
index 0000000..79a0401
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java
@@ -0,0 +1,157 @@
+package at.gv.egovernment.moa.spss.util;
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pkcs.PKCS7CertList;
+import iaik.pkcs.PKCSParsingException;
+import iaik.security.provider.IAIK;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.EccProviderAdapter;
+
+// Copyright (C) 2011 IAIK
+// http://jce.iaik.at
+//
+// Copyright (C) 2011 Stiftung Secure Information and
+// Communication Technologies SIC
+// http://www.sic.st
+//
+// All rights reserved.
+//
+// This source is provided for inspection purposes and recompilation only,
+// unless specified differently in a contract with IAIK. This source has to
+// be kept in strict confidence and must not be disclosed to any third party
+// under any circumstances. Redistribution in source and binary forms, with
+// or without modification, are <not> permitted in any case!
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+// SUCH DAMAGE.
+//
+//
+
+public class CertificateReader {
+
+    /**
+     * Filter for reading certificate files from a directory.
+     * The filter accepts a file if its name ends with
+     * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot;
+     * or &quot;.pem&quot;.
+     *
+     * @author Harald Bratko
+     * @author Konrad Lanz
+     */
+    static class CertificateFileFilter implements FileFilter {
+
+      /**
+       * Accepts a file if it is not a directory and its name ends with
+       * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot; or &quot;.pem&quot;.
+       *
+       * @see java.io.FileFilter#accept(java.io.File)
+       */
+      public boolean accept(File file) {
+        String name = file.getName();
+        if (name.endsWith(".der") ||
+          name.endsWith(".cer") ||
+          name.endsWith(".crt") ||
+          name.endsWith(".pem"))
+        {
+          return true;
+        } else {
+          return false;
+        }
+      }
+    }
+
+
+
+    /**
+     * Reads the certificates from the given directory and
+     * returns the certificates as sorted list (end user certificate first).
+     * @param directory
+     * @return
+     * @throws IOException
+     * @throws FileNotFoundException
+     * @throws CertificateException
+     * @throws Exception
+     */
+    public static X509Certificate[] readCertificatesIntoArray(String directory) throws CertificateException, FileNotFoundException, IOException{
+    			
+      File file = new File(directory); 
+      File[] certificateFiles = file.listFiles(new CertificateFileFilter());
+      int l = certificateFiles.length;
+      X509Certificate[] certs = new X509Certificate[l];
+      for (int i=0; i<certificateFiles.length; i++) {
+        X509Certificate certificate = new X509Certificate(new FileInputStream(certificateFiles[i]));
+        certs[i] = certificate;
+      }
+      //return certs;
+      return Util.arrangeCertificateChain(certs, false);
+    }
+
+    /**
+     * Reads the certificates from the given directory and
+     * returns the certificates as sorted list (end user certificate first).
+     * @param directory
+     * @return
+     * @throws IOException
+     * @throws FileNotFoundException
+     * @throws CertificateException
+     * @throws Exception
+     */
+    public static List<X509Certificate> readCertificates(String directory) throws CertificateException, FileNotFoundException, IOException{
+
+      return Arrays.asList(readCertificatesIntoArray(directory));
+    }
+
+    public static void main(String[] args) {
+      try {
+
+      	IAIK.addAsJDK14Provider();
+      	 //IAIK.addAsProvider();
+      	 //Security.addProvider(new IAIK());
+
+      	// install ECC provider
+      	Security.addProvider(EccProviderAdapter.getEccProvider());
+
+        String dir = "target/classes/spec/examples/EU/AT/certs/on-tsl/chain/";
+        List l = readCertificates(dir);
+        Iterator<X509Certificate> it = l.iterator();
+        while (it.hasNext()) {
+          System.out.println(((X509Certificate)it.next()).getSubjectDN().getName());
+        }
+      } catch (Exception e) {
+        e.printStackTrace();
+        System.exit(1);
+      }
+
+    }
+
+		public static X509Certificate[] p7read(File path) throws PKCSParsingException, FileNotFoundException, IOException {
+    	PKCS7CertList p7certList = new PKCS7CertList(
+    		new BufferedInputStream(
+    			new FileInputStream(
+    				path
+    			)
+    		)
+    	);
+    	return p7certList.getCertificateList();
+		}
+  }
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java
index dd7890c..315f56e 100644
--- a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/SPSSTestCase.java
@@ -24,8 +24,6 @@
 
 package test.at.gv.egovernment.moa.spss;
 
-import java.security.Security;
-
 import test.at.gv.egovernment.moa.MOATestCase;
 import at.gv.egovernment.moaspss.logging.Logger;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
index fd5b278..d0e53d3 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
@@ -7,12 +7,18 @@ import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
+import java.io.FileInputStream;
 import java.io.IOException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.Date;
 
 import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.BlockJUnit4ClassRunner;
@@ -23,8 +29,20 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.cmsverify.PDFSignatureVerificationProfileImpl;
+import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
 import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
 import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
+import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIModule;
+import iaik.pki.PKIResult;
+import iaik.server.cmspdfverify.CMSVerifyUtils;
+import iaik.x509.X509Certificate;
+import at.gv.egovernment.moa.spss.test.integration.utils.CertificateReader;
 
 @RunWith(BlockJUnit4ClassRunner.class)
 public class PadesIntegrationTest extends AbstractIntegrationTest {
@@ -39,6 +57,9 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
     final String current = new java.io.File(".").getCanonicalPath();
     System.setProperty("moa.spss.server.configuration",
         current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
+    System.setProperty("iaik.esi.sva.configuration.location",
+        current + "/src/test/resources/moaspss_config/svaconfig.example");
+    
     moaSpssCore = SystemInitializer.init();
 
   }
@@ -50,6 +71,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
 
   }
 
+  @Ignore
   @Test
   public void missingTrustProfile() throws IOException {
     final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
@@ -66,6 +88,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
 
   }
 
+  @Ignore
   @Test
   public void basicValidationCadesSignature() throws MOAException, IOException {
     final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
@@ -101,6 +124,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
 
   }
 
+  @Ignore
   @Test
   public void extendedValidationCadesSignature() throws MOAException, IOException {
     final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
@@ -138,12 +162,68 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
     }
 
     assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck());
-    assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode());
+    assertEquals("ext. val major", 1, cmsResult.getExtendedCertificateCheck().getMajorCode());
     assertEquals("ext. val major", 24, cmsResult.getExtendedCertificateCheck().getMinorCode());
 
     assertNotNull("byteRange", cmsResult.getByteRangeOfSignature());
     assertEquals("used sig alg", "SHA1withRSA", cmsResult.getSignatureAlgorithm());
 
   }
+  
+  @Ignore
+  @Test
+  public void padesLteTest() throws MOAException, IOException {
+    final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
+        IOUtils.toByteArray(new FileInputStream("/home/tlenz/Projekte/signaturprueftool/test_docs/20220623_rtr/Amtsiegel.pdf")),
+        "MOAIDBuergerkarteAuthentisierungsDaten",
+        true,
+        false);
+
+    // perform test
+    final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
+
+    // verify result
+    assertNotNull("verification result", result);
+    
+  }
+  
+  @Test
+  public void padesOwnTest() throws Exception {
+    final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
+        IOUtils.toByteArray(new FileInputStream("/home/tlenz/Projekte/pdfas4/testdocs/enc_own_signed_neuer.pdf")),
+        "MOAIDBuergerkarteAuthentisierungsDaten",
+        true,
+        false);
+
+    // perform test
+    final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
+
+    // verify result
+    assertNotNull("verification result", result);
+
+
+    
+    
+  }
+  
+  @Ignore
+  @Test
+  public void pkixTest() throws Exception {
+    final String current = new java.io.File(".").getCanonicalPath();       
+    X509Certificate[] chain = CertificateReader.readCertificatesIntoArray(current + "/src/test/resources/testdata/pkix/chain/");   
+    
+    PKIModule pkiModule = PKIFactory.getInstance().getPKIModule(
+        new PKIProfileImpl(ConfigurationProvider.getInstance(), "MOAIDBuergerkarteAuthentisierungsDaten"));
+    PKIResult pkiResult = pkiModule.validateCertificate(
+        new Date(), 
+        (X509Certificate) chain[0], 
+        (X509Certificate[]) ArrayUtils.subarray(chain, 1, chain.length), 
+        (boolean[])null, 
+        new TransactionId("aabbccdd"));    
+    
+    System.out.print("Finished");
+    
+  }
+  
 
 }
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java
index 20b130a..50ad14e 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java
@@ -6,6 +6,7 @@ import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.Collections;
@@ -40,7 +41,6 @@ import at.gv.egovernment.moa.spss.server.monitoring.ServiceStatusContainer;
 import at.gv.egovernment.moa.spss.test.integration.AbstractIntegrationTest;
 
 @RunWith(BlockJUnit4ClassRunner.class)
-@Ignore
 public class OfficialEuTslTest extends AbstractIntegrationTest {
 
   CMSSignatureVerificationInvoker cadesInvoker;
@@ -162,4 +162,20 @@ public class OfficialEuTslTest extends AbstractIntegrationTest {
 
   }
   
+  @Test
+  public void padesLteTest() throws MOAException, IOException {
+    final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
+        IOUtils.toByteArray(new FileInputStream("/home/tlenz/Projekte/signaturprueftool/test_docs/20220623_rtr/Amtsiegel.pdf")),
+        "OnlyTSL",
+        true,
+        true);
+
+    // perform test
+    final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
+
+    // verify result
+    assertNotNull("verification result", result);
+    
+  }
+  
 }
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/CertificateReader.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/CertificateReader.java
new file mode 100644
index 0000000..db5d55f
--- /dev/null
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/CertificateReader.java
@@ -0,0 +1,157 @@
+package at.gv.egovernment.moa.spss.test.integration.utils;
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
+
+import iaik.pkcs.PKCS7CertList;
+import iaik.pkcs.PKCSParsingException;
+import iaik.security.provider.IAIK;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.EccProviderAdapter;
+
+// Copyright (C) 2011 IAIK
+// http://jce.iaik.at
+//
+// Copyright (C) 2011 Stiftung Secure Information and
+// Communication Technologies SIC
+// http://www.sic.st
+//
+// All rights reserved.
+//
+// This source is provided for inspection purposes and recompilation only,
+// unless specified differently in a contract with IAIK. This source has to
+// be kept in strict confidence and must not be disclosed to any third party
+// under any circumstances. Redistribution in source and binary forms, with
+// or without modification, are <not> permitted in any case!
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+// SUCH DAMAGE.
+//
+//
+
+public class CertificateReader {
+
+    /**
+     * Filter for reading certificate files from a directory.
+     * The filter accepts a file if its name ends with
+     * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot;
+     * or &quot;.pem&quot;.
+     *
+     * @author Harald Bratko
+     * @author Konrad Lanz
+     */
+    static class CertificateFileFilter implements FileFilter {
+
+      /**
+       * Accepts a file if it is not a directory and its name ends with
+       * &quot;.cer&quot;, &quot;.der&quot;, &quot;.crt&quot; or &quot;.pem&quot;.
+       *
+       * @see java.io.FileFilter#accept(java.io.File)
+       */
+      public boolean accept(File file) {
+        String name = file.getName();
+        if (name.endsWith(".der") ||
+          name.endsWith(".cer") ||
+          name.endsWith(".crt") ||
+          name.endsWith(".pem"))
+        {
+          return true;
+        } else {
+          return false;
+        }
+      }
+    }
+
+
+
+    /**
+     * Reads the certificates from the given directory and
+     * returns the certificates as sorted list (end user certificate first).
+     * @param directory
+     * @return
+     * @throws IOException
+     * @throws FileNotFoundException
+     * @throws CertificateException
+     * @throws Exception
+     */
+    public static X509Certificate[] readCertificatesIntoArray(String directory) throws CertificateException, FileNotFoundException, IOException{
+    			
+      File file = new File(directory); 
+      File[] certificateFiles = file.listFiles(new CertificateFileFilter());
+      int l = certificateFiles.length;
+      X509Certificate[] certs = new X509Certificate[l];
+      for (int i=0; i<certificateFiles.length; i++) {
+        X509Certificate certificate = new X509Certificate(new FileInputStream(certificateFiles[i]));
+        certs[i] = certificate;
+      }
+      //return certs;
+      return Util.arrangeCertificateChain(certs, false);
+    }
+
+    /**
+     * Reads the certificates from the given directory and
+     * returns the certificates as sorted list (end user certificate first).
+     * @param directory
+     * @return
+     * @throws IOException
+     * @throws FileNotFoundException
+     * @throws CertificateException
+     * @throws Exception
+     */
+    public static List<X509Certificate> readCertificates(String directory) throws CertificateException, FileNotFoundException, IOException{
+
+      return Arrays.asList(readCertificatesIntoArray(directory));
+    }
+
+    public static void main(String[] args) {
+      try {
+
+      	IAIK.addAsJDK14Provider();
+      	 //IAIK.addAsProvider();
+      	 //Security.addProvider(new IAIK());
+
+      	// install ECC provider
+      	Security.addProvider(EccProviderAdapter.getEccProvider());
+
+        String dir = "target/classes/spec/examples/EU/AT/certs/on-tsl/chain/";
+        List l = readCertificates(dir);
+        Iterator<X509Certificate> it = l.iterator();
+        while (it.hasNext()) {
+          System.out.println(((X509Certificate)it.next()).getSubjectDN().getName());
+        }
+      } catch (Exception e) {
+        e.printStackTrace();
+        System.exit(1);
+      }
+
+    }
+
+		public static X509Certificate[] p7read(File path) throws PKCSParsingException, FileNotFoundException, IOException {
+    	PKCS7CertList p7certList = new PKCS7CertList(
+    		new BufferedInputStream(
+    			new FileInputStream(
+    				path
+    			)
+    		)
+    	);
+    	return p7certList.getCertificateList();
+		}
+  }
\ No newline at end of file
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration.xml
index 44a04fa..f6abbb7 100644
--- a/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration.xml
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration.xml
@@ -40,6 +40,7 @@
 		<cfg:CertificateValidation>
 			<cfg:PathConstruction>
 				<cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
+				<cfg:AutoAddEECertificates>false</cfg:AutoAddEECertificates>
 				<cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
 				<cfg:CertificateStore>
 					<cfg:DirectoryStore>
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_without_TSL.xml b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_without_TSL.xml
new file mode 100644
index 0000000..772a327
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_without_TSL.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper-->
+<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<cfg:Common>
+		<cfg:PermitExternalUris>
+			<cfg:BlackListUri>
+				<cfg:IP>192.168</cfg:IP>
+			</cfg:BlackListUri>			
+		</cfg:PermitExternalUris>
+	</cfg:Common>
+  
+  <cfg:SignatureCreation>
+		<cfg:KeyModules>
+      <cfg:SoftwareKeyModule>
+				<cfg:Id>SKM_junit</cfg:Id>
+				<cfg:FileName>keys/junit_signing.p12</cfg:FileName>
+				<cfg:Password>nichts</cfg:Password>
+			</cfg:SoftwareKeyModule>
+		</cfg:KeyModules>
+    <cfg:KeyGroup>
+			<cfg:Id>KG_junit</cfg:Id>
+			<cfg:Key>
+				<cfg:KeyModuleId>SKM_junit</cfg:KeyModuleId>
+				<cfg:KeyCertIssuerSerial>
+					<dsig:X509IssuerName>CN=MOA-SPSS signing,OU=jUnit Tests,O=EGIZ,C=AT</dsig:X509IssuerName> 
+          <dsig:X509SerialNumber>1619541256</dsig:X509SerialNumber>
+				</cfg:KeyCertIssuerSerial>
+			</cfg:Key>
+		</cfg:KeyGroup>
+    <cfg:KeyGroupMapping>
+			<cfg:KeyGroupId>KG_junit</cfg:KeyGroupId>
+		</cfg:KeyGroupMapping>
+		<cfg:XMLDSig>
+      <cfg:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</cfg:CanonicalizationAlgorithm>
+			<cfg:DigestMethodAlgorithm>http://www.w3.org/2000/09/xmldsig#sha256</cfg:DigestMethodAlgorithm>
+		</cfg:XMLDSig>
+	</cfg:SignatureCreation>
+  
+	<cfg:SignatureVerification>
+		<cfg:CertificateValidation>
+			<cfg:PathConstruction>
+				<cfg:AutoAddCertificates>false</cfg:AutoAddCertificates>
+				<cfg:AutoAddEECertificates>false</cfg:AutoAddEECertificates>
+				<cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
+				<cfg:CertificateStore>
+					<cfg:DirectoryStore>
+						<cfg:Location>certstore</cfg:Location>
+					</cfg:DirectoryStore>
+				</cfg:CertificateStore>
+			</cfg:PathConstruction>
+			<cfg:PathValidation>
+				<cfg:ChainingMode>
+					<cfg:DefaultMode>pkix</cfg:DefaultMode>
+					<cfg:TrustAnchor>
+						<cfg:Identification>
+							<dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+							<dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+						</cfg:Identification>
+						<cfg:Mode>chaining</cfg:Mode>
+					</cfg:TrustAnchor>
+					<cfg:TrustAnchor>
+             <cfg:Identification>
+               <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName>
+               <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber>
+             </cfg:Identification>
+             <cfg:Mode>chaining</cfg:Mode>
+          </cfg:TrustAnchor>
+				</cfg:ChainingMode>
+				<cfg:TrustProfile>
+					<cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id>
+					<cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
+				</cfg:TrustProfile>
+				<cfg:TrustProfile>
+					<cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
+					<cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
+				</cfg:TrustProfile>
+				<cfg:TrustProfile>
+					<cfg:Id>jUnitSigning</cfg:Id>
+					<cfg:TrustAnchorsLocation>trustProfiles/jUnitSigning</cfg:TrustAnchorsLocation>
+				</cfg:TrustProfile>        
+			</cfg:PathValidation>
+			<cfg:RevocationChecking>
+				<cfg:EnableChecking>true</cfg:EnableChecking>
+				<cfg:MaxRevocationAge>0</cfg:MaxRevocationAge>
+				<cfg:ServiceOrder>
+					<cfg:Service>OCSP</cfg:Service>
+					<cfg:Service>CRL</cfg:Service>
+				</cfg:ServiceOrder>
+				<cfg:Archiving>
+					<cfg:EnableArchiving>false</cfg:EnableArchiving>
+					<cfg:ArchiveDuration>365</cfg:ArchiveDuration>
+					<cfg:Archive>
+						<cfg:DatabaseArchive>
+							<cfg:JDBCURL>jdbc:url</cfg:JDBCURL>
+							<cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName>
+						</cfg:DatabaseArchive>
+					</cfg:Archive>
+				</cfg:Archiving>
+			</cfg:RevocationChecking>
+		</cfg:CertificateValidation>				
+    	<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>SL20Authblock_v1.0</cfg:Id>
+			<cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location>      
+		</cfg:VerifyTransformsInfoProfile>		
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id>
+			<cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location>      
+		</cfg:VerifyTransformsInfoProfile>
+    <cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>SL20Authblock_v1.0_OWN</cfg:Id>
+			<cfg:Location>profiles/SL20_authblock_v1.0_own.xml</cfg:Location>      
+		</cfg:VerifyTransformsInfoProfile>    	
+	</cfg:SignatureVerification>
+</cfg:MOAConfiguration>
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/svaconfig.example b/moaSig/moa-sig/src/test/resources/moaspss_config/svaconfig.example
index 7be4541..317f1b8 100644
--- a/moaSig/moa-sig/src/test/resources/moaspss_config/svaconfig.example
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/svaconfig.example
@@ -69,7 +69,7 @@ tstkeylenconstraint={rsa, 1024, 2000-08-08}
 indicationmapping={FORMAT_FAILURE,INDETERMINATE};{NO_VALID_TIMESTAMPS_FOUND, INDETERMINATE}
 
 # Allows any key usage if set to true, otherwise only dig. signature
-allowanykeyusage=false
+allowanykeyusage=true
 
 # Defines the chaining model for path validation.
 # possible values are:
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-05.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-05.cer
new file mode 100644
index 0000000..2bf4ad7
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-05.cer
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
new file mode 100644
index 0000000..2353127
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGMTCCBBmgAwIBAgIEDoVJaDANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
+QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg
+aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEYMBYGA1UECwwPQS1UcnVzdC1S
+b290LTA3MRgwFgYDVQQDDA9BLVRydXN0LVJvb3QtMDcwHhcNMjAwMzExMTUyMTE0
+WhcNMzYxMTEzMTQyMTE0WjCBnTELMAkGA1UEBhMCQVQxSDBGBgNVBAoMP0EtVHJ1
+c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZl
+cmtlaHIgR21iSDEhMB8GA1UECwwYYS1zaWduLXByZW1pdW0tbW9iaWxlLTA3MSEw
+HwYDVQQDDBhhLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDcwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC6M5Q0eSLBBakFL7I5G2NvbLvzcXR6Uf/rEhg79CQt
+hCQYfL4suddGQz6TySTp2KoJMQqacZKHzLrG/aor75MojcAfdj5nN4mKSzeyhgrq
+AEm60c6nwpkbJsdf+HECi5b8nRJwlmXTy8BcTLLY14gitrprsmQRtRMLDc1Sy47i
+yWG29G5p36RNoC9ErZAHx4dVOrqvW+N0ILI6zPHxMyW/d0RrGmldoIJ3AOYLfkg2
+xeeHisPZBocvdgm7B0F/sXnfCpQWIQygPkOjyLqiCCvuOSnSm4qa357foP4h86Yz
+4iEFbEWawKwCIz4mtex4U4fiqppjekCaTavX093jBUUEyGrSA+5CCM2iBDTxBEmd
+uTbEDKAK40qsIdYMLRx9D1VUNk9DtTT5VkOou1mGMjxZ36QM+3HXmaqZSuVyX1Vm
+3bCc2O+L6VC/5Wp8y5nnzemTCu5f4+JxGNtH7ti4AVtSyp4hzDwwJHklOB2YmnsP
+FJfrWVB8V+QdJ2TdHBmzRcYWSM85345/vfRRpLXKMH2ToNQB2HN3fArlqgblRI1c
+/VrhpONCmpaUIqoDHDeJSZfjEY/ITTIVBZkvaNIPiZkkgF8iKkLFgQU/BPGRm/i5
+HQ+ACC7SVDdN4gLyixiOoIOKBgcC5pFSWNDUPmhs1EwW5dkhYRqvo6vUOKaEGSSS
+DQIDAQABo4GIMIGFMBMGA1UdIwQMMAqACETAEa1TJ4f0MBEGA1UdDgQKBAhH1+x/
+R9ISYjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAx
+MC+gLaArhilodHRwOi8vY3JsLmEtdHJ1c3QuYXQvY3JsL0EtVHJ1c3QtUm9vdC0w
+NzANBgkqhkiG9w0BAQsFAAOCAgEAJH8ljqDtpFFU46zoIkqZmnv9uY1udYnjy3HV
++xE0Q7EeuithsP92A39p6bwtUS9FDokmMS4+XZSj72VBdt5t8tUKkFk2eBO9SMs9
+sM870G77by1hsjVQjEhQjnZVbxsV8jR0n6CiurUix21AQ1qn8LIgbPYL94Rng5i1
+YqXQdY8EcduO4+QJ230s9pUlBldpipXdVvs0mkY5XYj/QBgBT+ubbKTHj4sZiNvj
+fe2MjAP2BSP9aAwf/IcbxXFy3lU+q9YQTO9VlbpuE1EU/8DPZ4tNGpEwPNT6xZ4G
+CALOC83waE9U/NtdNCE4BYDQYRS9E1yxPs6NV/XTa+ywG8vUDli3qtmFu1MOGByy
+i/YDSpTSFAg8bls2ZWeMUzS2/qOtgc2zxlko+Hy/VjCtxE7sIfGPg+UVnK2GtL6w
+4kOCfO9XJ5WwsffVL6+ZUg+Dd9Rxth3JYD72J+EjpQyguAil9+Onq9p9JQCmPEcJ
+L63MFT7UEluQQq4TgwupBtNDnyQ0JwJ/cW6gL35HBD11VmlxwpjnGTmlb801BDpK
+mmbvoBV5mFqQD9S6Vtug30t+9p4py0Y96BIGPqcMvNTV1+vxRxtGRt5KU3BHoNBI
+CJoTMDl7+L4EabQLcMCEOfmYEgyPAxm671xiWHNGUieqyW6whrzT2WDGPfoOIdUa
+IR4ebFU=
+-----END CERTIFICATE-----
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_1.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_1.cer
new file mode 100644
index 0000000..32d8889
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_1.cer
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----

+MIIEgzCCA2ugAwIBAgIDAOSjMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB

+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp

+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1

+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa

+Fw0xNDEyMTMyMzAwMDBaMIGXMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz

+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy

+a2VociBHbWJIMR4wHAYDVQQLDBVhLXNpZ24tUHJlbWl1bS1TaWctMDIxHjAcBgNV

+BAMMFWEtc2lnbi1QcmVtaXVtLVNpZy0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEP

+ADCCAQoCggEBANZZNjVoS1r6DchywTTX58dkZ4KJRSwt78fipFxGlf0KrniYB+v5

+Vr5wodgwQ6E6AZFtvIzjYUolN3PjlEAnVaeCeZCeadnH32+Tvl+7MGKkfH9D0Xmw

+xkVcSYf4Rld/8H7JNFMyeyzefyCm1HMehpdgbhJ1+bO5P3Mbh2W8ca9qWfisdbj5

+VXu+niGWG0mXTbMtgPeiSsb9YAQ2UlvJjofZvnSaNv39Q3TRmIROXuhIHyD5wjcK

+A6qR2RD6eYpIG+yqZbGqxw65AIYHeD5li4jL0EsWxm6+eNBABA7GTcko4nxgKFv8

+wcqjiFBGKclznmHP0sSbxDxsrPK3gBj7Q8kCAwEAAaOB4TCB3jAPBgNVHRMBAf8E

+BTADAQH/MBEGA1UdDgQKBAhN3+H/S9nJ3zATBgNVHSMEDDAKgAhCPSskpsFFzjAO

+BgNVHQ8BAf8EBAMCAQYwgZIGA1UdHwSBijCBhzCBhKCBgaB/hn1sZGFwOi8vbGRh

+cC5hLXRydXN0LmF0L291PUEtVHJ1c3QtUXVhbC0wMixvPUEtVHJ1c3QsYz1BVD9j

+ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy

+dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEASBVGa0aeSFz3

+77OrRFmMAs7rh8kG+rRue8Ze0JuHR6P9DltPwH4B5oFtninmhImejKLR2CmdNbtk

+ujNlXAY0KONJZIi7bXwotx4E23JUmIx5U2KtOmUzmI6JGcqJw5cu4i73Au6fKgSD

+BM1+XyMH5/EKd51NWhhe2ByfC2BQ3qlgt11j0sNTapdz0OhvAxa6Dd9D5VCumwUy

+8hEn/w9T4ZN1zabqJiD9ERiTLvJsP2zIg+Z0XssnqeRw0tk/Vn7htwCFn0/vFZkU

+qMdbtxducOBa5LfbRkpzwAS5kAOZGcAHUD/3FVlCr59Z86e1WWwq3aSUN+XKOLd+

+ypPntzbNSA==

+-----END CERTIFICATE-----

diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_2.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_2.cer
new file mode 100644
index 0000000..29b2127
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-02_2.cer
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----

+MIIEgzCCA2ugAwIBAgIDFE4QMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB

+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp

+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1

+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0xNDA3MDExMTM3NTVa

+Fw0yNDA3MDEwOTM3NTVaMIGXMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz

+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy

+a2VociBHbWJIMR4wHAYDVQQLDBVhLXNpZ24tUHJlbWl1bS1TaWctMDIxHjAcBgNV

+BAMMFWEtc2lnbi1QcmVtaXVtLVNpZy0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEP

+ADCCAQoCggEBANZZNjVoS1r6DchywTTX58dkZ4KJRSwt78fipFxGlf0KrniYB+v5

+Vr5wodgwQ6E6AZFtvIzjYUolN3PjlEAnVaeCeZCeadnH32+Tvl+7MGKkfH9D0Xmw

+xkVcSYf4Rld/8H7JNFMyeyzefyCm1HMehpdgbhJ1+bO5P3Mbh2W8ca9qWfisdbj5

+VXu+niGWG0mXTbMtgPeiSsb9YAQ2UlvJjofZvnSaNv39Q3TRmIROXuhIHyD5wjcK

+A6qR2RD6eYpIG+yqZbGqxw65AIYHeD5li4jL0EsWxm6+eNBABA7GTcko4nxgKFv8

+wcqjiFBGKclznmHP0sSbxDxsrPK3gBj7Q8kCAwEAAaOB4TCB3jAPBgNVHRMBAf8E

+BTADAQH/MBEGA1UdDgQKBAhN3+H/S9nJ3zATBgNVHSMEDDAKgAhCPSskpsFFzjAO

+BgNVHQ8BAf8EBAMCAQYwgZIGA1UdHwSBijCBhzCBhKCBgaB/hn1sZGFwOi8vbGRh

+cC5hLXRydXN0LmF0L291PUEtVHJ1c3QtUXVhbC0wMixvPUEtVHJ1c3QsYz1BVD9j

+ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy

+dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAY6wF/ErpGbsM

+CwOkFH3MOvxYuxEAs2hpQOkz2KawDuocMRhZpESubzFSE3RxHxc7zgL60P6mOoT8

+G9IFlk/EOOFerBulJCyD3TR84MalgC3bj5hgC0H3/FJsVNRbbxlecbrroA+4S8DP

+U1F6mu9ImWGfuTWcV2Wa5pleJym5ICjTKL3v6tPLUdDlbcswkmxNf1uBZVsmta81

+BI1W9+33du1cVyymRZ2EfnL5kbAj6hdQ6qGfLjkZbZGXHWNNrfh/oGTzVALpmBwZ

+q6rqYapWYU2T8z1WDz7fTNcpawM8Plxe8dNC6pCVeGQQApqYM4zm/4lC46V3ihjt

+csETorSnVQ==

+-----END CERTIFICATE-----

diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-05.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-05.cer
new file mode 100644
index 0000000..7ad406e
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-05.cer
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----

+MIIGKDCCBBCgAwIBAgIDD824MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJB

+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp

+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVJv

+b3QtMDUxGDAWBgNVBAMMD0EtVHJ1c3QtUm9vdC0wNTAeFw0xMzA5MjMxMzI4NTha

+Fw0yMzA5MjAxMTI4NThaMIGXMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz

+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy

+a2VociBHbWJIMR4wHAYDVQQLDBVhLXNpZ24tUHJlbWl1bS1TaWctMDUxHjAcBgNV

+BAMMFWEtc2lnbi1QcmVtaXVtLVNpZy0wNTCCAiAwDQYJKoZIhvcNAQEBBQADggIN

+ADCCAggCggIBAKWkdHxXUo847W9MqYSOH8H0mulJ11qOPAwHISvZFVJ5jpklQE4Z

+7Eb+NKP/3tyGCE2IJPul0aKSBPjiMOwXlmD6FpDe2yoPxslu8/8nh28mo6Oyxnu/

+9WhnEv7u+P/VDUwI7avTRqj61m6mw39EfRMDrusJwa3MIZ1mmin+W6blUtOuuDUt

+6Oh1cGPTeZyNybZBPYgTibWaiYx8Od+zhQ40t6bC03U+DxxuNfCgOsieGeOc6JzJ

+Rtd7Tye8TAyVn9WDQyllvmO/Lst6oHpb50vKX5Hd5Xo5Ju2K3xWSx5sMrL8BUhAi

+lpm4LM8YLTMKeaz5kaCdO8w0XKUJdFH9i/MEeAgSimZ0hIpvMpLSg25ySvMRS6Z7

+RsllA4xtnEG4Bu9P7FNeoyRm4Nd5UsIbug648wqXrf9PGsqPDjX7/3tSc67iJJ/w

+YgsOUIcrHsykhOIjVbpOeAKYwb1UAiXS2UjgDyVDX6atppHmAut1ig4ouJ27CUB7

+jhSVqoOxmxKpTzu+gHJo+cLb0ihVzvKu5EFI7b50KE8xPQCFHbe9YBdq3oGoq1M7

+OvBTVZ369d1yzwwK3U9lMUeysipVeSJeFCD057oJHJYxYmvv0LHQ1zX4DmW3HNHH

+U+A7+7aJnE1s9XNsCYbmUcY+14+WbTlUiCqMOAdCSzP8LHjRsf8a5DV/AgEDo4GI

+MIGFMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuYS10cnVzdC5hdC9jcmwv

+QS1UcnVzdC1Sb290LTA1MBMGA1UdIwQMMAqACED5uWe+A9IIMA8GA1UdEwEB/wQF

+MAMBAf8wEQYDVR0OBAoECEH4CDkbAegkMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG

+9w0BAQsFAAOCAgEAMqZmZqzadftaf6xB9WNWKnJixLBIVDjNUg3ypbmcwufqjmeA

+ij2Qyer09oxr0n1xpsOwc7dSVp7brDTvSVJg33Ef9TGbCrKo9urJUypQn7HiCp1+

+y6Csvzi3jkx/V1Zvd9U5VF7hIHQrOQv1Id8egB845oestS+zUlqM+SxXO28EYIsp

+iejWKWVi04nl+Ch85o1rZ9HBN6QxaoUU1Oo2+BaCyZqC+lWMv+wbCtM8YYLCME+t

+FiMfZC9WtBitt0TBE5LR7Gf1Wcalsaazgfcwr7gxVvXbS3j5y9IX0LsmUNUfgesd

+TTBPzZhQsryoZ3dpVbpdFj9ktBJkk2gzwYcVhXIGCGvOA96mm3b6uQrSuiWQJ9+N

+awWpiQI6C4GfPxkIt8idUyGbBzu5Nj613ekI/z5ZFYdQ3KGOqNxJRqQLVnjqOjO5

+YD1DY5L6Pjl341wwPFF5ZsEESlTn5qbPIfygf2swqfyuEPbV+jOvaR1HmuPunuda

+D42D5YJkpofIcvG9S4YsDJ6ZO6VvZ9f4cVxUiFDdfWc6tWQE3HEx6LDqZY5bjdie

+BwGqsS/623bdQyHgQOeZqMcC/kyUiKozTFPJwd92yx7oQda1k24U5qDC9xMi/s4c

+yHV2urDTvyVqphxKTw+64sW5z013vSBcQ2kKPxzwFkw/1MQF52upVhQqJ1c=

+-----END CERTIFICATE-----

diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
new file mode 100644
index 0000000..54eb44f
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGKzCCBBOgAwIBAgIEDIaM9zANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
+QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg
+aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEYMBYGA1UECwwPQS1UcnVzdC1S
+b290LTA3MRgwFgYDVQQDDA9BLVRydXN0LVJvb3QtMDcwHhcNMjAwMzExMTUxODE1
+WhcNMzYxMTEzMTQxODE1WjCBlzELMAkGA1UEBhMCQVQxSDBGBgNVBAoMP0EtVHJ1
+c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZl
+cmtlaHIgR21iSDEeMBwGA1UECwwVYS1zaWduLVByZW1pdW0tU2lnLTA3MR4wHAYD
+VQQDDBVhLXNpZ24tUHJlbWl1bS1TaWctMDcwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCb+OkeCkr3aNcwvBfmPfLeJDcDovCaWCGSSDMXslj11tKAPWHQ
+A+rb4RVhCe9dPAZ46aR4+6+S8Lc6fvtzF8zwGU32MGvqUtZ8xg44TgzGWVmu3od2
+vr5nbeJINyiqJ0uh0slVSEP5Sh8lNLRrBu7hDS/mgXNZ7BcNoIAg4vadQ03+GbfA
+vyaW7tp1fiAsTBDozehdcfpLvafAV9Qoiw9kAy13nlPzH/cq9vxlBj8USxixjulR
+SCzM2hLKaefxvzmxzaaeZ5pOqhW75K4YS9LdV/AplW64HeUX5MP2lcvj8pt+UdoN
+mEsLBFgScyd0q/MXHnERg4U2od95YOB7GvMzq8tEpF147+krbE6/2WdCsmlcBKZT
++9fxgy/61w9shVvAlHbGEG8tUYNeM6RMcK/g0B/qY4B6LkR03x6b2zv8DYhWWpM4
+CMGlPmds8bA0cMPFBZ7PhsJvHlqrIRtPbLWtm5sXILk9nFurWRxob8+r23JMODn2
+Q2Ulm5Z4CVyJfbYpuRTadUjZs+BNSE0S/6eC153uaCyP5vHplhHED8xXgpjr/GTC
+PyJE6jRzfg+gUWr1WtTQKqyFaQfrTlEMiOD4UerBXTAd3Jz6FNY/FtC5h/t71nZx
+YSXnUu8xQ/8JVY9lkq9ibq+CEzT8Mqn+rHy1mhxpadIa94BLRXX3zOSyowIDAQAB
+o4GIMIGFMBMGA1UdIwQMMAqACETAEa1TJ4f0MBEGA1UdDgQKBAhN9Olivd8arjAO
+BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zA6BgNVHR8EMzAxMC+gLaAr
+hilodHRwOi8vY3JsLmEtdHJ1c3QuYXQvY3JsL0EtVHJ1c3QtUm9vdC0wNzANBgkq
+hkiG9w0BAQsFAAOCAgEAZZFh7pWF69RyrGgdc1idFVgQJY5XFR80qBLBZdkOO5wF
+to33OAoQCAfszJ1sR7I0+N8xf6wB8EhZeacArqz2inhgFudGvdmk6jlOIhUUs7ta
+0bhuLUmBbzQwXOthQdTnU8+ZjbE5vsfgydIN0GJfhEj5pggRA5ICrTtekcG74UX/
+LOTPt4ppQ9sgsSGm4pjWSopDKM9Z0SjcfDUjPefIMYPyT6rI7oYgT1SmQqw4Gjud
+l5lC+JhbHxgBcWOWcBVjMk7/5wH9klLqZYDbLmJ6PPcsm1jt8fyOgJBWrQaCnwrT
+U2+KmvHgztiHgo3C0BIAh/on4qq95qCthS00qPwCrYLkNGiwexn/R7dHQu6yp0gG
+uoLbXynoIeueCk7GC59AE0KZBtX6QzgqD/i8IfXNil41Tn3af1KFnL5iwE4yxe30
+w+c7O5eDxvK/NfyxWIrjxWISngIA1F6Ghlv71QM7zdOcvT3FdWPYWf8vRxPyEHm7
+jolmWjvwDwJGvgFggF4fHkH9LIvK5HKuG2SwXZJYkHZ+LKY8s26OLPm+DJKTXFTP
+fVS7bz2p6ym2hig09Avraz31hjd1Gn9hEQfWhGdVM0m3RXLHXKWopI4JiA5XZLXo
+/oeWmzUehZLowF7TvaiwA8//PfONZZus22OIo1QZvxZPjQd9/BVPIsB+YZqFgeI=
+-----END CERTIFICATE-----
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_1.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_1.cer
new file mode 100644
index 0000000..8ddc7d7
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_1.cer
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_2.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_2.cer
new file mode 100644
index 0000000..8cd2ed4
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_2.cer
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_3.cer b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_3.cer
new file mode 100644
index 0000000..7c06592
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-premium-mobile-Sig-03a_3.cer
diff --git a/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/672C4FE428C7E1F7DB9416279E271B8671C80E23.cer b/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/672C4FE428C7E1F7DB9416279E271B8671C80E23.cer
new file mode 100644
index 0000000..eaa20b6
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/672C4FE428C7E1F7DB9416279E271B8671C80E23.cer
diff --git a/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/F86591A6D86718886A0234B8E54E21AAEA63E24B.cer b/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/F86591A6D86718886A0234B8E54E21AAEA63E24B.cer
new file mode 100644
index 0000000..2bf4ad7
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/testdata/pkix/chain/F86591A6D86718886A0234B8E54E21AAEA63E24B.cer