From 57098c2d96a0aa39bb9c919bbb73b6857e74dc7f Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 22 Aug 2023 12:17:21 +0200
Subject: chore(core): log transformation in case of missing or unknown
 Algorithm

---
 .../at/gv/egovernment/moa/util/DomUtilsTest.java   | 58 ++++++++++++++++++
 .../test/resources/data/SL20_authblock_v1.0.xml    |  8 +++
 .../data/SL20_authblock_v1.0_invalid_schema.xml    |  8 +++
 .../SL20_authblock_v1.1_invalid_transformation.xml |  8 +++
 .../moa/spss/api/xmlbind/TransformParser.java      | 11 ++++
 .../server/config/ConfigurationPartsBuilder.java   | 24 +++++++-
 .../moa/spss/server/config/ProfileParseTest.java   | 68 ++++++++++++++++++++++
 .../test/resources/data/SL20_authblock_v1.0.xml    |  8 +++
 .../data/SL20_authblock_v1.0_invalid_schema.xml    |  8 +++
 .../SL20_authblock_v1.1_invalid_transformation.xml |  8 +++
 10 files changed, 206 insertions(+), 3 deletions(-)
 create mode 100644 moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DomUtilsTest.java
 create mode 100644 moaSig/common/src/test/resources/data/SL20_authblock_v1.0.xml
 create mode 100644 moaSig/common/src/test/resources/data/SL20_authblock_v1.0_invalid_schema.xml
 create mode 100644 moaSig/common/src/test/resources/data/SL20_authblock_v1.1_invalid_transformation.xml
 create mode 100644 moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ProfileParseTest.java
 create mode 100644 moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.0.xml
 create mode 100644 moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.0_invalid_schema.xml
 create mode 100644 moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.1_invalid_transformation.xml

diff --git a/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DomUtilsTest.java b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DomUtilsTest.java
new file mode 100644
index 0000000..8b745a4
--- /dev/null
+++ b/moaSig/common/src/test/java/test/at/gv/egovernment/moa/util/DomUtilsTest.java
@@ -0,0 +1,58 @@
+package test.at.gv.egovernment.moa.util;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
+
+import java.io.IOException;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+import at.gv.egovernment.moaspss.util.Constants;
+import at.gv.egovernment.moaspss.util.DOMUtils;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class DomUtilsTest {
+
+  @Test
+  public void xsdTransformationValid() throws SAXException, IOException, ParserConfigurationException {    
+    Element transformation = DOMUtils.parseDocument(
+        DomUtilsTest.class.getResourceAsStream("/data/SL20_authblock_v1.0.xml"), 
+        true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();    
+    assertNotNull(transformation);
+    
+  }
+  
+  @Test
+  public void xsdTransformationInvalidAlgorithm() throws SAXException, IOException, ParserConfigurationException {    
+    Element transformation = DOMUtils.parseDocument(
+        DomUtilsTest.class.getResourceAsStream("/data/SL20_authblock_v1.1_invalid_transformation.xml"), 
+        true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();    
+    assertNotNull(transformation);
+        
+  }
+  
+  @Test
+  public void xsdTransformationIgnoreInvalidSchema() throws SAXException, IOException, ParserConfigurationException {    
+    Element transformation = DOMUtils.parseDocument(
+        DomUtilsTest.class.getResourceAsStream("/data/SL20_authblock_v1.0_invalid_schema.xml"), 
+        false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();    
+    assertNotNull(transformation);
+        
+  }
+  
+  @Test
+  public void xsdTransformationInvalidSchema() throws SAXException, IOException, ParserConfigurationException {          
+    assertThrows(SAXParseException.class, () -> DOMUtils.parseDocument(
+        DomUtilsTest.class.getResourceAsStream("/data/SL20_authblock_v1.0_invalid_schema.xml"), 
+        true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement());    
+            
+  }
+}
diff --git a/moaSig/common/src/test/resources/data/SL20_authblock_v1.0.xml b/moaSig/common/src/test/resources/data/SL20_authblock_v1.0.xml
new file mode 100644
index 0000000..e67b1f5
--- /dev/null
+++ b/moaSig/common/src/test/resources/data/SL20_authblock_v1.0.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style { font-size: large; }                                                                                      
+								.hidden {display: none; } 
+              				</style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">
+											Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/moaSig/common/src/test/resources/data/SL20_authblock_v1.0_invalid_schema.xml b/moaSig/common/src/test/resources/data/SL20_authblock_v1.0_invalid_schema.xml
new file mode 100644
index 0000000..9ec50e8
--- /dev/null
+++ b/moaSig/common/src/test/resources/data/SL20_authblock_v1.0_invalid_schema.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style { font-size: large; }                                                                                      
+								.hidden {display: none; } 
+              				</style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">
+											Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/moaSig/common/src/test/resources/data/SL20_authblock_v1.1_invalid_transformation.xml b/moaSig/common/src/test/resources/data/SL20_authblock_v1.1_invalid_transformation.xml
new file mode 100644
index 0000000..5eb4303
--- /dev/null
+++ b/moaSig/common/src/test/resources/data/SL20_authblock_v1.1_invalid_transformation.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116-invalid"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style { font-size: large; }                                                                                      
+								.hidden {display: none; } 
+              				</style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">
+											Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java
index 7a246d6..beb1c15 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/TransformParser.java
@@ -23,11 +23,14 @@
 
 package at.gv.egovernment.moa.spss.api.xmlbind;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.StringTokenizer;
 
+import javax.xml.transform.TransformerException;
+
 import org.w3c.dom.Element;
 import org.w3c.dom.traversal.NodeIterator;
 
@@ -42,6 +45,7 @@ import at.gv.egovernment.moa.spss.api.common.XPathFilter;
 import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform;
 import at.gv.egovernment.moa.spss.api.common.XPathTransform;
 import at.gv.egovernment.moa.spss.api.common.XSLTTransform;
+import at.gv.egovernment.moaspss.logging.Logger;
 import at.gv.egovernment.moaspss.util.Constants;
 import at.gv.egovernment.moaspss.util.DOMUtils;
 import at.gv.egovernment.moaspss.util.XPathUtils;
@@ -137,6 +141,13 @@ public class TransformParser {
     } else if (XSLTTransform.XSLT.equals(algorithmUri)) {
       return parseXSLTTransform(transformElem);
     } else {
+      try {
+        Logger.info("Find suspect XML transformation: " + DOMUtils.serializeNode(transformElem));
+        
+      } catch (TransformerException | IOException e) {
+        Logger.warn("Can not serialize suspect XML transformation", e);
+        
+      }
       throw new MOAApplicationException("1108", new Object[] { algorithmUri });
     }
   }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 5f8b46d..6a79a87 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -48,8 +48,11 @@ import org.w3c.dom.Element;
 import org.w3c.dom.traversal.NodeIterator;
 import org.xml.sax.SAXException;
 
+import at.gv.egovernment.moa.spss.MOAApplicationException;
 import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
 import at.gv.egovernment.moa.spss.api.impl.TSLConfigurationImpl;
+import at.gv.egovernment.moa.spss.api.xmlbind.ProfileParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.TransformParser;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
 import at.gv.egovernment.moaspss.logging.LogMsg;
 import at.gv.egovernment.moaspss.logging.Logger;
@@ -66,6 +69,7 @@ import iaik.pki.revocation.RevocationSourceTypes;
 import iaik.server.modules.xml.BlackListEntry;
 import iaik.server.modules.xml.ExternalReferenceChecker;
 import iaik.server.modules.xml.WhiteListEntry;
+import iaik.server.modules.xmlverify.TransformationParsingException;
 import iaik.utils.RFC2253NameParser;
 import iaik.utils.RFC2253NameParserException;
 import iaik.xml.crypto.utils.URI;
@@ -1095,7 +1099,21 @@ public class ConfigurationPartsBuilder {
    * @return The mapping from profile ID to profile.
    */
   public Map buildVerifyTransformsInfoProfiles() {
-    return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile");
+    Map<String, Element> profiles = loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile");
+    
+    // validate entries
+    ProfileParser profileParser = new ProfileParser();   
+    profiles.entrySet().forEach(el -> {
+      try {
+        profileParser.parseVerifyTransformsInfoProfile(el.getValue());
+        
+      } catch (MOAApplicationException e) {
+        Logger.warn("TransformationProfile with Id:" + el.getKey() + " is invalid: " + e.getMessage());
+      }      
+    });
+
+    return profiles;
+    
   }
 
   /**
@@ -1116,8 +1134,8 @@ public class ConfigurationPartsBuilder {
    *
    * @return Map The profile ID to profile mapping.
    */
-  private Map loadProfiles(String xpath, String profileRoot) {
-    final Map profiles = new HashMap();
+  private Map<String, Element> loadProfiles(String xpath, String profileRoot) {
+    final Map<String, Element> profiles = new HashMap<>();
     final NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath);
     Element profileElem;
 
diff --git a/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ProfileParseTest.java b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ProfileParseTest.java
new file mode 100644
index 0000000..887772d
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/java/test/at/gv/egovernment/moa/spss/server/config/ProfileParseTest.java
@@ -0,0 +1,68 @@
+package test.at.gv.egovernment.moa.spss.server.config;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.io.IOException;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moaspss.util.Constants;
+import at.gv.egovernment.moaspss.util.DOMUtils;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.xmlbind.ProfileParser;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class ProfileParseTest {
+
+  @Test
+  public void xsdTransformationValid() throws SAXException, IOException, ParserConfigurationException, MOAApplicationException {    
+    Element transformation = DOMUtils.parseDocument(
+        ProfileParseTest.class.getResourceAsStream("/data/SL20_authblock_v1.0.xml"), 
+        true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();    
+    assertNotNull("missing transformation", transformation);
+        
+    ProfileParser profileParser = new ProfileParser();
+    VerifyTransformsInfoProfile profile = profileParser.parseVerifyTransformsInfoProfile(transformation);
+    assertNotNull(profile);
+    
+  }
+  
+  @Test
+  public void xsdTransformationInvalidAlgorithm() throws SAXException, IOException, ParserConfigurationException {    
+    Element transformation = DOMUtils.parseDocument(
+        ProfileParseTest.class.getResourceAsStream("/data/SL20_authblock_v1.1_invalid_transformation.xml"), 
+        true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();    
+    assertNotNull("missing transformation", transformation);
+        
+    
+    ProfileParser profileParser = new ProfileParser();
+    MOAApplicationException error = assertThrows(MOAApplicationException.class, () -> profileParser.parseVerifyTransformsInfoProfile(transformation));
+    assertEquals("1108", error.getMessageId());
+    
+  }
+  
+  @Test
+  public void xsdTransformationInvalidSchema() throws SAXException, IOException, ParserConfigurationException {    
+    Element transformation = DOMUtils.parseDocument(
+        ProfileParseTest.class.getResourceAsStream("/data/SL20_authblock_v1.0_invalid_schema.xml"), 
+        false, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();    
+    assertNotNull("missing transformation", transformation);
+        
+    
+    ProfileParser profileParser = new ProfileParser();
+    MOAApplicationException error = assertThrows(MOAApplicationException.class, () -> profileParser.parseVerifyTransformsInfoProfile(transformation));
+    assertEquals("1108", error.getMessageId());
+    
+  }
+  
+}
diff --git a/moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.0.xml b/moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.0.xml
new file mode 100644
index 0000000..e67b1f5
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.0.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style { font-size: large; }                                                                                      
+								.hidden {display: none; } 
+              				</style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">
+											Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.0_invalid_schema.xml b/moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.0_invalid_schema.xml
new file mode 100644
index 0000000..9ec50e8
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.0_invalid_schema.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style { font-size: large; }                                                                                      
+								.hidden {display: none; } 
+              				</style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">
+											Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.1_invalid_transformation.xml b/moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.1_invalid_transformation.xml
new file mode 100644
index 0000000..5eb4303
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/resources/data/SL20_authblock_v1.1_invalid_transformation.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116-invalid"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style { font-size: large; }                                                                                      
+								.hidden {display: none; } 
+              				</style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">
+											Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile>
-- 
cgit v1.2.3