From 6c09d652d6317d1514924518c3186470498247a9 Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Thu, 5 Nov 2015 14:01:45 +0100
Subject: PDF-AS integration, AdES Form validation results from IAIK-MOA, for
 XAdES

---
 .../java/at/gv/egovernment/moa/util/Constants.java |    2 +-
 .../resources/schemas/MOA-SPSS-config-2.0.1.xsd    |  354 ++++++
 .../gv/egovernment/moa/spss/api/SPSSFactory.java   |    3 +-
 .../moa/spss/api/impl/AdESFormResultsImpl.java     |   42 +
 .../moa/spss/api/impl/SPSSFactoryImpl.java         |    5 +-
 .../api/impl/VerifyXMLSignatureResponseImpl.java   |  266 ++--
 .../moa/spss/api/xmlbind/ResponseBuilderUtils.java |   33 +
 .../xmlbind/VerifyXMLSignatureResponseBuilder.java |   17 +
 .../moa/spss/api/xmlverify/AdESFormResults.java    |    7 +
 .../api/xmlverify/VerifyXMLSignatureResponse.java  |    9 +-
 .../server/config/ConfigurationPartsBuilder.java   |    2 +-
 .../XMLSignatureVerificationProfileImpl.java       |    2 +-
 .../moa/spss/server/init/SystemInitializer.java    |    2 +-
 .../invoke/VerifyXMLSignatureResponseBuilder.java  |    8 +-
 .../invoke/XMLSignatureVerificationInvoker.java    | 1288 ++++++++++----------
 .../spss/server/initializer/PDFASInitializer.java  |    8 +
 .../moa/spss/server/invoke/PDFASInvoker.java       |   20 +-
 .../spss/server/pdfas/InternalMoaConnector.java    |    9 +-
 .../moa/spss/server/pdfas/InternalMoaVerifier.java |    2 +-
 .../server/service/CertificateProviderServlet.java |    2 +
 .../spss/server/service/ConfigurationServlet.java  |    1 +
 .../service/SignatureVerificationService.java      |   23 +-
 .../resources/resources/schemas/MOA-SPSS-2.0.0.xsd |    7 +
 23 files changed, 1318 insertions(+), 794 deletions(-)
 create mode 100644 moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.1.xsd
 create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java
 create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java

diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
index e288cfe..5fc0d4d 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -101,7 +101,7 @@ public interface Constants {
 
   /** Local location of the MOA configuration XML schema definition. */
   public static final String MOA_CONFIG_SCHEMA_LOCATION =
-    SCHEMA_ROOT + "MOA-SPSS-config-2.0.0.xsd";
+    SCHEMA_ROOT + "MOA-SPSS-config-2.0.1.xsd";
 
   /** Local location of the MOA ID configuration XML schema definition. */
   public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.1.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.1.xsd
new file mode 100644
index 0000000..d202ac9
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.1.xsd
@@ -0,0 +1,354 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  MOA SP/SS 1.5.1 Configuration Schema
+-->
+<xs:schema xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xs:element name="MOAConfiguration">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="Common" minOccurs="0">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="Name" type="xs:string"/>
+										<xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+										<xs:element name="UserPIN" type="xs:string"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="PDFASConfig" type="xs:string" minOccurs="0" maxOccurs="1"/>
+							<xs:choice>
+								<xs:element name="PermitExternalUris" minOccurs="0">
+									<xs:complexType>
+										<xs:sequence minOccurs="0">
+											<xs:element name="BlackListUri" minOccurs="0" maxOccurs="unbounded">
+												<xs:complexType>
+													<xs:sequence>
+														<xs:element name="IP" type="xs:string"/>
+														<xs:element name="Port" type="xs:int" minOccurs="0"/>
+													</xs:sequence>
+												</xs:complexType>
+											</xs:element>
+										</xs:sequence>
+									</xs:complexType>
+								</xs:element>
+								<xs:element name="ForbidExternalUris" minOccurs="0">
+									<xs:complexType>
+										<xs:sequence>
+											<xs:element name="WhiteListUri" minOccurs="0" maxOccurs="unbounded">
+												<xs:complexType>
+													<xs:sequence>
+														<xs:element name="IP" type="xs:string"/>
+														<xs:element name="Port" type="xs:int" minOccurs="0"/>
+													</xs:sequence>
+												</xs:complexType>
+											</xs:element>
+										</xs:sequence>
+									</xs:complexType>
+								</xs:element>
+							</xs:choice>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+				<xs:element name="SignatureCreation" minOccurs="0">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="KeyModules">
+								<xs:complexType>
+									<xs:choice maxOccurs="unbounded">
+										<xs:element name="HardwareKeyModule">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="Id" type="xs:token"/>
+													<xs:element name="Name" type="xs:string"/>
+													<xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+													<xs:element name="UserPIN" type="xs:string"/>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="SoftwareKeyModule">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="Id" type="xs:token"/>
+													<xs:element name="FileName" type="xs:string"/>
+													<xs:element name="Password" type="xs:string" minOccurs="0"/>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+									</xs:choice>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="KeyGroup" maxOccurs="unbounded">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="Id" type="xs:token"/>
+										<xs:sequence maxOccurs="unbounded">
+											<xs:element name="Key">
+												<xs:complexType>
+													<xs:sequence>
+														<xs:element name="KeyModuleId" type="xs:token"/>
+														<xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
+													</xs:sequence>
+												</xs:complexType>
+											</xs:element>
+										</xs:sequence>
+										<xs:element name="DigestMethodAlgorithm" minOccurs="0"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="KeyGroupMapping" maxOccurs="unbounded">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
+										<xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="XMLDSig">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
+										<xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="XAdES" minOccurs="0">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="Version">
+											<xs:simpleType>
+												<xs:restriction base="xs:token">
+													<xs:enumeration value="1.4.2"/>
+												</xs:restriction>
+											</xs:simpleType>
+										</xs:element>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+				<xs:element name="SignatureVerification" minOccurs="0">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="CertificateValidation">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="PathConstruction">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="AutoAddCertificates" type="xs:boolean"/>
+													<xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>
+													<xs:element name="CertificateStore">
+														<xs:complexType>
+															<xs:choice>
+																<xs:element name="DirectoryStore">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="Location" type="xs:token"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:choice>
+														</xs:complexType>
+													</xs:element>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="PathValidation">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="ChainingMode">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="DefaultMode" type="config:ChainingModeType"/>
+																<xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="Identification" type="dsig:X509IssuerSerialType"/>
+																			<xs:element name="Mode" type="config:ChainingModeType"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="TrustProfile" minOccurs="0" maxOccurs="unbounded">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="Id" type="xs:token"/>
+																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+																<xs:element name="EUTSL" minOccurs="0">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="CountrySelection" type="xs:string" minOccurs="0"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<!-- 
+													<xs:element name="TSLTrustProfile">
+													<xs:complexType>
+															<xs:sequence>
+																<xs:element name="Id" type="xs:token"/>
+																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+																<xs:element name="EUTSL" minOccurs="0">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="CountrySelection" minOccurs="0"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													 -->
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="RevocationChecking">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="EnableChecking" type="xs:boolean"/>
+													<xs:element name="MaxRevocationAge" type="xs:integer"/>
+													<xs:element name="ServiceOrder" minOccurs="0">
+														<xs:complexType>
+															<xs:sequence maxOccurs="2">
+																<xs:element name="Service">
+																	<xs:simpleType>
+																		<xs:restriction base="xs:token">
+																			<xs:enumeration value="OCSP"/>
+																			<xs:enumeration value="CRL"/>
+																		</xs:restriction>
+																	</xs:simpleType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="Archiving">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="EnableArchiving" type="xs:boolean"/>
+																<xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>
+																<xs:element name="Archive" minOccurs="0">
+																	<xs:complexType>
+																		<xs:choice>
+																			<xs:element name="DatabaseArchive">
+																				<xs:complexType>
+																					<xs:sequence>
+																						<xs:element name="JDBCURL" type="xs:anyURI"/>
+																						<xs:element name="JDBCDriverClassName" type="xs:token"/>
+																					</xs:sequence>
+																				</xs:complexType>
+																			</xs:element>
+																		</xs:choice>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="CAIssuerDN" type="xs:token"/>
+																<xs:choice maxOccurs="unbounded">
+																	<xs:element name="CRLDP">
+																		<xs:complexType>
+																			<xs:sequence>
+																				<xs:element name="Location" type="xs:anyURI"/>
+																				<xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">
+																					<xs:simpleType>
+																						<xs:restriction base="xs:token">
+																							<xs:enumeration value="unused"/>
+																							<xs:enumeration value="keyCompromise"/>
+																							<xs:enumeration value="cACompromise"/>
+																							<xs:enumeration value="affiliationChanged"/>
+																							<xs:enumeration value="superseded"/>
+																							<xs:enumeration value="cessationOfOperation"/>
+																							<xs:enumeration value="certificateHold"/>
+																							<xs:enumeration value="privilegeWithdrawn"/>
+																							<xs:enumeration value="aACompromise"/>
+																						</xs:restriction>
+																					</xs:simpleType>
+																				</xs:element>
+																			</xs:sequence>
+																		</xs:complexType>
+																	</xs:element>
+																	<xs:element name="OCSPDP">
+																		<xs:complexType>
+																			<xs:sequence>
+																				<xs:element name="Location" type="xs:anyURI"/>
+																			</xs:sequence>
+																		</xs:complexType>
+																	</xs:element>
+																</xs:choice>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="CrlRetentionIntervals" minOccurs="0">
+														<xs:complexType>
+															<xs:sequence maxOccurs="unbounded">
+																<xs:element name="CA">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="X509IssuerName" type="xs:string"/>
+																			<xs:element name="Interval" type="xs:integer"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="TSLConfiguration" minOccurs="0">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="EUTSLUrl" type="xs:anyURI" minOccurs="0"/>
+													<xs:element name="UpdateSchedule" minOccurs="0">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="StartTime" type="xs:time"/>
+																<xs:element name="Period" type="xs:unsignedLong"/>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="WorkingDirectory" type="xs:anyURI" minOccurs="0"/>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:simpleType name="ChainingModeType">
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="chaining"/>
+			<xs:enumeration value="pkix"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:complexType name="ProfileType">
+		<xs:sequence>
+			<xs:element name="Id" type="xs:token"/>
+			<xs:element name="Location" type="xs:anyURI"/>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 4c57b13..b725422 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -797,7 +797,8 @@ public abstract class SPSSFactory {
     ReferencesCheckResult signatureCheck,
     ReferencesCheckResult signatureManifestCheck,
     List xmlDsigManifestChecks,
-    CheckResult certificateCheck);
+    CheckResult certificateCheck,
+    List adesFormResults);
 
   /**
    * Create a new <code>ReferencesCheckResult</code> object.
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java
new file mode 100644
index 0000000..c186c54
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/AdESFormResultsImpl.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
+
+public class AdESFormResultsImpl implements AdESFormResults {
+
+	private Integer code;
+	private String info;
+	private String name;
+	
+	public synchronized void setCode(Integer code) {
+		this.code = code;
+	}
+
+	public synchronized void setInfo(String info) {
+		this.info = info;
+	}
+
+	public synchronized void setName(String name) {
+		this.name = name;
+	}
+
+	@Override
+	public Integer getCode() {
+		return this.code;
+	}
+
+	@Override
+	public String getInfo() {
+		return this.info;
+	}
+
+	@Override
+	public String getName() {
+		return this.name;
+	}
+
+	@Override
+	public String toString() {
+		return "AdESFormResultsImpl [code=" + code + ", info=" + info + ", name=" + name + "]";
+	}
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index ac3d4c9..8a46219 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -453,7 +453,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
     ReferencesCheckResult signatureCheck,
     ReferencesCheckResult signatureManifestCheck,
     List xmlDsigManifestChecks,
-    CheckResult certificateCheck) {
+    CheckResult certificateCheck,
+    List adesFormResults) {
     VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse =
       new VerifyXMLSignatureResponseImpl();
     verifyXMLSignatureResponse.setSignerInfo(signerInfo);
@@ -464,7 +465,7 @@ public class SPSSFactoryImpl extends SPSSFactory {
       signatureManifestCheck);
     verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks);
     verifyXMLSignatureResponse.setCertificateCheck(certificateCheck);
-    
+    verifyXMLSignatureResponse.setAdESFormResults(adesFormResults);
     return verifyXMLSignatureResponse;
   }
 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
index 46fd517..bfee774 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
@@ -21,7 +21,6 @@
  * that you distribute must include a readable copy of the "NOTICE" text file.
  */
 
-
 package at.gv.egovernment.moa.spss.api.impl;
 
 import java.util.ArrayList;
@@ -37,130 +36,145 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
  * @author Fatemeh Philippi
  * @version $Id$
  */
-public class VerifyXMLSignatureResponseImpl
-  implements VerifyXMLSignatureResponse {
-
-  /** Information about the signer certificate. */
-  private SignerInfo signerInfo;
-  
-  /** 
-   * The hash input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
-   * */
-  private List hashInputDatas = new ArrayList();
-  
-  /** 
-   * The reference input data objects. The list consists of {@link at.gv.egovernment.moa.spss.api.common.InputData}s. 
-   * */
-  private List referenceInputDatas = new ArrayList();
-  
-  /** Information about the signature check. */
-  private ReferencesCheckResult signatureCheck;
-  /** Information about the signature manifest check. */
-  private ReferencesCheckResult signatureManifestCheck;
-  /** Information about the XMLDsig manifest check. */
-  private List xmlDsigManifestChecks = new ArrayList();
-  /** Information about the certificate check. */
-  private CheckResult certificateCheck;
-  
-  /**
-   * Sets information about the signer certificate.
-   * 
-   * @param signerInfo Information about the signer certificate.
-   */
-  public void setSignerInfo(SignerInfo signerInfo) {
-    this.signerInfo = signerInfo;
-  }
-
-  public SignerInfo getSignerInfo() {
-    return signerInfo;
-  }
-
-  /**
-   * Sets data signed by the signatory.
-   * 
-   * @param hashInputDatas The signed datas.
-   */
-  public void setHashInputDatas(List hashInputDatas) {
-    this.hashInputDatas =
-      hashInputDatas != null
-        ? Collections.unmodifiableList(new ArrayList(hashInputDatas))
-        : null;
-  }
-
-  public List getHashInputDatas() {
-    return hashInputDatas;
-  }
-
-  /**
-   * Sets the source data elements.
-   * 
-   * @param referenceInputDatas The source data elements.
-   */
-  public void setReferenceInputDatas(List referenceInputDatas) {
-    this.referenceInputDatas =
-      referenceInputDatas != null
-        ? Collections.unmodifiableList(new ArrayList(referenceInputDatas))
-        : null;
-  }
-
-  public List getReferenceInputDatas() {
-    return referenceInputDatas;
-  }
-
-  /**
-   * Sets the result of the signature verification.
-   * 
-   * @param signatureCheck The result of the signature verification.
-   */
-  public void setSignatureCheck(ReferencesCheckResult signatureCheck) {
-    this.signatureCheck = signatureCheck;
-  }
-
-  public ReferencesCheckResult getSignatureCheck() {
-    return signatureCheck;
-  }
-
-  /**
-   * Sets the result of the signature manifest verification.
-   * 
-   * @param signatureManifestCheck The result of the signature manifest verification.
-   */
-  public void setSignatureManifestCheck(ReferencesCheckResult signatureManifestCheck) {
-    this.signatureManifestCheck = signatureManifestCheck;
-  }
-
-  public ReferencesCheckResult getSignatureManifestCheck() {
-    return signatureManifestCheck;
-  }
-
-  /**
-   * Sets the result of the certification verification.
-   * 
-   * @param certificateCheck The result of the certificate verification.
-   */
-  public void setCertificateCheck(CheckResult certificateCheck) {
-    this.certificateCheck = certificateCheck;
-  }
-
-  public CheckResult getCertificateCheck() {
-    return certificateCheck;
-  }
-  
-
-  /**
-   * Sets the XMLDSigManifestChecks.
-   * 
-   * @param xmlDsigManifestChecks The XMLDSigManifestChecks.
-   */
-  public void setXMLDsigManifestChecks(List xmlDsigManifestChecks) {
-    this.xmlDsigManifestChecks =
-      xmlDsigManifestChecks != null
-        ? Collections.unmodifiableList(new ArrayList(xmlDsigManifestChecks))
-        : null;
-  }
-
-  public List getXMLDsigManifestChecks() {
-    return xmlDsigManifestChecks;
-  }
+public class VerifyXMLSignatureResponseImpl implements VerifyXMLSignatureResponse {
+
+	/** Information about the signer certificate. */
+	private SignerInfo signerInfo;
+
+	/**
+	 * The hash input data objects. The list consists of
+	 * {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
+	 */
+	private List hashInputDatas = new ArrayList();
+
+	/**
+	 * The reference input data objects. The list consists of
+	 * {@link at.gv.egovernment.moa.spss.api.common.InputData}s.
+	 */
+	private List referenceInputDatas = new ArrayList();
+
+	/**
+	 * The list of form validation results
+	 */
+	private List adesFormResults = new ArrayList();
+
+	/** Information about the signature check. */
+	private ReferencesCheckResult signatureCheck;
+	/** Information about the signature manifest check. */
+	private ReferencesCheckResult signatureManifestCheck;
+	/** Information about the XMLDsig manifest check. */
+	private List xmlDsigManifestChecks = new ArrayList();
+	/** Information about the certificate check. */
+	private CheckResult certificateCheck;
+
+	/**
+	 * Sets information about the signer certificate.
+	 * 
+	 * @param signerInfo
+	 *            Information about the signer certificate.
+	 */
+	public void setSignerInfo(SignerInfo signerInfo) {
+		this.signerInfo = signerInfo;
+	}
+
+	public SignerInfo getSignerInfo() {
+		return signerInfo;
+	}
+
+	/**
+	 * Sets data signed by the signatory.
+	 * 
+	 * @param hashInputDatas
+	 *            The signed datas.
+	 */
+	public void setHashInputDatas(List hashInputDatas) {
+		this.hashInputDatas = hashInputDatas != null ? Collections.unmodifiableList(new ArrayList(hashInputDatas))
+				: null;
+	}
+
+	public List getHashInputDatas() {
+		return hashInputDatas;
+	}
+
+	/**
+	 * Sets the source data elements.
+	 * 
+	 * @param referenceInputDatas
+	 *            The source data elements.
+	 */
+	public void setReferenceInputDatas(List referenceInputDatas) {
+		this.referenceInputDatas = referenceInputDatas != null
+				? Collections.unmodifiableList(new ArrayList(referenceInputDatas)) : null;
+	}
+
+	public List getReferenceInputDatas() {
+		return referenceInputDatas;
+	}
+
+	/**
+	 * Sets the result of the signature verification.
+	 * 
+	 * @param signatureCheck
+	 *            The result of the signature verification.
+	 */
+	public void setSignatureCheck(ReferencesCheckResult signatureCheck) {
+		this.signatureCheck = signatureCheck;
+	}
+
+	public ReferencesCheckResult getSignatureCheck() {
+		return signatureCheck;
+	}
+
+	/**
+	 * Sets the result of the signature manifest verification.
+	 * 
+	 * @param signatureManifestCheck
+	 *            The result of the signature manifest verification.
+	 */
+	public void setSignatureManifestCheck(ReferencesCheckResult signatureManifestCheck) {
+		this.signatureManifestCheck = signatureManifestCheck;
+	}
+
+	public ReferencesCheckResult getSignatureManifestCheck() {
+		return signatureManifestCheck;
+	}
+
+	/**
+	 * Sets the result of the certification verification.
+	 * 
+	 * @param certificateCheck
+	 *            The result of the certificate verification.
+	 */
+	public void setCertificateCheck(CheckResult certificateCheck) {
+		this.certificateCheck = certificateCheck;
+	}
+
+	public CheckResult getCertificateCheck() {
+		return certificateCheck;
+	}
+
+	/**
+	 * Sets the XMLDSigManifestChecks.
+	 * 
+	 * @param xmlDsigManifestChecks
+	 *            The XMLDSigManifestChecks.
+	 */
+	public void setXMLDsigManifestChecks(List xmlDsigManifestChecks) {
+		this.xmlDsigManifestChecks = xmlDsigManifestChecks != null
+				? Collections.unmodifiableList(new ArrayList(xmlDsigManifestChecks)) : null;
+	}
+
+	public List getXMLDsigManifestChecks() {
+		return xmlDsigManifestChecks;
+	}
+
+	public void setAdESFormResults(List adesFormResults) {
+		this.adesFormResults = adesFormResults;
+	}
+	
+	@Override
+	public List getAdESFormResults() {
+		return this.adesFormResults;
+	}
 
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index b5ec20f..eaafe00 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -286,4 +286,37 @@ public class ResponseBuilderUtils {
     root.appendChild(codeInfoElem);
   }
 
+  /**
+   * Add an element containing <code>Code</code> and <code>Info</code>
+   * subelements.
+   * 
+   * @param response The response document, in order to create new elements in
+   * it.
+   * @param root The root element into which to insert the newly created
+   * element.
+   * @param elementName The name of the newly created element.
+   * @param code The content of the <code>Code</code> subelement.
+   * @param info The content of the <code>Info</code> subelement.
+   */
+  public static void addFormCheckElement(
+    Document response,
+    Element root,
+    String elementName,
+    int code,
+    String name) {
+
+    Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName);
+    Element codeElem = response.createElementNS(MOA_NS_URI, "Code");
+    Element infoElem;
+    
+    codeElem.appendChild(response.createTextNode(Integer.toString(code)));
+    codeInfoElem.appendChild(codeElem);
+    
+    infoElem = response.createElementNS(MOA_NS_URI, "Name");
+    infoElem.appendChild(response.createTextNode(name));
+    codeInfoElem.appendChild(infoElem);
+    
+    root.appendChild(codeInfoElem);
+  }
+  
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index dd4e13a..27a42c8 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -42,6 +42,7 @@ import at.gv.egovernment.moa.spss.api.common.Content;
 import at.gv.egovernment.moa.spss.api.common.ContentBinary;
 import at.gv.egovernment.moa.spss.api.common.ContentXML;
 import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
 import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResult;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
@@ -150,6 +151,22 @@ public class VerifyXMLSignatureResponseBuilder {
       response.getCertificateCheck().getInfo());
     
     
+    if(response.getAdESFormResults() != null) {
+    	
+    	Iterator formIterator = response.getAdESFormResults().iterator();
+    	
+    	while(formIterator.hasNext()) {
+    		AdESFormResults adESFormResult = (AdESFormResults)formIterator.next();
+    	// add the CertificateCheck
+        ResponseBuilderUtils.addFormCheckElement(
+          responseDoc,
+          responseElem,
+          "FormCheckResult",
+          adESFormResult.getCode().intValue(),
+          adESFormResult.getName());
+    	
+    	}
+    }
 
     return responseDoc;
   }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java
new file mode 100644
index 0000000..e12c39b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/AdESFormResults.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.spss.api.xmlverify;
+
+public interface AdESFormResults {
+	public Integer getCode();
+	public String getInfo();
+	public String getName();
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
index d107dc9..63c496a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
@@ -81,7 +81,14 @@ public interface VerifyXMLSignatureResponse {
    */
   public CheckResult getCertificateCheck();
   
-  
+  /**
+   * Gets AdES Form results
+   * 
+   * This might be null!
+   * 
+   * @return The result of the AdES Form validation
+   */
+  public List getAdESFormResults();
   
 
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index af67d30..cb840ae 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -102,7 +102,7 @@ public class ConfigurationPartsBuilder {
   private static final String ROOT = "/" + CONF + "MOAConfiguration/";
   
   private static final String PDFAS_CONFIGURATION_XPATH =
-		    ROOT + CONF + "PDFASConfig";
+		    ROOT + CONF + "Common/" + CONF + "PDFASConfig";
   
   private static final String DIGEST_METHOD_XPATH =
     ROOT + CONF + "SignatureCreation/" 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
index f4c9126..0ad3d79 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -172,6 +172,6 @@ public class XMLSignatureVerificationProfileImpl
 
   @Override
   public String getTargetLevel() {
-	return XMLSignatureVerificationProfile.LEVEL_B;
+	return XMLSignatureVerificationProfile.LEVEL_LTA;
   }
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index f2663cf..37569c5 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -78,7 +78,7 @@ public class SystemInitializer {
   
   private static void runInitializer(ConfigurationProvider configurationProvider) {
 	  Iterator<ExternalInitializer> initializerIterator = initializerServices.iterator();
-	  
+	  logger.info("Running external initializers");
 	  while(initializerIterator.hasNext()) {
 		  ExternalInitializer externalInitializer = initializerIterator.next();
 		  externalInitializer.initialize(configurationProvider);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 9021785..7bcf723 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -100,6 +100,7 @@ public class VerifyXMLSignatureResponseBuilder {
   private List xmlDsigManifestChecks;
   /** The result of the certificate check. */
   private CheckResult certificateCheck;
+  private List adesFormResults = null;
   
   /**
    * Get the <code>VerifyMLSignatureResponse</code> built so far.
@@ -114,7 +115,12 @@ public class VerifyXMLSignatureResponseBuilder {
       signatureCheck,
       signatureManifestCheck,
       xmlDsigManifestChecks,
-      certificateCheck);
+      certificateCheck, 
+      adesFormResults);
+  }
+  
+  public void setAdESFormResults(List adesForm) {
+	  this.adesFormResults = adesForm;
   }
 
   /**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 2b158dd..c09740c 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -21,26 +21,8 @@
  * that you distribute must include a readable copy of the "NOTICE" text file.
  */
 
-
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import iaik.xml.crypto.utils.URI;
-import iaik.xml.crypto.utils.URIException;
-import iaik.server.modules.IAIKException;
-import iaik.server.modules.IAIKRuntimeException;
-import iaik.server.modules.xml.DataObject;
-import iaik.server.modules.xml.XMLDataObject;
-import iaik.server.modules.xml.XMLSignature;
-import iaik.server.modules.xmlsign.XMLConstants;
-import iaik.server.modules.xmlverify.DsigManifest;
-import iaik.server.modules.xmlverify.ReferenceData;
-import iaik.server.modules.xmlverify.SecurityLayerManifest;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
-import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
-import iaik.x509.X509Certificate;
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
@@ -68,6 +50,7 @@ import at.gv.egovernment.moa.spss.MOASystemException;
 import at.gv.egovernment.moa.spss.api.SPSSFactory;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
 import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
+import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
@@ -90,12 +73,32 @@ import at.gv.egovernment.moa.spss.util.MessageProvider;
 import at.gv.egovernment.moa.spss.util.QCSSCDResult;
 import at.gv.egovernment.moa.util.CollectionUtils;
 import at.gv.egovernment.moa.util.Constants;
+import iaik.server.modules.AdESFormVerificationResult;
+import iaik.server.modules.AdESVerificationResult;
+import iaik.server.modules.IAIKException;
+import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.SignatureVerificationProfile;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLSignature;
+import iaik.server.modules.xmlsign.XMLConstants;
+import iaik.server.modules.xmlverify.DsigManifest;
+import iaik.server.modules.xmlverify.ExtendedXMLSignatureVerificationResult;
+import iaik.server.modules.xmlverify.ReferenceData;
+import iaik.server.modules.xmlverify.SecurityLayerManifest;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.utils.URI;
+import iaik.xml.crypto.utils.URIException;
 
 /**
  * A class providing a DOM based interface to the
  * <code>XMLSignatureVerificationModule</code>.
  * 
- * This class performs the invocation of the 
+ * This class performs the invocation of the
  * <code>iaik.server.modules.xmlverify.XMLSignatureVerificationModule</code>
  * from a <code>VerifyXMLSignatureRequest</code> given as a DOM element. The
  * result of the invocation is integrated into a
@@ -106,622 +109,635 @@ import at.gv.egovernment.moa.util.Constants;
  */
 public class XMLSignatureVerificationInvoker {
 
-  /** The single instance of this class. */
-  private static XMLSignatureVerificationInvoker instance = null;
-
-  private static Set FILTERED_REF_TYPES;
-
-  static {
-    FILTERED_REF_TYPES = new HashSet();
-    FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
-    FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
-    FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
-    FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
-    FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
-  }
-
-  /**
-   * Get the single instance of this class.
-   * 
-   * @return The single instance of this class.
-   */
-  public static synchronized XMLSignatureVerificationInvoker getInstance() {
-    if (instance == null) {
-      instance = new XMLSignatureVerificationInvoker();
-    }
-    return instance;
-  }
-
-  /**
-   * Create a new <code>XMLSignatureCreationInvoker</code>.
-   * 
-   * Protected to disallow multiple instances.
-   */
-  protected XMLSignatureVerificationInvoker() {
-  }
-
-  /**
-   * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
-   * <code>XMLSignatureVerificationModule</code>.
-   * 
-   * @param request A <code>VerifyXMLSignatureRequest<code> API object 
-   * containing the data for verifying an XML signature.
-   * @return A <code>VerifyXMLSignatureResponse</code> containing the
-   * answert to the <code>VerifyXMLSignatureRequest</code>.
-   * MOA schema definition.
-   * @throws MOAException An error occurred during signature verification. 
-   */
-  public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request)
-    throws MOAException {
-
-    TransactionContext context =
-      TransactionContextManager.getInstance().getTransactionContext();
-    LoggingContext loggingCtx =
-      LoggingContextManager.getInstance().getLoggingContext();
-    XMLSignatureVerificationProfileFactory profileFactory =
-      new XMLSignatureVerificationProfileFactory(request);
-    VerifyXMLSignatureResponseBuilder responseBuilder =
-      new VerifyXMLSignatureResponseBuilder();
-    XMLSignatureVerificationResult result;
-    XMLSignatureVerificationProfile profile;
-    ReferencesCheckResult signatureManifestCheck;
-    DataObjectFactory dataObjFactory;
-    XMLDataObject signatureEnvironment;
-    Node signatureEnvironmentParent = null;
-    Element requestElement = null;
-    XMLSignature xmlSignature;
-    Date signingTime;
-    List supplements;
-    List dataObjectList;
-
-    // get the supplements
-    supplements = getSupplements(request);
-
-    // build XMLSignature
-    dataObjFactory = DataObjectFactory.getInstance();
-    signatureEnvironment =
-      dataObjFactory.createSignatureEnvironment(
-        request.getSignatureInfo().getVerifySignatureEnvironment(),
-        supplements);
-    xmlSignature = buildXMLSignature(signatureEnvironment, request);
-
-    // build the list of DataObjects
-    dataObjectList = buildDataObjectList(supplements);
-
-    // build profile
-    profile = profileFactory.createProfile();
-    
-    // get the signingTime
-    signingTime = request.getDateTime();
-
-    // make the signature environment the root of the document, if it is not a
-    // separate document anyway; this is done to assure that canonicalization
-    // of the signature environment contains the correct namespace declarations
-    requestElement =
-      signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
-    if (requestElement != signatureEnvironment.getElement()) {
-      signatureEnvironmentParent =
-        signatureEnvironment.getElement().getParentNode();
-      requestElement.getOwnerDocument().replaceChild(
-        signatureEnvironment.getElement(),
-        requestElement);
-    }
-
-    QCSSCDResult qcsscdresult = new QCSSCDResult();
-    String tpID =  profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
-    ConfigurationProvider config = ConfigurationProvider.getInstance();
-    TrustProfile tp = config.getTrustProfile(tpID);
-    
-    // verify the signature
-    try {
-      XMLSignatureVerificationModule module =
-        XMLSignatureVerificationModuleFactory.getInstance();
-
-      module.setLog(new IaikLog(loggingCtx.getNodeID()));
-
-      result =
-        module.verifySignature(
-          xmlSignature,
-          dataObjectList,
-          profile,
-          signingTime,
-          new TransactionId(context.getTransactionID()));
-    } catch (IAIKException e) {
-    	MOAException moaException = IaikExceptionMapper.getInstance().map(e);
-        throw moaException;
-    } catch (IAIKRuntimeException e) {
-        MOAException moaException = IaikExceptionMapper.getInstance().map(e);
-        throw moaException;
-    } 
-    
-
-    // QC/SSCD check
-    List list = result.getCertificateValidationResult().getCertificateChain();
-    if (list != null) {
-        X509Certificate[] chain = new X509Certificate[list.size()];
-        
-        Iterator it = list.iterator();
-        int i = 0;
-        while(it.hasNext()) {
-        	chain[i] = (X509Certificate)it.next();
-        	i++;
-        }
-        
-        qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
-    }
-    	
-
-    // get signer certificate issuer country code
-    String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0));
-    
-    // swap back in the request as root document
-    if (requestElement != signatureEnvironment.getElement()) {
-      requestElement.getOwnerDocument().replaceChild(
-        requestElement,
-        signatureEnvironment.getElement());
-      signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
-    }
-
-    // check the result
-    signatureManifestCheck =
-      validateSignatureManifest(request, result, profile);
-
-    // Check if signer certificate is in trust profile's allowed signer certificates pool
-    TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
-    CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
-
-
-    // build the response
-    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
-    return responseBuilder.getResponse();
-  }
-
-  /**
-   * Checks if the signer certificate matches one of the allowed signer certificates specified 
-   * in the provided <code>trustProfile</code>.
-   * 
-   * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
-   * 
-   * @param trustProfile The trust profile the signer certificate is validated against.
-   * 
-   * @return The overal result of the certificate validation for the signer certificate.
-   * 
-   * @throws MOAException if one of the signer certificates specified in the <code>trustProfile</code>
-   *                      cannot be read from the file system.
-   */
-  private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
-    throws MOAException
-  {
-    MessageProvider msg = MessageProvider.getInstance();
-    
-    int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
-    if (resultCode == 0 && trustProfile.getSignerCertsUri() != null)
-    {
-      X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult().getCertificateChain().get(0); 
-      
-      File signerCertsDir = null;
-      try
-      {
-        signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
-      }
-      catch (URIException e)
-      {
-        throw new MOASystemException("2900", null, e); // Should not happen, already checked at loading the MOA configuration
-      }
-      
-      File[] files = signerCertsDir.listFiles();
-      if (files == null) resultCode = 1;
-      int i;
-      for (i = 0; i < files.length; i++)
-      {
-        if (!files[i].isDirectory())
-        {
-          FileInputStream currentFIS = null;
-          try
-          {
-            currentFIS = new FileInputStream(files[i]);
-          }
-          catch (FileNotFoundException e) {
-            throw new MOASystemException("2900", null, e); 
-          }
-          
-          try
-          {
-            X509Certificate currentCert = new X509Certificate(currentFIS);
-            currentFIS.close();
-            if (currentCert.equals(signerCertificate)) break;
-          }
-          catch (Exception e)
-          {
-            // Simply ignore file if it cannot be interpreted as certificate
-            String logMsg = msg.getMessage("invoker.03", new Object[]{trustProfile.getId(), files[i].getName()});
-            Logger.warn(logMsg);
-            try
-            {
-              currentFIS.close();
-            }
-            catch (IOException e1) {
-              // If clean-up fails, do nothing
-            }
-          }
-        }
-      }
-      if (i >= files.length)
-      {
-        resultCode = 1; // No signer certificate from the trustprofile pool matches the actual signer certificate
-      }
-    }
-    
-    SPSSFactory factory = SPSSFactory.getInstance();
-    return factory.createCheckResult(resultCode, null);
-  }
-  
-  
-
-  /**
-   * Select the <code>dsig:Signature</code> DOM element within the signature
-   * environment.
-   * 
-   * @param signatureEnvironment The signature environment containing the
-   * <code>dsig:Signature</code>.
-   * @param request The <code>VerifyXMLSignatureRequest</code> containing the
-   * signature environment.
-   * @return The <code>dsig:Signature</code> element wrapped in a
-   * <code>XMLSignature</code> object.
-   * @throws MOAApplicationException An error occurred locating the
-   * <code>dsig:Signature</code>.
-   */
-  private XMLSignature buildXMLSignature(
-    XMLDataObject signatureEnvironment,
-    VerifyXMLSignatureRequest request)
-    throws MOAApplicationException {
-
-    VerifySignatureLocation signatureLocation =
-      request.getSignatureInfo().getVerifySignatureLocation();
-    Element signatureParent;
-
-    // evaluate the VerifySignatureLocation to get the signature parent
-    signatureParent =
-      InvokerUtils.evaluateSignatureLocation(
-        signatureEnvironment.getElement(),
-        signatureLocation);
-
-    // check for signatureParent to be a dsig:Signature element
-    if (!"Signature".equals(signatureParent.getLocalName())
-      || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
-      throw new MOAApplicationException("2266", null);
-    }
-
-    return new XMLSignatureImpl(signatureParent);
-  }
-
-  /**
-   * Build the supplemental data objects contained in the
-   * <code>VerifyXMLSignatureRequest</code>.
-   *  
-   * @param supplements A <code>List</code> of 
-   * <code>XMLDataObjectAssociation</code>s containing the supplement data.
-   * @return A <code>List</code> of <code>DataObject</code>s representing the
-   * supplemental data objects.
-   * @throws MOASystemException A system error occurred building one of the data
-   * objects.
-   * @throws MOAApplicationException An error occurred building one of the data
-   * objects.
-   */
-  private List buildDataObjectList(List supplements)
-    throws MOASystemException, MOAApplicationException {
-    List dataObjectList = new ArrayList();
-
-    DataObjectFactory factory = DataObjectFactory.getInstance();
-    DataObject dataObject;
-    Iterator iter;
-    
-    if (supplements != null) {
-      for (iter = supplements.iterator(); iter.hasNext();) {
-        XMLDataObjectAssociation supplement =
-          (XMLDataObjectAssociation) iter.next();
-        dataObject =
-          factory.createFromXmlDataObjectAssociation(supplement, true, false);
-        dataObjectList.add(dataObject);
-      }
-    }
-    
-    return dataObjectList;
-    
-  }
-
-  /**
-   * Get the supplemental data contained in the 
-   * <code>VerifyXMLSignatureRequest</code>.
-   * 
-   * @param request The <code>VerifyXMLSignatureRequest</code> containing the
-   * supplemental data.
-   * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> 
-   * objects containing the supplemental data.
-   * @throws MOAApplicationException An error occurred resolving one of the
-   * supplement profiles.
-   */
-  private List getSupplements(VerifyXMLSignatureRequest request)
-    throws MOAApplicationException {
-    TransactionContext context =
-      TransactionContextManager.getInstance().getTransactionContext();
-    ConfigurationProvider config = context.getConfiguration();
-    List supplementProfiles = request.getSupplementProfiles();
-    
-    List supplements = new ArrayList();
-    
-    if (supplementProfiles != null) {     
-      
-      List mappedProfiles =
-        ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
-      Iterator iter;
-
-      for (iter = mappedProfiles.iterator(); iter.hasNext();) {
-        SupplementProfileExplicit profile =
-          (SupplementProfileExplicit) iter.next();
-        supplements.add(profile.getSupplementProfile());
-      }
-     
-    }
-    return supplements;
-  }
-
-  /**
-   * Perform additional validations of the
-   * <code>XMLSignatureVerificationResult</code>.
-   * 
-   * <p> In particular, it is verified that:
-   * <ul>
-   * <li>Each <code>ReferenceData</code> object contains transformation
-   * chain that matches one of the <code>Transforms</code> given in the
-   * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code></li>
-   * <li>The hash values of the <code>TransformParameter</code>s are valid.
-   * </li>
-   * </ul>
-   * </p>
-   * 
-   * @param request The <code>VerifyXMLSignatureRequest</code> containing the
-   * signature to verify.
-   * @param result The result produced by
-   * <code>XMLSignatureVerificationModule</code>.
-   * @param profile The profile used for validating the <code>request</code>.
-   * @return The result of additional validations of the signature manifest.
-   * @throws MOAApplicationException Post-validation of the
-   * <code>XMLSignatureVerificaitonResult</code> failed.
-   */
-  private ReferencesCheckResult validateSignatureManifest(
-    VerifyXMLSignatureRequest request,
-    XMLSignatureVerificationResult result,
-    XMLSignatureVerificationProfile profile)
-    throws MOAApplicationException {
-
-    SPSSFactory factory = SPSSFactory.getInstance();
-    MessageProvider msg = MessageProvider.getInstance();
-
-    // validate that each ReferenceData object contains transforms specified
-    // in the corresponding SignatureManifestCheckParams/ReferenceInfo
-    if (request.getSignatureManifestCheckParams() != null) {
-      List refInfos =
-        request.getSignatureManifestCheckParams().getReferenceInfos();
-      List refDatas = filterReferenceInfos(result.getReferenceDataList());
-      List failedReferencesList = new ArrayList();
-      Iterator refInfoIter;
-      Iterator refDataIter;
-
-      if (refInfos.size() != refDatas.size()) {
-        return factory.createReferencesCheckResult(1, null);
-      }
-
-      refInfoIter = refInfos.iterator();
-      refDataIter =
-        filterReferenceInfos(result.getReferenceDataList()).iterator();
-
-      while (refInfoIter.hasNext()) {
-        ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
-        ReferenceData refData = (ReferenceData) refDataIter.next();
-        List transforms = buildTransformsList(refInfo);
-        boolean found = false;
-        Iterator trIter;
-
-        for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
-          found = trIter.next().equals(refData.getTransformationList());
-        }
-
-        if (!found) {
-          Integer refIndex = new Integer(refData.getReferenceIndex());
-          String logMsg =
-            msg.getMessage("invoker.01", new Object[] { refIndex });
-
-          failedReferencesList.add(refIndex);
-          Logger.debug(new LogMsg(logMsg));
-        }
-      }
-
-      if (!failedReferencesList.isEmpty()) {
-        // at least one reference failed - return their indexes and check code 1
-        int[] failedReferences =
-          CollectionUtils.toIntArray(failedReferencesList);
-        ReferencesCheckResultInfo checkInfo =
-          factory.createReferencesCheckResultInfo(null, failedReferences);
-
-        return factory.createReferencesCheckResult(1, checkInfo);
-      }
-    }
-
-    // validate the hashes contained in all the ReferenceInfo objects of the
-    // security layer manifest 
-    if (request.getSignatureManifestCheckParams() != null 
-      && result.containsSecurityLayerManifest()) {
-      Map hashValues = buildTransformParameterHashValues(request);
-      Set transformParameterURIs =
-        buildTransformParameterURIs(profile.getTransformationSupplements());
-      List referenceInfoList =
-        result.getSecurityLayerManifest().getReferenceDataList();
-      Iterator refIter;
-
-      for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
-        iaik.server.modules.xmlverify.ReferenceInfo ref =
-          (iaik.server.modules.xmlverify.ReferenceInfo) refIter.next();
-        byte[] hash = (byte[]) hashValues.get(ref.getURI());
-
-        if (!transformParameterURIs.contains(ref.getURI())
-          || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) {
-
-          // the transform parameter doesn't exist or the hashs do not match
-          // return the index of the failed reference and check code 1
-          int[] failedReferences = new int[] { ref.getReferenceIndex()};
-          ReferencesCheckResultInfo checkInfo =
-            factory.createReferencesCheckResultInfo(null, failedReferences);
-          String logMsg =
-            msg.getMessage(
-              "invoker.02",
-              new Object[] { new Integer(ref.getReferenceIndex())});
-
-          Logger.debug(new LogMsg(logMsg));
-
-          return factory.createReferencesCheckResult(1, checkInfo);
-        }
-      }
-    }
-
-    return factory.createReferencesCheckResult(0, null);
-  }
-
-  /**
-   * Get all <code>Transform</code>s contained in all the
-   * <code>VerifyTransformsInfoProfile</code>s of the given
-   * <code>ReferenceInfo</code>.
-   * 
-   * @param refInfo The <code>ReferenceInfo</code> object containing
-   * the transformations.
-   * @return A <code>List</code> of <code>List</code>s. Each of the
-   * <code>List</code>s contains <code>Transformation</code> objects.
-   * @throws MOAApplicationException An error occurred building one of the
-   * <code>Transformation</code>s.
-   */
-  private List buildTransformsList(ReferenceInfo refInfo)
-    throws MOAApplicationException {
-
-    TransactionContext context =
-      TransactionContextManager.getInstance().getTransactionContext();
-    ConfigurationProvider config = context.getConfiguration();
-    List profiles = refInfo.getVerifyTransformsInfoProfiles();
-    List mappedProfiles =
-      ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
-    List transformsList = new ArrayList();
-    TransformationFactory factory = TransformationFactory.getInstance();
-    Iterator iter;
-
-    for (iter = mappedProfiles.iterator(); iter.hasNext();) {
-      VerifyTransformsInfoProfileExplicit profile =
-        (VerifyTransformsInfoProfileExplicit) iter.next();
-      List transforms = profile.getTransforms();
-
-      if (transforms != null) {
-        transformsList.add(factory.createTransformationList(transforms));
-      }
-    }
-
-    return transformsList;
-  }
-
-  /**
-   * Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
-   * 
-   * @param transformParameters The <code>List</code> of 
-   * <code>TransformParameter</code>s, as provided to the verification. 
-   * @return The <code>Set</code> of all <code>TransformParameter</code> URIs. 
-   */
-  private Set buildTransformParameterURIs(List transformParameters) {
-    Set uris = new HashSet();
-    Iterator iter;
-
-    for (iter = transformParameters.iterator(); iter.hasNext();) {
-      DataObject transformParameter = (DataObject) iter.next();
-      uris.add(transformParameter.getURI());
-    }
-
-    return uris;
-  }
-
-  /**
-   * Build a mapping between <code>TransformParameter</code> URIs (a
-   * <code>String</code> and <code>dsig:HashValue</code> (a
-   * <code>byte[]</code>).
-   * 
-   * @param request The <code>VerifyXMLSignatureRequest</code>.
-   * @return Map The resulting mapping.
-   * @throws MOAApplicationException An error occurred accessing one of
-   * the profiles.
-   */
-  private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request)
-    throws MOAApplicationException {
-
-    TransactionContext context =
-      TransactionContextManager.getInstance().getTransactionContext();
-    ConfigurationProvider config = context.getConfiguration();
-    Map hashValues = new HashMap();
-    List refInfos =
-      request.getSignatureManifestCheckParams().getReferenceInfos();
-    Iterator refIter;
-
-    for (refIter = refInfos.iterator(); refIter.hasNext();) {
-      ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
-      List profiles = refInfo.getVerifyTransformsInfoProfiles();
-      List mappedProfiles =
-        ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
-      Iterator prIter;
-
-      for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
-        VerifyTransformsInfoProfileExplicit profile =
-          (VerifyTransformsInfoProfileExplicit) prIter.next();
-        List trParameters = profile.getTransformParameters();
-        Iterator trIter;
-
-        for (trIter = trParameters.iterator(); trIter.hasNext();) {
-          TransformParameter transformParameter =
-            (TransformParameter) trIter.next();
-          String uri = transformParameter.getURI();
-
-          if (transformParameter.getTransformParameterType()
-            == TransformParameter.HASH_TRANSFORMPARAMETER) {
-            hashValues.put(
-              uri,
-              ((TransformParameterHash) transformParameter).getDigestValue());
-          }
-
-        }
-      }
-    }
-    return hashValues;
-  }
-
-  /**
-   * Filter the <code>ReferenceInfo</code>s returned by the
-   * <code>VerifyXMLSignatureResult</code> for comparison with the
-   * <code>ReferenceInfo</code> elements in the request.
-   * 
-   * @param referenceInfos The <code>ReferenceInfo</code>s from the
-   * <code>VerifyXMLSignatureResult</code>.
-   * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type
-   * is not a XMLDsig manifest, Security Layer manifest, or ETSI signed
-   * property.
-   */
-  private List filterReferenceInfos(List referenceInfos) {
-    List filtered = new ArrayList();
-    Iterator iter;
-
-    for (iter = referenceInfos.iterator(); iter.hasNext();) {
-      iaik.server.modules.xmlverify.ReferenceInfo refInfo =
-        (iaik.server.modules.xmlverify.ReferenceInfo) iter.next();
-      String refType = refInfo.getReferenceType();
-
-      if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
-        filtered.add(refInfo);
-      }
-    }
-
-    return filtered;
-  }
+	/** The single instance of this class. */
+	private static XMLSignatureVerificationInvoker instance = null;
+
+	private static Set FILTERED_REF_TYPES;
+
+	static {
+		FILTERED_REF_TYPES = new HashSet();
+		FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
+		FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
+		FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
+		FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
+		FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
+	}
+
+	/**
+	 * Get the single instance of this class.
+	 * 
+	 * @return The single instance of this class.
+	 */
+	public static synchronized XMLSignatureVerificationInvoker getInstance() {
+		if (instance == null) {
+			instance = new XMLSignatureVerificationInvoker();
+		}
+		return instance;
+	}
+
+	/**
+	 * Create a new <code>XMLSignatureCreationInvoker</code>.
+	 * 
+	 * Protected to disallow multiple instances.
+	 */
+	protected XMLSignatureVerificationInvoker() {
+	}
+
+	/**
+	 * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
+	 * <code>XMLSignatureVerificationModule</code>.
+	 * 
+	 * @param request
+	 *            A <code>VerifyXMLSignatureRequest<code> API object 
+	 * containing the data for verifying an XML signature.
+	 * @return A <code>VerifyXMLSignatureResponse</code> containing the answert
+	 *         to the <code>VerifyXMLSignatureRequest</code>. MOA schema
+	 *         definition.
+	 * @throws MOAException
+	 *             An error occurred during signature verification.
+	 */
+	public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) throws MOAException {
+
+		TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+		LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
+		XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(request);
+		VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder();
+		ExtendedXMLSignatureVerificationResult result;
+		XMLSignatureVerificationProfile profile;
+		ReferencesCheckResult signatureManifestCheck;
+		DataObjectFactory dataObjFactory;
+		XMLDataObject signatureEnvironment;
+		Node signatureEnvironmentParent = null;
+		Element requestElement = null;
+		XMLSignature xmlSignature;
+		Date signingTime;
+		List supplements;
+		List dataObjectList;
+
+		// get the supplements
+		supplements = getSupplements(request);
+
+		// build XMLSignature
+		dataObjFactory = DataObjectFactory.getInstance();
+		signatureEnvironment = dataObjFactory
+				.createSignatureEnvironment(request.getSignatureInfo().getVerifySignatureEnvironment(), supplements);
+		xmlSignature = buildXMLSignature(signatureEnvironment, request);
+
+		// build the list of DataObjects
+		dataObjectList = buildDataObjectList(supplements);
+
+		// build profile
+		profile = profileFactory.createProfile();
+
+		// get the signingTime
+		signingTime = request.getDateTime();
+
+		// make the signature environment the root of the document, if it is not
+		// a
+		// separate document anyway; this is done to assure that
+		// canonicalization
+		// of the signature environment contains the correct namespace
+		// declarations
+		requestElement = signatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
+		if (requestElement != signatureEnvironment.getElement()) {
+			signatureEnvironmentParent = signatureEnvironment.getElement().getParentNode();
+			requestElement.getOwnerDocument().replaceChild(signatureEnvironment.getElement(), requestElement);
+		}
+
+		QCSSCDResult qcsscdresult = new QCSSCDResult();
+		String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
+		ConfigurationProvider config = ConfigurationProvider.getInstance();
+		TrustProfile tp = config.getTrustProfile(tpID);
+
+		// verify the signature
+		try {
+			XMLSignatureVerificationModule module = XMLSignatureVerificationModuleFactory.getInstance();
+
+			module.setLog(new IaikLog(loggingCtx.getNodeID()));
+
+			result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime,
+					new TransactionId(context.getTransactionID()));
+		} catch (IAIKException e) {
+			MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+			throw moaException;
+		} catch (IAIKRuntimeException e) {
+			MOAException moaException = IaikExceptionMapper.getInstance().map(e);
+			throw moaException;
+		}
+
+		List adesResults = getAdESResult(result.getFormVerificationResult());
+
+		if (adesResults != null) {
+			Iterator adesIterator = adesResults.iterator();
+			while (adesIterator.hasNext()) {
+				Logger.info("ADES Formresults: " + adesIterator.next().toString());
+			}
+		}
+
+		responseBuilder.setAdESFormResults(adesResults);
+
+		// QC/SSCD check
+		List list = result.getXMLSignatureVerificationResult().getCertificateValidationResult().getCertificateChain();
+		if (list != null) {
+			X509Certificate[] chain = new X509Certificate[list.size()];
+
+			Iterator it = list.iterator();
+			int i = 0;
+			while (it.hasNext()) {
+				chain[i] = (X509Certificate) it.next();
+				i++;
+			}
+
+			qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled());
+		}
+
+		// get signer certificate issuer country code
+		String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
+
+		// swap back in the request as root document
+		if (requestElement != signatureEnvironment.getElement()) {
+			requestElement.getOwnerDocument().replaceChild(requestElement, signatureEnvironment.getElement());
+			signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
+		}
+
+		// check the result
+		signatureManifestCheck = validateSignatureManifest(request, result.getXMLSignatureVerificationResult(),
+				profile);
+
+		// Check if signer certificate is in trust profile's allowed signer
+		// certificates pool
+		TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+		CheckResult certificateCheck = validateSignerCertificate(result.getXMLSignatureVerificationResult(),
+				trustProfile);
+
+		// build the response
+		responseBuilder.setResult(result.getXMLSignatureVerificationResult(), profile, signatureManifestCheck,
+				certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(),
+				qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode);
+		return responseBuilder.getResponse();
+	}
+
+	/**
+	 * Checks if the signer certificate matches one of the allowed signer
+	 * certificates specified in the provided <code>trustProfile</code>.
+	 * 
+	 * @param result
+	 *            The result produced by the
+	 *            <code>XMLSignatureVerificationModule</code>.
+	 * 
+	 * @param trustProfile
+	 *            The trust profile the signer certificate is validated against.
+	 * 
+	 * @return The overal result of the certificate validation for the signer
+	 *         certificate.
+	 * 
+	 * @throws MOAException
+	 *             if one of the signer certificates specified in the
+	 *             <code>trustProfile</code> cannot be read from the file
+	 *             system.
+	 */
+	private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile)
+			throws MOAException {
+		MessageProvider msg = MessageProvider.getInstance();
+
+		int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue();
+		if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) {
+			X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult()
+					.getCertificateChain().get(0);
+
+			File signerCertsDir = null;
+			try {
+				signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath());
+			} catch (URIException e) {
+				throw new MOASystemException("2900", null, e); // Should not
+																// happen,
+																// already
+																// checked at
+																// loading the
+																// MOA
+																// configuration
+			}
+
+			File[] files = signerCertsDir.listFiles();
+			if (files == null)
+				resultCode = 1;
+			int i;
+			for (i = 0; i < files.length; i++) {
+				if (!files[i].isDirectory()) {
+					FileInputStream currentFIS = null;
+					try {
+						currentFIS = new FileInputStream(files[i]);
+					} catch (FileNotFoundException e) {
+						throw new MOASystemException("2900", null, e);
+					}
+
+					try {
+						X509Certificate currentCert = new X509Certificate(currentFIS);
+						currentFIS.close();
+						if (currentCert.equals(signerCertificate))
+							break;
+					} catch (Exception e) {
+						// Simply ignore file if it cannot be interpreted as
+						// certificate
+						String logMsg = msg.getMessage("invoker.03",
+								new Object[] { trustProfile.getId(), files[i].getName() });
+						Logger.warn(logMsg);
+						try {
+							currentFIS.close();
+						} catch (IOException e1) {
+							// If clean-up fails, do nothing
+						}
+					}
+				}
+			}
+			if (i >= files.length) {
+				resultCode = 1; // No signer certificate from the trustprofile
+								// pool matches the actual signer certificate
+			}
+		}
+
+		SPSSFactory factory = SPSSFactory.getInstance();
+		return factory.createCheckResult(resultCode, null);
+	}
+
+	/**
+	 * Select the <code>dsig:Signature</code> DOM element within the signature
+	 * environment.
+	 * 
+	 * @param signatureEnvironment
+	 *            The signature environment containing the
+	 *            <code>dsig:Signature</code>.
+	 * @param request
+	 *            The <code>VerifyXMLSignatureRequest</code> containing the
+	 *            signature environment.
+	 * @return The <code>dsig:Signature</code> element wrapped in a
+	 *         <code>XMLSignature</code> object.
+	 * @throws MOAApplicationException
+	 *             An error occurred locating the <code>dsig:Signature</code>.
+	 */
+	private XMLSignature buildXMLSignature(XMLDataObject signatureEnvironment, VerifyXMLSignatureRequest request)
+			throws MOAApplicationException {
+
+		VerifySignatureLocation signatureLocation = request.getSignatureInfo().getVerifySignatureLocation();
+		Element signatureParent;
+
+		// evaluate the VerifySignatureLocation to get the signature parent
+		signatureParent = InvokerUtils.evaluateSignatureLocation(signatureEnvironment.getElement(), signatureLocation);
+
+		// check for signatureParent to be a dsig:Signature element
+		if (!"Signature".equals(signatureParent.getLocalName())
+				|| !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) {
+			throw new MOAApplicationException("2266", null);
+		}
+
+		return new XMLSignatureImpl(signatureParent);
+	}
+
+	/**
+	 * Build the supplemental data objects contained in the
+	 * <code>VerifyXMLSignatureRequest</code>.
+	 * 
+	 * @param supplements
+	 *            A <code>List</code> of <code>XMLDataObjectAssociation</code>s
+	 *            containing the supplement data.
+	 * @return A <code>List</code> of <code>DataObject</code>s representing the
+	 *         supplemental data objects.
+	 * @throws MOASystemException
+	 *             A system error occurred building one of the data objects.
+	 * @throws MOAApplicationException
+	 *             An error occurred building one of the data objects.
+	 */
+	private List buildDataObjectList(List supplements) throws MOASystemException, MOAApplicationException {
+		List dataObjectList = new ArrayList();
+
+		DataObjectFactory factory = DataObjectFactory.getInstance();
+		DataObject dataObject;
+		Iterator iter;
+
+		if (supplements != null) {
+			for (iter = supplements.iterator(); iter.hasNext();) {
+				XMLDataObjectAssociation supplement = (XMLDataObjectAssociation) iter.next();
+				dataObject = factory.createFromXmlDataObjectAssociation(supplement, true, false);
+				dataObjectList.add(dataObject);
+			}
+		}
+
+		return dataObjectList;
+
+	}
+
+	/**
+	 * Get the supplemental data contained in the
+	 * <code>VerifyXMLSignatureRequest</code>.
+	 * 
+	 * @param request
+	 *            The <code>VerifyXMLSignatureRequest</code> containing the
+	 *            supplemental data.
+	 * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>
+	 *         objects containing the supplemental data.
+	 * @throws MOAApplicationException
+	 *             An error occurred resolving one of the supplement profiles.
+	 */
+	private List getSupplements(VerifyXMLSignatureRequest request) throws MOAApplicationException {
+		TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+		ConfigurationProvider config = context.getConfiguration();
+		List supplementProfiles = request.getSupplementProfiles();
+
+		List supplements = new ArrayList();
+
+		if (supplementProfiles != null) {
+
+			List mappedProfiles = ProfileMapper.mapSupplementProfiles(supplementProfiles, config);
+			Iterator iter;
+
+			for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+				SupplementProfileExplicit profile = (SupplementProfileExplicit) iter.next();
+				supplements.add(profile.getSupplementProfile());
+			}
+
+		}
+		return supplements;
+	}
+
+	/**
+	 * Perform additional validations of the
+	 * <code>XMLSignatureVerificationResult</code>.
+	 * 
+	 * <p>
+	 * In particular, it is verified that:
+	 * <ul>
+	 * <li>Each <code>ReferenceData</code> object contains transformation chain
+	 * that matches one of the <code>Transforms</code> given in the
+	 * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code>
+	 * </li>
+	 * <li>The hash values of the <code>TransformParameter</code>s are valid.
+	 * </li>
+	 * </ul>
+	 * </p>
+	 * 
+	 * @param request
+	 *            The <code>VerifyXMLSignatureRequest</code> containing the
+	 *            signature to verify.
+	 * @param result
+	 *            The result produced by
+	 *            <code>XMLSignatureVerificationModule</code>.
+	 * @param profile
+	 *            The profile used for validating the <code>request</code>.
+	 * @return The result of additional validations of the signature manifest.
+	 * @throws MOAApplicationException
+	 *             Post-validation of the
+	 *             <code>XMLSignatureVerificaitonResult</code> failed.
+	 */
+	private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest request,
+			XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile)
+					throws MOAApplicationException {
+
+		SPSSFactory factory = SPSSFactory.getInstance();
+		MessageProvider msg = MessageProvider.getInstance();
+
+		// validate that each ReferenceData object contains transforms specified
+		// in the corresponding SignatureManifestCheckParams/ReferenceInfo
+		if (request.getSignatureManifestCheckParams() != null) {
+			List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
+			List refDatas = filterReferenceInfos(result.getReferenceDataList());
+			List failedReferencesList = new ArrayList();
+			Iterator refInfoIter;
+			Iterator refDataIter;
+
+			if (refInfos.size() != refDatas.size()) {
+				return factory.createReferencesCheckResult(1, null);
+			}
+
+			refInfoIter = refInfos.iterator();
+			refDataIter = filterReferenceInfos(result.getReferenceDataList()).iterator();
+
+			while (refInfoIter.hasNext()) {
+				ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next();
+				ReferenceData refData = (ReferenceData) refDataIter.next();
+				List transforms = buildTransformsList(refInfo);
+				boolean found = false;
+				Iterator trIter;
+
+				for (trIter = transforms.iterator(); trIter.hasNext() && !found;) {
+					found = trIter.next().equals(refData.getTransformationList());
+				}
+
+				if (!found) {
+					Integer refIndex = new Integer(refData.getReferenceIndex());
+					String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex });
+
+					failedReferencesList.add(refIndex);
+					Logger.debug(new LogMsg(logMsg));
+				}
+			}
+
+			if (!failedReferencesList.isEmpty()) {
+				// at least one reference failed - return their indexes and
+				// check code 1
+				int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList);
+				ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, failedReferences);
+
+				return factory.createReferencesCheckResult(1, checkInfo);
+			}
+		}
+
+		// validate the hashes contained in all the ReferenceInfo objects of the
+		// security layer manifest
+		if (request.getSignatureManifestCheckParams() != null && result.containsSecurityLayerManifest()) {
+			Map hashValues = buildTransformParameterHashValues(request);
+			Set transformParameterURIs = buildTransformParameterURIs(profile.getTransformationSupplements());
+			List referenceInfoList = result.getSecurityLayerManifest().getReferenceDataList();
+			Iterator refIter;
+
+			for (refIter = referenceInfoList.iterator(); refIter.hasNext();) {
+				iaik.server.modules.xmlverify.ReferenceInfo ref = (iaik.server.modules.xmlverify.ReferenceInfo) refIter
+						.next();
+				byte[] hash = (byte[]) hashValues.get(ref.getURI());
+
+				if (!transformParameterURIs.contains(ref.getURI())
+						|| (hash != null && !Arrays.equals(hash, ref.getHashValue()))) {
+
+					// the transform parameter doesn't exist or the hashs do not
+					// match
+					// return the index of the failed reference and check code 1
+					int[] failedReferences = new int[] { ref.getReferenceIndex() };
+					ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null,
+							failedReferences);
+					String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref.getReferenceIndex()) });
+
+					Logger.debug(new LogMsg(logMsg));
+
+					return factory.createReferencesCheckResult(1, checkInfo);
+				}
+			}
+		}
+
+		return factory.createReferencesCheckResult(0, null);
+	}
+
+	/**
+	 * Get all <code>Transform</code>s contained in all the
+	 * <code>VerifyTransformsInfoProfile</code>s of the given
+	 * <code>ReferenceInfo</code>.
+	 * 
+	 * @param refInfo
+	 *            The <code>ReferenceInfo</code> object containing the
+	 *            transformations.
+	 * @return A <code>List</code> of <code>List</code>s. Each of the
+	 *         <code>List</code>s contains <code>Transformation</code> objects.
+	 * @throws MOAApplicationException
+	 *             An error occurred building one of the
+	 *             <code>Transformation</code>s.
+	 */
+	private List buildTransformsList(ReferenceInfo refInfo) throws MOAApplicationException {
+
+		TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+		ConfigurationProvider config = context.getConfiguration();
+		List profiles = refInfo.getVerifyTransformsInfoProfiles();
+		List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+		List transformsList = new ArrayList();
+		TransformationFactory factory = TransformationFactory.getInstance();
+		Iterator iter;
+
+		for (iter = mappedProfiles.iterator(); iter.hasNext();) {
+			VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) iter.next();
+			List transforms = profile.getTransforms();
+
+			if (transforms != null) {
+				transformsList.add(factory.createTransformationList(transforms));
+			}
+		}
+
+		return transformsList;
+	}
+
+	/**
+	 * Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
+	 * 
+	 * @param transformParameters
+	 *            The <code>List</code> of <code>TransformParameter</code>s, as
+	 *            provided to the verification.
+	 * @return The <code>Set</code> of all <code>TransformParameter</code> URIs.
+	 */
+	private Set buildTransformParameterURIs(List transformParameters) {
+		Set uris = new HashSet();
+		Iterator iter;
+
+		for (iter = transformParameters.iterator(); iter.hasNext();) {
+			DataObject transformParameter = (DataObject) iter.next();
+			uris.add(transformParameter.getURI());
+		}
+
+		return uris;
+	}
+
+	/**
+	 * Build a mapping between <code>TransformParameter</code> URIs (a
+	 * <code>String</code> and <code>dsig:HashValue</code> (a
+	 * <code>byte[]</code>).
+	 * 
+	 * @param request
+	 *            The <code>VerifyXMLSignatureRequest</code>.
+	 * @return Map The resulting mapping.
+	 * @throws MOAApplicationException
+	 *             An error occurred accessing one of the profiles.
+	 */
+	private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request) throws MOAApplicationException {
+
+		TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+		ConfigurationProvider config = context.getConfiguration();
+		Map hashValues = new HashMap();
+		List refInfos = request.getSignatureManifestCheckParams().getReferenceInfos();
+		Iterator refIter;
+
+		for (refIter = refInfos.iterator(); refIter.hasNext();) {
+			ReferenceInfo refInfo = (ReferenceInfo) refIter.next();
+			List profiles = refInfo.getVerifyTransformsInfoProfiles();
+			List mappedProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config);
+			Iterator prIter;
+
+			for (prIter = mappedProfiles.iterator(); prIter.hasNext();) {
+				VerifyTransformsInfoProfileExplicit profile = (VerifyTransformsInfoProfileExplicit) prIter.next();
+				List trParameters = profile.getTransformParameters();
+				Iterator trIter;
+
+				for (trIter = trParameters.iterator(); trIter.hasNext();) {
+					TransformParameter transformParameter = (TransformParameter) trIter.next();
+					String uri = transformParameter.getURI();
+
+					if (transformParameter.getTransformParameterType() == TransformParameter.HASH_TRANSFORMPARAMETER) {
+						hashValues.put(uri, ((TransformParameterHash) transformParameter).getDigestValue());
+					}
+
+				}
+			}
+		}
+		return hashValues;
+	}
+
+	/**
+	 * Filter the <code>ReferenceInfo</code>s returned by the
+	 * <code>VerifyXMLSignatureResult</code> for comparison with the
+	 * <code>ReferenceInfo</code> elements in the request.
+	 * 
+	 * @param referenceInfos
+	 *            The <code>ReferenceInfo</code>s from the
+	 *            <code>VerifyXMLSignatureResult</code>.
+	 * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type
+	 *         is not a XMLDsig manifest, Security Layer manifest, or ETSI
+	 *         signed property.
+	 */
+	private List filterReferenceInfos(List referenceInfos) {
+		List filtered = new ArrayList();
+		Iterator iter;
+
+		for (iter = referenceInfos.iterator(); iter.hasNext();) {
+			iaik.server.modules.xmlverify.ReferenceInfo refInfo = (iaik.server.modules.xmlverify.ReferenceInfo) iter
+					.next();
+			String refType = refInfo.getReferenceType();
+
+			if (refType == null || !FILTERED_REF_TYPES.contains(refType)) {
+				filtered.add(refInfo);
+			}
+		}
+
+		return filtered;
+	}
+
+	private List getAdESResult(AdESFormVerificationResult adesFormVerification) {
+		if (adesFormVerification == null) {
+			// no form information
+			return null;
+		}
+
+		List adesList = new ArrayList();
+
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA),
+				SignatureVerificationProfile.LEVEL_LTA, adesList);
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT),
+				SignatureVerificationProfile.LEVEL_LT, adesList);
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T),
+				SignatureVerificationProfile.LEVEL_T, adesList);
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B),
+				SignatureVerificationProfile.LEVEL_B, adesList);
+
+		return adesList;
+	}
+
+	private void checkSubResult(AdESVerificationResult subResult, String level, List adesList) {
+		if (subResult != null) {
+			Logger.info("Checking Level: " + level);
+			try {
+				AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl();
+				adESFormResultsImpl.setCode(subResult.getResultCode());
+				adESFormResultsImpl.setInfo(subResult.getInfo());
+				adESFormResultsImpl.setName(subResult.getName());
+
+				adesList.add(adESFormResultsImpl);
+			} catch (NullPointerException e) {
+				Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e);
+			}
+		}
+	}
 
 }
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
index bacd7cb..aaa41c1 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
@@ -1,14 +1,22 @@
 package at.gv.egovernment.moa.spss.server.initializer;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.init.ExternalInitializer;
 import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker;
 
 public class PDFASInitializer implements ExternalInitializer {
 
+	private static final Logger logger = LoggerFactory.getLogger(PDFASInitializer.class);
+	
 	@Override
 	public void initialize(ConfigurationProvider configurationProvider) {
 		String pdfAsConfiguration = configurationProvider.getPDFASConfiguration();
+		
+		logger.info("Running PDFASInitializer with pdf as cfg: {}", pdfAsConfiguration);
+		
 		if(pdfAsConfiguration != null) {
 			PDFASInvoker
 			.init(pdfAsConfiguration);
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
index 97bf58b..7f638fa 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
@@ -18,8 +18,11 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter;
 import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
 import at.gv.egiz.pdfas.sigs.pades.PAdESSigner;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.pdfas.InternalMoaConnector;
+import at.gv.egovernment.moa.spss.server.pdfas.InternalMoaVerifier;
 import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRequest;
 import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRespone;
 import at.gv.egovernment.moa.spss.server.xmlbind.PDFSignatureInfo;
@@ -48,7 +51,7 @@ public class PDFASInvoker {
 		return instance;
 	}
 
-	public VerifyPDFResponse verifyPDFSignature(VerifyPDFRequest verifyPDFRequest, String transactionId) {
+	public VerifyPDFResponse verifyPDFSignature(VerifyPDFRequest verifyPDFRequest) throws MOAException {
 		Configuration pdfConfiguration = this.pdfAS.getConfiguration();
 		
 		VerifyPDFResponse verifyPDFResponse = new VerifyPDFResponse();
@@ -56,21 +59,14 @@ public class PDFASInvoker {
 		VerifyParameter verifyParameter = PdfAsFactory.createVerifyParameter(pdfConfiguration, new ByteArrayDataSource(
 				verifyPDFRequest.getSignedPDF()));
 		
+		pdfConfiguration.setValue(InternalMoaVerifier.MOA_TRUSTPROFILE, verifyPDFRequest.getTrustProfileID());
+		
 		try {
 			List<VerifyResult> verifyResults = this.pdfAS.verify(verifyParameter);
-			verifyPDFResponse.setResponseType(VerifyPDFResponse.SUCCESS_SIGNATURE);
 			verifyPDFResponse.setVerificationResults(verifyResults);
 		} catch (Throwable e) {
-			if (e instanceof PDFASError) {
-				PDFASError pdfAsError = (PDFASError) e;
-				Logger.warn("Failed to generate signed PDF document", e);
-				verifyPDFResponse.setErrorCode((int) pdfAsError.getCode());
-				verifyPDFResponse.setErrorInfo(pdfAsError.getInfo());
-			} else {
-				Logger.error("Unknown exception!: ", e);
-				verifyPDFResponse.setErrorCode(9999);
-				verifyPDFResponse.setErrorInfo("Nicht klassifizierter Fehler");
-			}
+			Logger.warn("Failed to generate signed PDF document", e);
+			throw new MOAApplicationException("Failed to generate signed PDF document", null, e);
 		}
 		
 		return verifyPDFResponse;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
index 6edee0d..f12a2d1 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
@@ -13,6 +13,8 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsErrorCarrier;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
 import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
 import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
@@ -52,9 +54,10 @@ public class InternalMoaConnector implements ISignatureConnector {
 		this.transactionId = transactionId;
 		this.clientCert = clientCert;
 	}
-
+	@SuppressWarnings({ "rawtypes", "unchecked" })
 	private Set buildKeySet(String keyGroupID, KeyModule module) throws ConfigurationException {
 		ConfigurationProvider config = ConfigurationProvider.getInstance();
+		
 		Set keyGroupEntries;
 
 		// get the KeyGroup entries from the configuration
@@ -95,6 +98,7 @@ public class InternalMoaConnector implements ISignatureConnector {
 	}
 
 	@Override
+	@SuppressWarnings("rawtypes")
 	public X509Certificate getCertificate(SignParameter parameter) throws PdfAsException {
 		KeyModule module = KeyModuleFactory.getInstance(this.transactionId);
 
@@ -161,6 +165,7 @@ public class InternalMoaConnector implements ISignatureConnector {
 		throw new PdfAsException("Failed to find keys available for Key Identifier: " + this.keyIdentifier);
 	}
 
+	@SuppressWarnings("unchecked")
 	@Override
 	public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter, RequestedSignature requestedSignature)
 			throws PdfAsException {
@@ -207,6 +212,8 @@ public class InternalMoaConnector implements ISignatureConnector {
 			if(createCMSSignatureResponseElement.getResponseType() 
 					== CreateCMSSignatureResponseElement.ERROR_RESPONSE) { 
 				ErrorResponse errorResponse = (ErrorResponse) createCMSSignatureResponseElement;
+				Logger.error("Failed to create signature " + errorResponse.getErrorCode() + " " + errorResponse.getInfo());
+				throw new PdfAsErrorCarrier(new PDFASError(errorResponse.getErrorCode(), errorResponse.getInfo()));
 			} else if(createCMSSignatureResponseElement.getResponseType() 
 					== CreateCMSSignatureResponseElement.CMS_SIGNATURE ) {
 				CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) createCMSSignatureResponseElement;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
index f937495..e59fe50 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
@@ -18,7 +18,6 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLeve
 import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
 import at.gv.egiz.pdfas.lib.impl.verify.IVerifier;
 import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
-import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
@@ -68,6 +67,7 @@ public class InternalMoaVerifier implements IVerifier {
 		try {
 			VerifyCMSSignatureResponse verifyCMSSignatureResponse = CMSSignatureVerificationInvoker.getInstance()
 					.verifyCMSSignature(verifyCMSSignatureRequest);
+			@SuppressWarnings("rawtypes")
 			Iterator iter;
 			for (iter = verifyCMSSignatureResponse.getResponseElements().iterator(); iter.hasNext();) {
 				VerifyCMSSignatureResponseElement responseElement = (VerifyCMSSignatureResponseElement) iter.next();
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
index c8a0f68..5fe96ef 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
@@ -55,6 +55,7 @@ public class CertificateProviderServlet extends HttpServlet {
 	 *         available keys.
 	 * @throws ConfigurationException
 	 */
+	@SuppressWarnings({ "rawtypes", "unchecked" })
 	private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module)
 			throws ConfigurationException {
 		ConfigurationProvider config = ConfigurationProvider.getInstance();
@@ -108,6 +109,7 @@ public class CertificateProviderServlet extends HttpServlet {
 		return null;
 	}
 
+	@SuppressWarnings("rawtypes")
 	public void doGet(HttpServletRequest request, HttpServletResponse response)
 			throws ServletException, IOException {
 		try {
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
index 8bdfb65..bfefaec 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -67,6 +67,7 @@ public class ConfigurationServlet extends HttpServlet {
    * 
    * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
    */
+  @SuppressWarnings({ "rawtypes", "unchecked" })
   public void doGet(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
 
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
index 40b287d..8f579cb 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
@@ -39,9 +39,14 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker;
 import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFRequest;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFRequestParser;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFResponse;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFResponseBuilder;
 import at.gv.egovernment.moa.util.StreamUtils;
 
 /**
@@ -63,20 +68,20 @@ public class SignatureVerificationService {
 	   */
 	  public Element[] VerifyPDFSignatureRequest(Element[] request)
 	    throws AxisFault {
-	    CMSSignatureVerificationInvoker invoker =
-	      CMSSignatureVerificationInvoker.getInstance();
+	    PDFASInvoker invoker =
+	    		PDFASInvoker.getInstance();
 	    Element[] response = new Element[1];
 	    
 	    try {
 	             
 	      // create a parser and builder for binding API objects to/from XML
-	      VerifyCMSSignatureRequestParser requestParser =
-	        new VerifyCMSSignatureRequestParser();
-	      VerifyCMSSignatureResponseBuilder responseBuilder =
-	        new VerifyCMSSignatureResponseBuilder();
+	      VerifyPDFRequestParser requestParser =
+	        new VerifyPDFRequestParser();
+	      VerifyPDFResponseBuilder responseBuilder =
+	        new VerifyPDFResponseBuilder();
 	      Element reparsedReq;
-	      VerifyCMSSignatureRequest requestObj;
-	      VerifyCMSSignatureResponse responseObj;
+	      VerifyPDFRequest requestObj;
+	      VerifyPDFResponse responseObj;
 
 	      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
 	      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
@@ -87,7 +92,7 @@ public class SignatureVerificationService {
 	      requestObj = requestParser.parse(reparsedReq);
 
 	      // invoke the core logic
-	      responseObj = invoker.verifyCMSSignature(requestObj);
+	      responseObj = invoker.verifyPDFSignature(requestObj);
 
 	      // map back to XML
 	      response[0] = responseBuilder.build(responseObj).getDocumentElement();
diff --git a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
index 3b852ca..67a897c 100644
--- a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
+++ b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
@@ -279,6 +279,7 @@
 			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
 			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
 			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+			<xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
 		</xsd:sequence>
 	</xsd:complexType>
 	<xsd:simpleType name="ProfileIdentifierType">
@@ -412,6 +413,12 @@
 			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
 		</xsd:sequence>
 	</xsd:complexType>
+	<xsd:complexType name="FormResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger" minOccurs="1" maxOccurs="1"/>
+			<xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
 	<xsd:complexType name="ReferencesCheckResultType">
 		<xsd:complexContent>
 			<xsd:restriction base="CheckResultType">
-- 
cgit v1.2.3