From 01299bf25b53a4f632c20b87714d5e1b314450da Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 18 Feb 2025 10:38:34 +0100
Subject: feat(sign): add RSASSA-PSS support

---
 .../server/config/ConfigurationPartsBuilder.java   |  52 +++++++-
 .../spss/server/config/ConfigurationProvider.java  |  14 ++
 .../moa/spss/server/config/KeyGroup.java           |  32 ++++-
 .../cmssign/CMSSignatureCreationProfileImpl.java   | 143 +++++++++++++--------
 .../xmlsign/XMLSignatureCreationProfileImpl.java   |  36 +++++-
 .../server/invoke/CMSSignatureCreationInvoker.java |  14 +-
 .../invoke/XMLSignatureCreationProfileFactory.java |  12 +-
 7 files changed, 239 insertions(+), 64 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 75da0a6..ff2f9a5 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -154,6 +154,11 @@ public class ConfigurationPartsBuilder {
   private static final String KEYGROUP_MAPPING_XPATH =
       ROOT + CONF + "SignatureCreation/"
           + CONF + "KeyGroupMapping";
+
+  private static final String SIGN_PARAMS_XPATH =
+      ROOT + CONF + "SignatureCreation/"
+          + CONF + "Signing";
+
   private static final String ISSUER_XPATH =
       DSIG + "X509IssuerName";
   private static final String SERIAL_XPATH =
@@ -759,9 +764,22 @@ public class ConfigurationPartsBuilder {
 
       final String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF
           + "DigestMethodAlgorithm", null);
-      final Set keyGroupEntries =
-          buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
-      final KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm);
+      final Set keyGroupEntries = buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
+
+      String rsaSsaPssAttr = keyGroupElem.getAttribute("RSASSA-PSS");
+      Boolean useRsaSsaPss = null;
+      if (org.apache.commons.lang3.StringUtils.isNotEmpty(rsaSsaPssAttr)) {
+        useRsaSsaPss = Boolean.valueOf(keyGroupElem.getAttribute("RSASSA-PSS"));
+        Logger.info((useRsaSsaPss ? "Enable" : "Disable")
+            + " RSASSA-PSS as primary signature-algorithm for keyGroup: " + keyGroupId);
+
+      } else {
+        Logger.debug("RSASSA-PSS is not defined for keyGroup: " + keyGroupId);
+
+      }
+
+      final KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries,
+          keyGroupDigestMethodAlgorithm, useRsaSsaPss);
 
       if (keyGroups.containsKey(keyGroupId)) {
         warn("config.04", new Object[] { "KeyGroup", keyGroupId });
@@ -1770,6 +1788,33 @@ public class ConfigurationPartsBuilder {
     return map;
   }
 
+  /**
+   * Use RSASSA-PSS algorithm if it's supported by Key-Material.
+   *
+   * <p>
+   * <b>Default: </b> <code>true</code>
+   * </p>
+   *
+   * @return <code>true</code> if RSASSA-PSS should be used, otherwise false.
+   */
+  public boolean isRsaSsaPssEnabled() {
+    final NodeIterator modIter = XPathUtils.selectNodeIterator(
+        getConfigElem(),
+        SIGN_PARAMS_XPATH);
+
+
+    Element modElem;
+    if ((modElem = (Element) modIter.nextNode()) != null) {
+      Boolean value = Boolean.valueOf(modElem.getAttribute("RSASSA-PSS"));
+      Logger.debug((value ? "Enable" : "Disable") + " RSASSA-PSS as primary signature-algorithm for RSA");
+      return value;
+
+    } else {
+      Logger.debug("Enable RSASSA-PSS as primary signature-algorithm for RSA");
+      return true;
+
+    }
+  }
 
   /**
    * Should ETSI extension should be used for short-time certificate validation.
@@ -1792,6 +1837,7 @@ public class ConfigurationPartsBuilder {
     return SHORT_TIME_CERT_DEFAULT_ETSI;
   }
 
+
   /**
    * Get default shortTime certificate interval.
    *
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 3c720a1..6856e56 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -103,6 +103,9 @@ public class ConfigurationProvider {
   /** The default canonicalization algorithm name */
   private String canonicalizationAlgorithmName;
 
+  /** The default of use RSASSA-PSS if supported */
+  private boolean useRsaSsaPss;
+
   /** The XAdES version used for signature creation */
   private String xadesVersion;
 
@@ -375,6 +378,8 @@ public class ConfigurationProvider {
       // check TSL configuration
       checkTSLConfiguration();
 
+      useRsaSsaPss = builder.isRsaSsaPssEnabled();
+
       digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
       canonicalizationAlgorithmName =
           builder.getCanonicalizationAlgorithmName();
@@ -555,6 +560,15 @@ public class ConfigurationProvider {
     return digestMethodAlgorithmName;
   }
 
+  /**
+   * Use RSASSA-PSS algorithm if it's supported by Key-Material.
+   *
+   * @return <code>true</code> if RSASSA-PSS should be used, otherwise false.
+   */
+  public boolean isUseRsaSsaPss() {
+    return useRsaSsaPss;
+  }
+
   /**
    * Return the XAdES version used for signature creation.
    *
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
index faeaf82..fc374ab 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
@@ -42,6 +42,9 @@ public class KeyGroup {
   /** The digest method algorithm for the key group */
   private final String digestMethodAlgorithm;
 
+  /** Use RSASSA-PSS if supported */
+  private final Boolean useRsaSsaPss;
+
   /**
    * Create a <code>KeyGroup</code>.
    *
@@ -51,9 +54,25 @@ public class KeyGroup {
    * @param digestMethodAlgorithm The signature algorithm used for this key group
    */
   public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm) {
+    this(id, keyGroupEntries, digestMethodAlgorithm, true);
+
+  }
+
+  /**
+   * Create a <code>KeyGroup</code>.
+   *
+   * @param id                    The ID of this <code>KeyGroup</code>.
+   * @param keyGroupEntries       The keys belonging to this
+   *                              <code>KeyGroup</code>.
+   * @param useRsaSsaPss          Use RSASSA-PSS if available and supported
+   * @param digestMethodAlgorithm The signature algorithm used for this key group
+   */
+  public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm, Boolean useRsaSsaPss) {
     this.id = id;
     this.keyGroupEntries = keyGroupEntries;
     this.digestMethodAlgorithm = digestMethodAlgorithm;
+    this.useRsaSsaPss = useRsaSsaPss;
+
   }
 
   /**
@@ -83,6 +102,17 @@ public class KeyGroup {
     return id;
   }
 
+  /**
+   * Use RSASSA-PSS algorithm if it's supported by Key-Material.
+   *
+   * @return <code>true</code> if RSASSA-PSS should be used, <code>false</code> if
+   *         it is disabled, or <code>null</code> if it is undefined
+   */
+  public Boolean isUseRsaSsaPass() {
+    return useRsaSsaPss;
+
+  }
+
   /**
    * Return a <code>String</code> representation of this <code>KeyGroup</code>.
    *
@@ -102,7 +132,7 @@ public class KeyGroup {
       }
     }
     return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: "
-        + digestMethodAlgorithm;
+        + digestMethodAlgorithm + useRsaSsaPss != null ? ("RSASSA-PSS: " + useRsaSsaPss) : "";
   }
 
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
index d660c7a..b43ec2f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.iaik.cmssign;
 import java.util.List;
 import java.util.Set;
 
+import org.apache.commons.lang3.StringUtils;
+
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -63,6 +65,20 @@ public class CMSSignatureCreationProfileImpl
   /** Digest Method algorithm */
   private String digestMethod;
   private final boolean isPAdESConform;
+  private final boolean rsaSsaPss;
+
+  public CMSSignatureCreationProfileImpl(
+      Set keySet,
+      String digestMethod,
+      List signedProperties,
+      boolean securityLayerConform,
+      boolean includeData,
+      String mimeType,
+      boolean isPAdESConform) {
+    this(keySet, digestMethod, signedProperties, securityLayerConform, includeData, mimeType,
+        isPAdESConform, true);
+
+  }
 
   /**
    * Create a new <code>XMLSignatureCreationProfileImpl</code>.
@@ -80,7 +96,8 @@ public class CMSSignatureCreationProfileImpl
       boolean securityLayerConform,
       boolean includeData,
       String mimeType,
-      boolean isPAdESConform) {
+      boolean isPAdESConform,
+      boolean rsaSsaPss) {
     this.keySet = keySet;
     this.signedProperties = signedProperties;
     this.securityLayerConform = securityLayerConform;
@@ -88,6 +105,7 @@ public class CMSSignatureCreationProfileImpl
     this.mimeType = mimeType;
     this.digestMethod = digestMethod;
     this.isPAdESConform = isPAdESConform;
+    this.rsaSsaPss = rsaSsaPss;
 
   }
 
@@ -131,11 +149,70 @@ public class CMSSignatureCreationProfileImpl
           null);
     }
 
+    final String selectedSigAlg = selectBestSigAlg(algorithms, selectedKeyID);
+    Logger.trace("Selecting SigAlg: " + selectedSigAlg);
+    return selectedSigAlg;
+
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+   */
+  @Override
+  public List getSignedProperties() {
+    return signedProperties;
+  }
+
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+   */
+  @Override
+  public boolean isSecurityLayerConform() {
+    return securityLayerConform;
+  }
+
+  /**
+   * Sets the security layer conformity.
+   *
+   * @param securityLayerConform <code>true</code>, if the created signature is to
+   *                             be conform to the Security Layer specification.
+   */
+  public void setSecurityLayerConform(boolean securityLayerConform) {
+    this.securityLayerConform = securityLayerConform;
+  }
+
+  public void setDigestMethod(String digestMethod) {
+    this.digestMethod = digestMethod;
+  }
+
+  @Override
+  public String getMimeType() {
+    return mimeType;
+  }
+
+  @Override
+  public boolean includeData() {
+    return this.includeData;
+  }
+
+  @Override
+  public boolean isPAdESConform() {
+    return this.isPAdESConform;
+  }
+
+  private String selectBestSigAlg(Set algorithms, KeyEntryID selectedKeyID) throws AlgorithmUnavailableException {
+    Logger.trace("Key: " + selectedKeyID + " supports signingAlgs: " + StringUtils.join(algorithms, ","));
+
+    // TODO: maybe add support for parameterized RSASSA-PSS
+
     if (digestMethod.compareTo("SHA-1") == 0) {
       Logger.warn(
           "SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
 
-      if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+      if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA_AND_MGF1)) {
+        return SignatureAlgorithms.SHA1_WITH_RSA_AND_MGF1;
+
+      } else if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
         return SignatureAlgorithms.SHA1_WITH_RSA;
 
       } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
@@ -152,7 +229,11 @@ public class CMSSignatureCreationProfileImpl
       }
 
     } else if (digestMethod.compareTo("SHA-256") == 0) {
-      if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+      if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)) {
+
+        return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
+
+      } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
         return SignatureAlgorithms.SHA256_WITH_RSA;
 
       } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
@@ -168,7 +249,10 @@ public class CMSSignatureCreationProfileImpl
             null);
       }
     } else if (digestMethod.compareTo("SHA-384") == 0) {
-      if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+      if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)) {
+        return SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1;
+
+      } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
         return SignatureAlgorithms.SHA384_WITH_RSA;
 
       } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
@@ -184,7 +268,10 @@ public class CMSSignatureCreationProfileImpl
             null);
       }
     } else if (digestMethod.compareTo("SHA-512") == 0) {
-      if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+      if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+        return SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1;
+
+      } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
         return SignatureAlgorithms.SHA512_WITH_RSA;
 
       } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
@@ -205,52 +292,6 @@ public class CMSSignatureCreationProfileImpl
           null,
           null);
     }
-
-  }
-
-  /**
-   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
-   */
-  @Override
-  public List getSignedProperties() {
-    return signedProperties;
-  }
-
-  /**
-   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
-   */
-  @Override
-  public boolean isSecurityLayerConform() {
-    return securityLayerConform;
-  }
-
-  /**
-   * Sets the security layer conformity.
-   *
-   * @param securityLayerConform <code>true</code>, if the created signature is to
-   *                             be conform to the Security Layer specification.
-   */
-  public void setSecurityLayerConform(boolean securityLayerConform) {
-    this.securityLayerConform = securityLayerConform;
-  }
-
-  public void setDigestMethod(String digestMethod) {
-    this.digestMethod = digestMethod;
-  }
-
-  @Override
-  public String getMimeType() {
-    return mimeType;
-  }
-
-  @Override
-  public boolean includeData() {
-    return this.includeData;
-  }
-
-  @Override
-  public boolean isPAdESConform() {
-    return this.isPAdESConform;
   }
 
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 516e3d8..76814a4 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -76,6 +76,7 @@ public class XMLSignatureCreationProfileImpl
   private final IdGenerator propertyIDGenerator;
   /** The selected digest method algorithm if XAdES 1.4.2 is used */
   private final String digestMethodXAdES142;
+  private final boolean rsaSsaPss;
 
   /**
    * Create a new <code>XMLSignatureCreationProfileImpl</code>.
@@ -85,11 +86,12 @@ public class XMLSignatureCreationProfileImpl
    *                           same request.
    * @param reservedIDs        The set of IDs that must not be used while
    *                           generating new IDs.
+   * @param useRsaSsaPss       Use RSASSA-PSS if supported
    */
   public XMLSignatureCreationProfileImpl(
       int createProfileCount,
       Set reservedIDs,
-      String digestMethodXAdES142) {
+      String digestMethodXAdES142, boolean useRsaSsaPss) {
     signatureIDGenerator =
         new IdGenerator("signature-" + createProfileCount, reservedIDs);
     manifestIDGenerator =
@@ -99,6 +101,8 @@ public class XMLSignatureCreationProfileImpl
     propertyIDGenerator =
         new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
     this.digestMethodXAdES142 = digestMethodXAdES142;
+    this.rsaSsaPss = useRsaSsaPss;
+
   }
 
   /**
@@ -175,16 +179,25 @@ public class XMLSignatureCreationProfileImpl
           null);
     }
 
+    // TODO: maybe add support for parameterized RSASSA-PSS
+
     if (digestMethodXAdES142 == null) {
       // XAdES 1.4.2 not enabled - legacy MOA
-      if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
+      if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)
+          || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)
+          || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+        return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
+
+      } else if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
           || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
           || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
           || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
           || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
-          || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+          || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)
+          || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)
+          || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
 
-        return SignatureAlgorithms.SHA1_WITH_RSA;
+        return SignatureAlgorithms.SHA256_WITH_RSA;
       } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
         return SignatureAlgorithms.ECDSA;
       } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
@@ -219,7 +232,10 @@ public class XMLSignatureCreationProfileImpl
         }
 
       } else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
-        if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+        if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)) {
+          return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
+
+        } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
           return SignatureAlgorithms.SHA256_WITH_RSA;
 
         } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
@@ -235,7 +251,10 @@ public class XMLSignatureCreationProfileImpl
               null);
         }
       } else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
-        if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+        if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)) {
+          return SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1;
+
+        } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
           return SignatureAlgorithms.SHA384_WITH_RSA;
 
         } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
@@ -251,7 +270,10 @@ public class XMLSignatureCreationProfileImpl
               null);
         }
       } else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
-        if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+        if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+          return SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1;
+
+        } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
           return SignatureAlgorithms.SHA512_WITH_RSA;
 
         } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 5624f45..4ae1866 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -221,6 +221,7 @@ public class CMSSignatureCreationInvoker {
 
       // get digest algorithm
       final String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
+      final boolean useRsaSsaPss = isRsaSsaPssActive(config, keyGroupID);
 
       // create CMSSignatureCreation profile:
       final CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
@@ -230,7 +231,8 @@ public class CMSSignatureCreationInvoker {
           isSecurityLayerConform,
           includeData,
           mimetype,
-          isPAdESConformRequired);
+          isPAdESConformRequired,
+          useRsaSsaPss);
 
       // create CMSSignature from the CMSSignatureCreationModule
       // build the additionalSignedProperties
@@ -344,13 +346,23 @@ public class CMSSignatureCreationInvoker {
 
   }
 
+  private boolean isRsaSsaPssActive(ConfigurationProvider config, String keyGroupID)
+      throws MOASystemException {
+    final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass();
+    final boolean configUseRsaSsaPss = config.isUseRsaSsaPss();
+    return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss;
+
+  }
+
   private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID)
       throws MOASystemException {
     // get digest method on key group level (if configured)
     final String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm();
+
     // get default digest method (if configured)
     final String configDigestMethod = config.getDigestMethodAlgorithmName();
 
+
     String digestMethod = null;
     if (configDigestMethodKG != null) {
       // if KG specific digest method is configured
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index c097b0c..7585ac7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -191,8 +191,10 @@ public class XMLSignatureCreationProfileFactory {
       }
     }
 
+
     final XMLSignatureCreationProfileImpl profile =
-        new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142);
+        new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142,
+            isRsaSsaPssActive(config, keyGroupID));
 
     // build the transformation supplements
     createTransformsProfiles =
@@ -260,6 +262,14 @@ public class XMLSignatureCreationProfileFactory {
     return profile;
   }
 
+  private boolean isRsaSsaPssActive(ConfigurationProvider config, String keyGroupID)
+      throws MOASystemException {
+    final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass();
+    final boolean configUseRsaSsaPss = config.isUseRsaSsaPss();
+    return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss;
+
+  }
+
   /**
    * Get the <code>List</code> of all <code>CreateTransformsInfoProfile</code>s
    * contained in all the <code>DataObjectInfo</code>s of the given
-- 
cgit v1.2.3


From 9b3e376ece529cdd12a5f406d365d2b711d2141c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 4 Aug 2025 12:12:08 +0200
Subject: refact(core): some code clean-up

---
 .../invoke/CMSSignatureVerificationInvoker.java    | 16 ++++-----
 .../moa/spss/util/CertificateUtils.java            |  2 --
 .../moa/spss/server/service/AxisHandler.java       | 41 +++++-----------------
 3 files changed, 17 insertions(+), 42 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 1a0791b..19b3a12 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -86,7 +86,7 @@ public class CMSSignatureVerificationInvoker {
 
   /**
    * Return the only instance of this class.
-   * 
+   *
    * @return The only instance of this class.
    */
   public static synchronized CMSSignatureVerificationInvoker getInstance() {
@@ -98,7 +98,7 @@ public class CMSSignatureVerificationInvoker {
 
   /**
    * Create a new <code>CMSSignatureVerificationInvoker</code>.
-   * 
+   *
    * Protected to disallow multiple instances.
    */
   protected CMSSignatureVerificationInvoker() {
@@ -106,7 +106,7 @@ public class CMSSignatureVerificationInvoker {
 
   /**
    * Verify a CMS signature.
-   * 
+   *
    * @param request The <code>VerifyCMSSignatureRequest</code> containing the CMS
    *                signature, as well as additional data needed for verification.
    * @return Element A <code>VerifyCMSSignatureResponse</code> containing the
@@ -118,7 +118,7 @@ public class CMSSignatureVerificationInvoker {
 
     final CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(
         request);
-    final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder();
+
     final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
     final LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
     InputStream signature;
@@ -219,7 +219,7 @@ public class CMSSignatureVerificationInvoker {
       }
     }
 
-    final QCSSCDResult qcsscdresult = new QCSSCDResult();
+    final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder();
 
     // build the response: for each signatory add the result to the response
     signatories = request.getSignatories();
@@ -402,8 +402,8 @@ public class CMSSignatureVerificationInvoker {
           i++;
         }
 
-        qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile
-            .isTSLEnabled(), ConfigurationProvider.getInstance());
+        qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(),
+            trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance());
 
         // get signer certificate issuer country code
         issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
@@ -419,7 +419,7 @@ public class CMSSignatureVerificationInvoker {
   /**
    * Get the signed content contained either in the request itself or given as a
    * reference to external data.
-   * 
+   *
    * @param request The <code>VerifyCMSSignatureRequest</code> containing the
    *                signed content (or the reference to the signed content).
    * @return InputStream A stream providing the signed content data, or
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index b7580ac..35dca16 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -204,7 +204,6 @@ public class CertificateUtils {
           // QC evaluation flags
           boolean qc = false;
           boolean qcSourceTSL = false;
-          boolean qcDisallowedFromTSL = false;
 
           // SSCD/QSCD evaluation flags
           boolean sscd = false;
@@ -254,7 +253,6 @@ public class CertificateUtils {
                       TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) {
                 qc = false;
                 qcSourceTSL = false;
-                qcDisallowedFromTSL = true;
                 Logger.info("TSL mark this certificate explicitly as 'NotQualified'!");
 
               }
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index d13492f..8c220ee 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -150,7 +150,7 @@ public class AxisHandler extends BasicHandler {
       soapMessage = msgContext.getCurrentMessage();
 
       Element xmlRequest = null;
-      // log.info(soapMessage.getSOAPPartAsString());
+
       final Element soapPart = DOMUtils.parseDocument(
           new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null)
           .getDocumentElement();
@@ -172,8 +172,9 @@ public class AxisHandler extends BasicHandler {
       }
 
 
-      final TransactionContext context = new TransactionContext(TransactionIDGenerator.nextID(), clientCert,
-          ConfigurationProvider.getInstance(), xmlRequest, null);
+      final TransactionContext context =
+          new TransactionContext(TransactionIDGenerator.nextID(), clientCert,
+              ConfigurationProvider.getInstance(), xmlRequest, null);
 
       String soapAction = request.getHeader(SOAP_ACTION_HEADER);
       if ("\"\"".equals(soapAction)) {
@@ -239,19 +240,6 @@ public class AxisHandler extends BasicHandler {
         info("handler.03", null);
       }
       if (Logger.isTraceEnabled()) {
-        // OutputFormat format = new OutputFormat((Document)
-        // xmlRequest.getOwnerDocument());
-        // format.setLineSeparator("\n");
-        // format.setIndenting(false);
-        // format.setPreserveSpace(true);
-        // format.setOmitXMLDeclaration(false);
-        // format.setEncoding("UTF-8");
-        // ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        // XMLSerializer conSerializer = new XMLSerializer(baos,
-        // format);
-        // conSerializer.serialize(xmlRequest);
-        // Logger.debug(new LogMsg("Request:" + baos.toString()));
-
         final String msg = soapMessage.getSOAPPartAsString();
         Logger.trace(new LogMsg(msg));
       }
@@ -305,24 +293,13 @@ public class AxisHandler extends BasicHandler {
     if (xmlResponse != null) {
       try {
         xmlResponseString = DOMUtils.serializeNode(xmlResponse, true);
-        /*
-         * Soll die Antwort nur \n enthalten, so gibt es 2 Möglichkeiten: 1.) Xalan
-         * Version und xmlResponseString = DOMUtils.serializeNode(xmlResponse, true,
-         * "\n"); 2.) OutputFormat serializerFormat = new OutputFormat((Document)
-         * xmlResponse.getOwnerDocument()); serializerFormat.setLineSeparator("\n");
-         * serializerFormat.setIndenting(false);
-         * serializerFormat.setPreserveSpace(true);
-         * serializerFormat.setOmitXMLDeclaration(true);
-         * serializerFormat.setEncoding("UTF-8"); ByteArrayOutputStream serializedBytes
-         * = new ByteArrayOutputStream(); XMLSerializer serializer = new
-         * XMLSerializer(serializedBytes, serializerFormat);
-         * serializer.serialize(xmlResponse); serializedBytes.close(); xmlResponseString
-         * = serializedBytes.toString("UTF-8");
-         */
         if (Logger.isTraceEnabled()) {
           Logger.trace(new LogMsg(xmlResponseString));
+
         }
+
         soapResponseString = SOAP_PART_PRE + xmlResponseString + SOAP_PART_POST;
+
         // override axis response-message
         msgContext.setResponseMessage(new Message(soapResponseString));
       } catch (final Throwable t) {
@@ -341,8 +318,8 @@ public class AxisHandler extends BasicHandler {
     }
 
     info("handler.04", null);
-    if (Logger.isDebugEnabled()) {
-      Logger.debug(new LogMsg(soapResponseString));
+    if (Logger.isTraceEnabled()) {
+      Logger.trace(new LogMsg(soapResponseString));
     }
     tearDownContexts();
   }
-- 
cgit v1.2.3


From 773535ab90950460f468d2edfc5be396f2776d25 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 6 Aug 2025 08:02:33 +0200
Subject: chore(core): refactor to Java 17  and Servlet-API 6.0

---
 moaSig/build.gradle                                |   5 +++
 moaSig/common/build.gradle                         |  23 +++++++---
 .../gv/egovernment/moaspss/util/Base64Utils.java   |   1 +
 moaSig/moa-asic/build.gradle                       |  10 ++---
 moaSig/moa-sig-lib/build.gradle                    |  49 +++++++++++----------
 .../server/transaction/DeleteableDataSource.java   |   2 +-
 .../server/transaction/TransactionContext.java     |   5 +--
 moaSig/moa-sig/build.gradle                        |  34 +++++++++-----
 moaSig/moa-sig/libs/activation-1.1.jar             | Bin 62983 -> 0 bytes
 moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar          | Bin 1096138 -> 0 bytes
 moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar          | Bin 0 -> 1045637 bytes
 .../moa-sig/libs/jakarta.activation-api-2.1.3.jar  | Bin 0 -> 66514 bytes
 moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar     | Bin 0 -> 236454 bytes
 moaSig/moa-sig/libs/mail-1.4.jar                   | Bin 388826 -> 0 bytes
 .../moa/spss/server/service/AxisHandler.java       |  11 +++--
 .../server/service/CertificateProviderServlet.java |  13 +++---
 .../spss/server/service/ConfigurationServlet.java  |  11 +++--
 .../server/service/SignatureCreationService.java   |   4 +-
 .../server/service/TSLClientStatusServlet.java     |  11 +++--
 .../spss/server/utils/DataHandlerConverter.java    |  49 +++++++++++++++++++++
 .../moa/spss/server/utils/LoggerUtils.java         |  41 +++++++++++++++++
 .../webservice/SignatureCreationService.java       |   8 ++--
 .../webservice/SignatureVerificationService.java   |   6 +--
 moaSig/moa-sig/src/main/resources/logback.xml      |   4 +-
 .../test/integration/CadesIntegrationTest.java     |   4 ++
 25 files changed, 207 insertions(+), 84 deletions(-)
 delete mode 100644 moaSig/moa-sig/libs/activation-1.1.jar
 delete mode 100644 moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar
 create mode 100644 moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar
 create mode 100644 moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar
 create mode 100644 moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar
 delete mode 100644 moaSig/moa-sig/libs/mail-1.4.jar
 create mode 100644 moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java
 create mode 100644 moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java

(limited to 'moaSig/moa-sig-lib/src/main/java')

diff --git a/moaSig/build.gradle b/moaSig/build.gradle
index 3dc1893..ddfa15f 100644
--- a/moaSig/build.gradle
+++ b/moaSig/build.gradle
@@ -25,12 +25,17 @@ allprojects {
     }
 }
 
+configurations.all {
+    exclude group: 'xml-apis', module: 'xml-apis'
+}
+
 subprojects {
     apply plugin: 'java-library'
     apply plugin: 'eclipse'
     apply plugin: 'maven-publish'
 
     dependencies {
+        implementation("org.projectlombok:lombok:1.18.38")
         testImplementation 'junit:junit:4.13.2'
     }
 
diff --git a/moaSig/common/build.gradle b/moaSig/common/build.gradle
index 6054eff..79f1b02 100644
--- a/moaSig/common/build.gradle
+++ b/moaSig/common/build.gradle
@@ -5,14 +5,25 @@ plugins {
 dependencies {
     implementation files('../libs/iaik_jce_full_signed-6.1_moa.jar')
 
-    api 'org.slf4j:slf4j-api:1.7.36'
-    api 'xerces:xercesImpl:2.12.2'
-    api 'xalan:xalan:2.7.1'
-    api 'xalan:serializer:2.7.1'
-    api 'joda-time:joda-time:2.12.7'
-    api 'jaxen:jaxen:1.2.0'
+    api 'org.slf4j:slf4j-api:2.0.17'
+
+    api(group: 'xerces', name: 'xercesImpl', version: '2.12.2') {
+        exclude group: 'xml-apis', module: 'xml-apis'
+    }
+
+    api(group: 'xalan', name: 'xalan', version: '2.7.1') {
+        exclude group: 'xml-apis', module: 'xml-apis'
+    }
+
+    api(group: 'xalan', name: 'serializer', version: '2.7.1') {
+        exclude group: 'xml-apis', module: 'xml-apis'
+    }
+
+    api 'joda-time:joda-time:2.14.0'
+    api 'jaxen:jaxen:2.0.0'
 }
 
+
 java {
     sourceCompatibility = JavaVersion.VERSION_17
     targetCompatibility = JavaVersion.VERSION_17
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java
index 2c9b4c0..a95ee5b 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java
@@ -46,6 +46,7 @@ public class Base64Utils {
    * @param base64String       The <code>String</code> containing the Base64
    *                           encoded bytes.
    * @param ignoreInvalidChars Whether to ignore invalid Base64 characters.
+   * @param encoding           Char encoding that should be used
    * @return byte[] The raw bytes contained in the <code>base64String</code>.
    * @throws IOException Failed to read the Base64 data.
    */
diff --git a/moaSig/moa-asic/build.gradle b/moaSig/moa-asic/build.gradle
index b2b7299..a132b05 100644
--- a/moaSig/moa-asic/build.gradle
+++ b/moaSig/moa-asic/build.gradle
@@ -19,15 +19,15 @@ configurations {
 }
 
 dependencies {
-    jaxb 'com.sun.xml.bind:jaxb-xjc:3.0.2'
-    jaxb 'org.glassfish.jaxb:jaxb-runtime:3.0.2'
+    jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5'
+    jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5'
 
     implementation project(':common')
     implementation project(':moa-sig-lib')
 
-    api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
-    api 'jakarta.xml.ws:jakarta.xml.ws-api:3.0.1'
-    implementation 'org.slf4j:log4j-over-slf4j:1.7.36'
+    api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+    api 'jakarta.xml.ws:jakarta.xml.ws-api:4.0.2'
+    implementation 'org.slf4j:slf4j-api:2.0.17'
 }
 
 sourceSets {
diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle
index ee46ed9..dd3a191 100644
--- a/moaSig/moa-sig-lib/build.gradle
+++ b/moaSig/moa-sig-lib/build.gradle
@@ -17,36 +17,37 @@ distributions {
 
 dependencies {
     implementation project(':common')
-    testImplementation project(path: ':common', configuration: 'testArtifacts')
 
     api fileTree(dir: '../libs', include: ['*.jar'])
     // api fileTree(dir: '../libs_debug', include: ['*.jar'])
 
     api 'at.gv.egovernment.moa.sig:tsl-lib:2.2.0-SNAPSHOT'
-    api 'commons-logging:commons-logging:1.2'
-    api 'commons-io:commons-io:2.16.1'
-    api 'commons-codec:commons-codec:1.16.0'
+    api 'commons-logging:commons-logging:1.3.5'
+    api 'commons-io:commons-io:2.20.0'
+    api 'commons-codec:commons-codec:1.19.0'
     api 'org.apache.axis:axis-jaxrpc:1.4'
-    api 'org.xerial:sqlite-jdbc:3.46.1.0'
-    api 'javax.activation:activation:1.1.1'
-    api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
-    api 'com.sun.xml.bind:jaxb-core:3.0.2'
-    api 'com.sun.xml.bind:jaxb-impl:3.0.2'
-    api 'org.postgresql:postgresql:42.7.1'
-
-    api 'org.apache.pdfbox:pdfbox:2.0.32'
-    api 'org.apache.pdfbox:pdfbox-tools:2.0.32'
-    api 'org.apache.pdfbox:pdfbox-app:2.0.32'
-    api 'org.apache.pdfbox:preflight:2.0.32'
-    api 'org.apache.pdfbox:preflight-app:2.0.32'
-    api 'org.apache.commons:commons-lang3:3.16.0'
-    api 'org.apache.httpcomponents:httpclient-cache:4.5.14'
-    api 'org.slf4j:jcl-over-slf4j:1.7.36'
-
-    testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.10.1'
-    testImplementation 'org.junit.platform:junit-platform-engine:1.10.1'
-    testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.10.1'
-    testImplementation 'ch.qos.logback:logback-classic:1.2.13'
+    api 'org.xerial:sqlite-jdbc:3.50.3.0'
+    api 'jakarta.activation:jakarta.activation-api:2.1.3'
+    api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+    //api 'com.sun.xml.bind:jaxb-core:4.0.5'
+    api 'com.sun.xml.bind:jaxb-impl:4.0.5'
+    api 'org.postgresql:postgresql:42.7.7'
+
+    api 'org.apache.pdfbox:pdfbox:2.0.34'
+    api 'org.apache.pdfbox:pdfbox-tools:2.0.34'
+    api 'org.apache.pdfbox:pdfbox-app:2.0.34'
+    api 'org.apache.pdfbox:preflight:2.0.34'
+    api 'org.apache.pdfbox:preflight-app:2.0.34'
+    api 'org.apache.commons:commons-lang3:3.18.0'
+    api 'org.apache.httpcomponents.client5:httpclient5-cache:5.4.4'
+    api 'org.slf4j:jcl-over-slf4j:2.0.17'
+
+
+    testImplementation project(path: ':common', configuration: 'testArtifacts') 
+    testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.13.4'
+    //testImplementation 'org.junit.platform:junit-platform-engine:1.13.4'
+    testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.13.4'
+    testImplementation 'ch.qos.logback:logback-classic:1.5.18'
 }
 
 tasks.register('releases', Copy) {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
index 335bf68..a60590d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
@@ -1,6 +1,6 @@
 package at.gv.egovernment.moa.spss.server.transaction;
 
-import javax.activation.DataSource;
+import jakarta.activation.DataSource;
 
 public interface DeleteableDataSource extends DataSource {
   void delete();
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
index 5746657..06326a0 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
@@ -33,14 +33,13 @@ import java.util.Iterator;
 import java.util.Map.Entry;
 import java.util.Vector;
 
-import javax.activation.DataSource;
-
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.spss.MOAApplicationException;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moaspss.logging.Logger;
 import iaik.xml.crypto.utils.URI;
+import jakarta.activation.DataSource;
 
 /**
  * Contains information about the current request.
@@ -310,7 +309,7 @@ public class TransactionContext {
             }
 // not available in Axis 1.0 to 1.1
 //	          File f = mmds.getDiskCacheFile();
-//	          if (f!=null) f.delete();	   
+//	          if (f!=null) f.delete();
             if (mmds instanceof DeleteableDataSource) {
               ((DeleteableDataSource) mmds).delete();
             }
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
index eba2e76..edd6aa0 100644
--- a/moaSig/moa-sig/build.gradle
+++ b/moaSig/moa-sig/build.gradle
@@ -17,24 +17,34 @@ configurations {
 }
 
 dependencies {
-    jaxb 'com.sun.xml.bind:jaxb-xjc:3.0.2'
-    jaxb 'org.glassfish.jaxb:jaxb-runtime:3.0.2'
+    jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5'
+    jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5'
 
-    implementation project(':common')
+    implementation project(':common') 
     implementation project(':moa-sig-lib')
     implementation project(':moa-asic')
     implementation fileTree(dir: 'libs', include: ['*.jar'])
-    compileOnly 'javax.servlet:javax.servlet-api:3.1.0'
+    compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0'
     implementation 'commons-discovery:commons-discovery:0.5'
-    implementation 'org.apache.logging.log4j:log4j-1.2-api:2.22.1'
-    implementation 'org.slf4j:log4j-over-slf4j:1.7.36'
-    implementation 'javax.jws:javax.jws-api:1.1'
-    implementation 'ch.qos.logback:logback-classic:1.2.13'
+    implementation 'org.apache.logging.log4j:log4j-1.2-api:2.25.1'
+    implementation 'org.slf4j:log4j-over-slf4j:2.0.17'
+    implementation 'jakarta.jws:jakarta.jws-api:3.0.0'
+    implementation 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+    implementation 'ch.qos.logback:logback-classic:1.5.18'
 
-    testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.10.1'
-    testImplementation 'org.junit.platform:junit-platform-engine:1.10.1'
-    testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.10.1'
-    testImplementation 'ch.qos.logback:logback-classic:1.2.13'
+    implementation("javax.activation:activation:1.1.1")
+    implementation("org.eclipse.angus:angus-mail:2.0.4")
+
+    testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.13.4'
+    //testImplementation 'org.junit.platform:junit-platform-engine:1.13.4'
+    testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.13.4'
+    testImplementation 'ch.qos.logback:logback-classic:1.5.18'
+        
+    testImplementation project(':common')
+    testImplementation project(path: ':common', configuration: 'testArtifacts') 
+    testImplementation project(':moa-sig-lib')
+    testImplementation project(':moa-asic')
+    
 }
 
 sourceSets {
diff --git a/moaSig/moa-sig/libs/activation-1.1.jar b/moaSig/moa-sig/libs/activation-1.1.jar
deleted file mode 100644
index 53f82a1..0000000
Binary files a/moaSig/moa-sig/libs/activation-1.1.jar and /dev/null differ
diff --git a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar
deleted file mode 100644
index 81103be..0000000
Binary files a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar and /dev/null differ
diff --git a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar
new file mode 100644
index 0000000..0935d37
Binary files /dev/null and b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar differ
diff --git a/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar b/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar
new file mode 100644
index 0000000..0d015d5
Binary files /dev/null and b/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar differ
diff --git a/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar b/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar
new file mode 100644
index 0000000..6b36779
Binary files /dev/null and b/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar differ
diff --git a/moaSig/moa-sig/libs/mail-1.4.jar b/moaSig/moa-sig/libs/mail-1.4.jar
deleted file mode 100644
index 3b28b6e..0000000
Binary files a/moaSig/moa-sig/libs/mail-1.4.jar and /dev/null differ
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index 8c220ee..f206167 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -33,8 +33,6 @@ import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 import java.util.Iterator;
 
-import javax.servlet.http.HttpServletRequest;
-
 import org.apache.axis.AxisFault;
 import org.apache.axis.Message;
 import org.apache.axis.MessageContext;
@@ -53,12 +51,15 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionIDGenerator;
+import at.gv.egovernment.moa.spss.server.utils.DataHandlerConverter;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
 import at.gv.egovernment.moaspss.logging.LogMsg;
 import at.gv.egovernment.moaspss.logging.Logger;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 import at.gv.egovernment.moaspss.util.DOMUtils;
+import jakarta.activation.DataHandler;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * An handler that is invoked on each web service request and performs some
@@ -202,7 +203,11 @@ public class AxisHandler extends BasicHandler {
             // content with Object content =
             // attachment.getContent();)
             InputStream is = null;
-            final javax.activation.DataHandler datahandler = attachment.getDataHandler();
+
+            Object dataHandlerObj = attachment.getDataHandler();
+            final DataHandler datahandler = dataHandlerObj instanceof DataHandler
+                ? (DataHandler) dataHandlerObj
+                : DataHandlerConverter.convert((javax.activation.DataHandler) dataHandlerObj);
 
             final int TYPE = 2;
             switch (TYPE) {
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
index bc2c3b6..dee5d90 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
@@ -11,11 +11,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
@@ -25,6 +20,10 @@ import at.gv.egovernment.moaspss.logging.Logger;
 import iaik.server.modules.keys.KeyEntryID;
 import iaik.server.modules.keys.KeyModule;
 import iaik.server.modules.keys.KeyModuleFactory;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  *
@@ -34,7 +33,7 @@ import iaik.server.modules.keys.KeyModuleFactory;
 public class CertificateProviderServlet extends HttpServlet {
 
   /**
-   * 
+   *
    */
   private static final long serialVersionUID = -6907582473072190122L;
 
@@ -46,7 +45,7 @@ public class CertificateProviderServlet extends HttpServlet {
   /**
    * Build the set of <code>KeyEntryID</code>s available to the given
    * <code>keyGroupID</code>.
-   * 
+   *
    * @param keyGroupID The keygroup ID for which the available keys should be
    *                   returned.
    * @return The <code>Set</code> of <code>KeyEntryID</code>s identifying the
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
index 135d652..6127305 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -29,11 +29,6 @@ import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
 import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
@@ -42,6 +37,10 @@ import at.gv.egovernment.moaspss.logging.LogMsg;
 import at.gv.egovernment.moaspss.logging.Logger;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * A servlet to initialize and update the MOA configuration.
@@ -52,7 +51,7 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager;
  */
 public class ConfigurationServlet extends HttpServlet {
   /**
-   * 
+   *
    */
   private static final long serialVersionUID = 8372961105222028696L;
   /** The document type of the HTML to generate. */
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
index 4030883..7973e44 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -63,7 +63,7 @@ public class SignatureCreationService {
 
   /**
    * Handle a <code>CreatePDFSignatureRequest</code>.
-   * 
+   *
    * @param request The <code>CreatePDFSignatureRequest</code> to work on
    *                (contained in the 0th element of the array).
    * @return A <code>CreatePDFSignatureResponse</code> as the only element of the
@@ -152,7 +152,7 @@ public class SignatureCreationService {
 
   /**
    * Handle a <code>CreateXMLSignatureRequest</code>.
-   * 
+   *
    * @param request The <code>CreateXMLSignatureRequest</code> to work on
    *                (contained in the 0th element of the array).
    * @return A <code>CreateXMLSignatureResponse</code> as the only element of the
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java
index 3bf9a37..abdf121 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java
@@ -5,18 +5,17 @@ import java.io.PrintWriter;
 import java.text.MessageFormat;
 import java.util.List;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import at.gv.egovernment.moa.sig.tsl.engine.data.TSLProcessingResultElement;
 import at.gv.egovernment.moa.spss.server.monitoring.ServiceStatusContainer;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 public class TSLClientStatusServlet extends HttpServlet {
 
   /**
-   * 
+   *
    */
   private static final long serialVersionUID = 1L;
 
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java
new file mode 100644
index 0000000..fd11789
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.spss.server.utils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import lombok.experimental.UtilityClass;
+
+/**
+ * Utility to convert javax.activation.DataHandler to jakarta.activation.DataHandler.
+ */
+@UtilityClass
+public class DataHandlerConverter {
+
+    /**
+     * Converts javax.activation.DataHandler to jakarta.activation.DataHandler
+     */
+    public static jakarta.activation.DataHandler convert(javax.activation.DataHandler oldHandler) {
+        if (oldHandler == null) return null;
+
+        javax.activation.DataSource oldSource = oldHandler.getDataSource();
+
+        // Wrap the old javax.activation.DataSource in a jakarta.activation.DataSource
+        jakarta.activation.DataSource newSource = new jakarta.activation.DataSource() {
+            @Override
+            public InputStream getInputStream() throws IOException {
+                return oldSource.getInputStream();
+            }
+
+            @Override
+            public OutputStream getOutputStream() throws IOException {
+                return oldSource.getOutputStream();
+            }
+
+            @Override
+            public String getContentType() {
+                return oldSource.getContentType();
+            }
+
+            @Override
+            public String getName() {
+                return oldSource.getName();
+            }
+        };
+
+        return new jakarta.activation.DataHandler(newSource);
+    }
+}
+
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java
new file mode 100644
index 0000000..78d5039
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.spss.server.utils;
+
+import java.util.Properties;
+
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LogFactory;
+import iaik.logging.LoggerConfig;
+import lombok.experimental.UtilityClass;
+
+/**
+ * Logging helper.
+ */
+@UtilityClass
+public class LoggerUtils {
+
+  /**
+   * Fix {@link iaik.logging.impl.LogSlf4jFactoryImpl}, because it uses
+   * <code>org.slf4j.impl.StaticLoggerBinder</code> which was removed since v
+   * 1.5.x.
+   */
+  public static void fixLoggerFactory() {
+    LogFactory.configure(new LoggerConfig() {
+
+      @Override
+      public Properties getProperties() throws LogConfigurationException {
+        return null;
+      }
+
+      @Override
+      public String getNodeId() {
+        return null;
+      }
+
+      @Override
+      public String getFactory() {
+        return "iaik.logging.impl.OwnLogSlf4jFactoryImpl";
+      }
+    });
+  }
+
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java
index bf06ff6..4b91ec1 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java
@@ -1,8 +1,8 @@
 package at.gv.egovernment.moa.spss.server.webservice;
 
-import javax.jws.WebMethod;
-import javax.jws.WebParam;
-import javax.jws.WebService;
+import jakarta.jws.WebMethod;
+import jakarta.jws.WebParam;
+import jakarta.jws.WebService;
 
 @WebService(name = "SignatureCreationService",
     targetNamespace = "http://reference.e-government.gv.at/namespace/moa/20151109#")
@@ -24,7 +24,7 @@ public interface SignatureCreationService {
    * @WebMethod(action = "PDFSignatureCreate", operationName =
    * "PDFSignatureCreate") public at.gv.egiz.moasig.CreatePDFSignatureResponseType
    * createPDFSignature(
-   * 
+   *
    * @WebParam(name = "CreatePDFSignatureRequest")
    * at.gv.egiz.moasig.CreatePDFSignatureRequest createPDFSignatureRequest) throws
    * Exception;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java
index ca30650..d8aa9b6 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java
@@ -1,8 +1,8 @@
 package at.gv.egovernment.moa.spss.server.webservice;
 
-import javax.jws.WebMethod;
-import javax.jws.WebParam;
-import javax.jws.WebService;
+import jakarta.jws.WebMethod;
+import jakarta.jws.WebParam;
+import jakarta.jws.WebService;
 
 @WebService(name = "SignatureVerificationService",
     targetNamespace = "http://reference.e-government.gv.at/namespace/moa/20151109#")
diff --git a/moaSig/moa-sig/src/main/resources/logback.xml b/moaSig/moa-sig/src/main/resources/logback.xml
index 0012e81..0afb5cc 100644
--- a/moaSig/moa-sig/src/main/resources/logback.xml
+++ b/moaSig/moa-sig/src/main/resources/logback.xml
@@ -12,7 +12,7 @@
     <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
     <File>${catalina.base}/logs/moa-spss.log</File>
     <encoder>
-      <pattern>logback | %5p | %d{dd HH:mm:ss,SSS} | %C{1} | %20c | %10t | %m%n</pattern>
+      <pattern>%5p | %d{dd HH:mm:ss.SSS} | %C{1} | %20c | %10t | %m%n</pattern>
     </encoder>
     <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
       <maxIndex>10</maxIndex>
@@ -24,7 +24,7 @@
   </appender>
   <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
     <encoder>
-      <pattern>logback | %5p | %d{dd HH:mm:ss,SSS} | %C{1} | %20c | %10t | %m%n</pattern>
+      <pattern>%5p | %d{dd HH:mm:ss.SSS} | %C{1} | %20c | %10t | %m%n</pattern>
     </encoder>
   </appender>
   <logger name="moa.spss.server" level="info">
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java
index 191bed9..a88873a 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
 import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker;
 import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.utils.LoggerUtils;
 import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory;
 import at.gv.egovernment.moaspss.util.DOMUtils;
 import iaik.pki.Configurator;
@@ -52,6 +53,9 @@ public class CadesIntegrationTest extends AbstractIntegrationTest {
   @BeforeClass
   public static void classInitializer() throws IOException, ConfigurationException,
       NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+    LoggerUtils.fixLoggerFactory();
+
     jvmStateReset();
 
     final String current = new java.io.File(".").getCanonicalPath();
-- 
cgit v1.2.3


From f8c9612785af22c55c05708c985c6e7345123c50 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 17 Sep 2025 16:55:00 +0200
Subject: chore(core): update IAIK libs

---
 moaSig/libs/iaik_cpades-2.4_moa.jar                | Bin 130134 -> 0 bytes
 moaSig/libs/iaik_cpades_2.5_moa.jar                | Bin 0 -> 197841 bytes
 moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar          | Bin 0 -> 139405 bytes
 moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar            | Bin 139388 -> 0 bytes
 moaSig/libs/iaik_moa-2.09.jar                      | Bin 530620 -> 0 bytes
 moaSig/libs/iaik_moa-2.10.jar                      | Bin 0 -> 535931 bytes
 moaSig/libs/iaik_pki_module-2.03_moa.jar           | Bin 629542 -> 0 bytes
 moaSig/libs/iaik_pki_module-2.04_moa.jar           | Bin 0 -> 632493 bytes
 moaSig/libs/iaik_sva-1.2.0.jar                     | Bin 157685 -> 0 bytes
 moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar            | Bin 0 -> 178199 bytes
 .../invoke/XMLSignatureVerificationInvoker.java    |  59 +++++++++------------
 moaSig/moa-sig/build.gradle                        |   5 +-
 .../test/integration/AbstractIntegrationTest.java  |  29 +++++-----
 .../test/integration/PadesIntegrationTest.java     |  23 ++++++--
 .../test/integration/XadesIntegrationTest.java     |  44 ++++++++-------
 15 files changed, 86 insertions(+), 74 deletions(-)
 delete mode 100644 moaSig/libs/iaik_cpades-2.4_moa.jar
 create mode 100644 moaSig/libs/iaik_cpades_2.5_moa.jar
 create mode 100644 moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar
 delete mode 100644 moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar
 delete mode 100644 moaSig/libs/iaik_moa-2.09.jar
 create mode 100644 moaSig/libs/iaik_moa-2.10.jar
 delete mode 100644 moaSig/libs/iaik_pki_module-2.03_moa.jar
 create mode 100644 moaSig/libs/iaik_pki_module-2.04_moa.jar
 delete mode 100644 moaSig/libs/iaik_sva-1.2.0.jar
 create mode 100644 moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar

(limited to 'moaSig/moa-sig-lib/src/main/java')

diff --git a/moaSig/libs/iaik_cpades-2.4_moa.jar b/moaSig/libs/iaik_cpades-2.4_moa.jar
deleted file mode 100644
index 300c215..0000000
Binary files a/moaSig/libs/iaik_cpades-2.4_moa.jar and /dev/null differ
diff --git a/moaSig/libs/iaik_cpades_2.5_moa.jar b/moaSig/libs/iaik_cpades_2.5_moa.jar
new file mode 100644
index 0000000..1c15eec
Binary files /dev/null and b/moaSig/libs/iaik_cpades_2.5_moa.jar differ
diff --git a/moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar b/moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar
new file mode 100644
index 0000000..2d16719
Binary files /dev/null and b/moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar differ
diff --git a/moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar b/moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar
deleted file mode 100644
index e67be71..0000000
Binary files a/moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar and /dev/null differ
diff --git a/moaSig/libs/iaik_moa-2.09.jar b/moaSig/libs/iaik_moa-2.09.jar
deleted file mode 100644
index a73a348..0000000
Binary files a/moaSig/libs/iaik_moa-2.09.jar and /dev/null differ
diff --git a/moaSig/libs/iaik_moa-2.10.jar b/moaSig/libs/iaik_moa-2.10.jar
new file mode 100644
index 0000000..7a659c4
Binary files /dev/null and b/moaSig/libs/iaik_moa-2.10.jar differ
diff --git a/moaSig/libs/iaik_pki_module-2.03_moa.jar b/moaSig/libs/iaik_pki_module-2.03_moa.jar
deleted file mode 100644
index a017fe6..0000000
Binary files a/moaSig/libs/iaik_pki_module-2.03_moa.jar and /dev/null differ
diff --git a/moaSig/libs/iaik_pki_module-2.04_moa.jar b/moaSig/libs/iaik_pki_module-2.04_moa.jar
new file mode 100644
index 0000000..8732262
Binary files /dev/null and b/moaSig/libs/iaik_pki_module-2.04_moa.jar differ
diff --git a/moaSig/libs/iaik_sva-1.2.0.jar b/moaSig/libs/iaik_sva-1.2.0.jar
deleted file mode 100644
index a9d3824..0000000
Binary files a/moaSig/libs/iaik_sva-1.2.0.jar and /dev/null differ
diff --git a/moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar b/moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar
new file mode 100644
index 0000000..4bb8326
Binary files /dev/null and b/moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar differ
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index b97cc95..2973b36 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -110,34 +110,27 @@ import iaik.xml.crypto.utils.URIException;
 public class XMLSignatureVerificationInvoker {
 
   /** The single instance of this class. */
-  private static XMLSignatureVerificationInvoker instance = null;
+  private static final XMLSignatureVerificationInvoker INSTANCE = new XMLSignatureVerificationInvoker();
 
-  private static Set FILTERED_REF_TYPES;
-
-  static {
-    FILTERED_REF_TYPES = new HashSet();
-    FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
-    FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
-    FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
-    FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
-    FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
-  }
+  private static final Set<String> FILTERED_REF_TYPES = Set.of(
+      DsigManifest.XML_DSIG_MANIFEST_TYPE,
+      SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE,
+      SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD,
+      XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties",
+      "http://uri.etsi.org/01903#SignedProperties");
 
   /**
    * Get the single instance of this class.
-   * 
+   *
    * @return The single instance of this class.
    */
-  public static synchronized XMLSignatureVerificationInvoker getInstance() {
-    if (instance == null) {
-      instance = new XMLSignatureVerificationInvoker();
-    }
-    return instance;
+  public static XMLSignatureVerificationInvoker getInstance() {
+    return INSTANCE;
   }
 
   /**
    * Create a new <code>XMLSignatureCreationInvoker</code>.
-   * 
+   *
    * Protected to disallow multiple instances.
    */
   protected XMLSignatureVerificationInvoker() {
@@ -146,8 +139,8 @@ public class XMLSignatureVerificationInvoker {
   /**
    * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
    * <code>XMLSignatureVerificationModule</code>.
-   * 
-   * @param request A <code>VerifyXMLSignatureRequest<code> API object 
+   *
+   * @param request A <code>VerifyXMLSignatureRequest<code> API object
    * containing the data for verifying an XML signature.
    * &#64;return A <code>VerifyXMLSignatureResponse</code> containing the answert
    *                to the <code>VerifyXMLSignatureRequest</code>. MOA schema
@@ -307,16 +300,16 @@ public class XMLSignatureVerificationInvoker {
   /**
    * Checks if the signer certificate matches one of the allowed signer
    * certificates specified in the provided <code>trustProfile</code>.
-   * 
+   *
    * @param result       The result produced by the
    *                     <code>XMLSignatureVerificationModule</code>.
-   * 
+   *
    * @param trustProfile The trust profile the signer certificate is validated
    *                     against.
-   * 
+   *
    * @return The overal result of the certificate validation for the signer
    *         certificate.
-   * 
+   *
    * @throws MOAException if one of the signer certificates specified in the
    *                      <code>trustProfile</code> cannot be read from the file
    *                      system.
@@ -392,7 +385,7 @@ public class XMLSignatureVerificationInvoker {
   /**
    * Select the <code>dsig:Signature</code> DOM element within the signature
    * environment.
-   * 
+   *
    * @param signatureEnvironment The signature environment containing the
    *                             <code>dsig:Signature</code>.
    * @param request              The <code>VerifyXMLSignatureRequest</code>
@@ -425,7 +418,7 @@ public class XMLSignatureVerificationInvoker {
   /**
    * Build the supplemental data objects contained in the
    * <code>VerifyXMLSignatureRequest</code>.
-   * 
+   *
    * @param supplements A <code>List</code> of
    *                    <code>XMLDataObjectAssociation</code>s containing the
    *                    supplement data.
@@ -458,7 +451,7 @@ public class XMLSignatureVerificationInvoker {
   /**
    * Get the supplemental data contained in the
    * <code>VerifyXMLSignatureRequest</code>.
-   * 
+   *
    * @param request The <code>VerifyXMLSignatureRequest</code> containing the
    *                supplemental data.
    * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> objects
@@ -490,7 +483,7 @@ public class XMLSignatureVerificationInvoker {
   /**
    * Perform additional validations of the
    * <code>XMLSignatureVerificationResult</code>.
-   * 
+   *
    * <p>
    * In particular, it is verified that:
    * <ul>
@@ -500,7 +493,7 @@ public class XMLSignatureVerificationInvoker {
    * <li>The hash values of the <code>TransformParameter</code>s are valid.</li>
    * </ul>
    * </p>
-   * 
+   *
    * @param request The <code>VerifyXMLSignatureRequest</code> containing the
    *                signature to verify.
    * @param result  The result produced by
@@ -605,7 +598,7 @@ public class XMLSignatureVerificationInvoker {
    * Get all <code>Transform</code>s contained in all the
    * <code>VerifyTransformsInfoProfile</code>s of the given
    * <code>ReferenceInfo</code>.
-   * 
+   *
    * @param refInfo The <code>ReferenceInfo</code> object containing the
    *                transformations.
    * @return A <code>List</code> of <code>List</code>s. Each of the
@@ -637,7 +630,7 @@ public class XMLSignatureVerificationInvoker {
 
   /**
    * Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
-   * 
+   *
    * @param transformParameters The <code>List</code> of
    *                            <code>TransformParameter</code>s, as provided to
    *                            the verification.
@@ -658,7 +651,7 @@ public class XMLSignatureVerificationInvoker {
   /**
    * Build a mapping between <code>TransformParameter</code> URIs (a
    * <code>String</code> and <code>dsig:HashValue</code> (a <code>byte[]</code>).
-   * 
+   *
    * @param request The <code>VerifyXMLSignatureRequest</code>.
    * @return Map The resulting mapping.
    * @throws MOAApplicationException An error occurred accessing one of the
@@ -703,7 +696,7 @@ public class XMLSignatureVerificationInvoker {
    * Filter the <code>ReferenceInfo</code>s returned by the
    * <code>VerifyXMLSignatureResult</code> for comparison with the
    * <code>ReferenceInfo</code> elements in the request.
-   * 
+   *
    * @param referenceInfos The <code>ReferenceInfo</code>s from the
    *                       <code>VerifyXMLSignatureResult</code>.
    * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type is
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
index 21bdb2c..1887479 100644
--- a/moaSig/moa-sig/build.gradle
+++ b/moaSig/moa-sig/build.gradle
@@ -21,18 +21,19 @@ dependencies {
     jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5'
     jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5'
 
+	compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0'
+
     implementation project(':common')
     implementation project(':moa-sig-lib')
     implementation project(':moa-asic')
     implementation fileTree(dir: 'libs', include: ['*.jar'])
-    compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0'
+    
     implementation 'commons-discovery:commons-discovery:0.5'
     implementation 'org.apache.logging.log4j:log4j-1.2-api:2.25.1'
     implementation 'org.slf4j:log4j-over-slf4j:2.0.17'
     implementation 'jakarta.jws:jakarta.jws-api:3.0.0'
     implementation 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
     implementation 'ch.qos.logback:logback-classic:1.5.18'
-
     implementation 'javax.activation:activation:1.1.1'
     implementation 'org.eclipse.angus:angus-mail:2.0.4'
 
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java
index 1ee071a..92749b0 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java
@@ -37,7 +37,6 @@ import at.gv.egovernment.moaspss.util.Constants;
 import iaik.esi.sva.ConfigurationAdapter;
 import iaik.pki.Configurator;
 import iaik.pki.PKIFactory;
-import iaik.pki.store.certstore.CertStoreFactory;
 import iaik.pki.store.truststore.TrustStoreFactory;
 
 public abstract class AbstractIntegrationTest {
@@ -57,9 +56,9 @@ public abstract class AbstractIntegrationTest {
 
     System.setProperty("moa.spss.server.configuration", "");
     System.setProperty("iaik.esi.sva.configuration.location", "");
-    
+
     TrustStoreFactory.reset();
-    
+
     // reset TSL client
     final Field field1 = TSLServiceFactory.class.getDeclaredField("tslClient");
     field1.setAccessible(true);
@@ -68,32 +67,32 @@ public abstract class AbstractIntegrationTest {
     final Field field5 = SQLiteDBService.class.getDeclaredField("conn");
     field5.setAccessible(true);
     field5.set(null, null);
-    
+
     final Field field6 = DatabaseServiceFactory.class.getDeclaredField("dbServices");
     field6.setAccessible(true);
     field6.set(null, null);
-            
+
     // reset MOA-SPSS configuration object
     final Field field2 = ConfigurationProvider.class.getDeclaredField("instance");
     field2.setAccessible(true);
     field2.set(null, null);
-    
+
     final Field field8 = TransactionContextManager.class.getDeclaredField("instance");
     field8.setAccessible(true);
     field8.set(null, null);
-    
+
     // reset PKI module configuration
     resetClassState(PKIFactory.class, "instance_", null);
 
     // reset IAIK MOA configuration
     resetClassState(Configurator.class, "C", false);
-    
+
     //reset ESI-SVA configuration
     resetClassState(ConfigurationAdapter.class, "a", null);
-    resetClassState(ConfigurationAdapter.class, "instance", null);
+    // resetClassState(ConfigurationAdapter.class, "instance", null);
     //resetClassState(ConfigurationAdapter.class, "config", null);
     //resetClassState(ConfigurationAdapter.class, "libraryConfig", null);
-    
+
   }
 
   private static void resetClassState(Class clazz, String fieldName, Object value) {
@@ -101,16 +100,16 @@ public abstract class AbstractIntegrationTest {
       Field field7 = clazz.getDeclaredField(fieldName);
       if (field7 != null) {
         field7.setAccessible(true);
-        field7.set(null, value);       
+        field7.set(null, value);
       }
-      
+
     } catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) {
       e.printStackTrace();
     }
-    
+
   }
-  
-  
+
+
   protected VerifyXMLSignatureRequest buildVerifyXmlRequest(final byte[] signature,
       final String trustProfileID, boolean extValFlag,
       final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation,
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
index 0c7bb63..16037d6 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
@@ -32,19 +32,33 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
 import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
 import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.utils.LoggerUtils;
 import at.gv.egovernment.moa.spss.test.integration.utils.CertificateReader;
+import iaik.pki.KeyUsageParam;
+import iaik.pki.KeyUsageParams;
 import iaik.pki.PKIFactory;
 import iaik.pki.PKIModule;
 import iaik.x509.X509Certificate;
+import iaik.x509.extensions.KeyUsage;
 
 @RunWith(BlockJUnit4ClassRunner.class)
 public class PadesIntegrationTest extends AbstractIntegrationTest {
 
+  public static boolean[] KEY_USAGE;
+
+  static {
+    KeyUsage usage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation);
+    KEY_USAGE = usage.getBooleanArray();
+  }
+
   CMSSignatureVerificationInvoker cadesInvoker;
 
   @BeforeClass
   public static void classInitializer() throws IOException, ConfigurationException,
       NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+    LoggerUtils.fixLoggerFactory();
+
     jvmStateReset();
 
     final String current = new java.io.File(".").getCanonicalPath();
@@ -252,7 +266,6 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
 
   }
 
-  @Ignore
   @Test
   public void pkixTest() throws Exception {
     final String current = new java.io.File(".").getCanonicalPath();
@@ -261,14 +274,16 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
     PKIModule pkiModule = PKIFactory.getInstance().getPKIModule(
         new PKIProfileImpl(ConfigurationProvider.getInstance(), "MOAIDBuergerkarteAuthentisierungsDaten"));
 
-    //KeyUsageParams keyUsage = new KeyUsageParams();
-    //keyUsage.addParam(new KeyUsageParam((boolean[]) null, KeyUsageParam.STRICT));
+    KeyUsageParams keyUsage = new KeyUsageParams();
+    keyUsage.addParam(new KeyUsageParam(KEY_USAGE, KeyUsageParam.STRICT));
 
     pkiModule.validateCertificate(
         new Date(),
         chain[0],
         ArrayUtils.subarray(chain, 1, chain.length),
-        (boolean[]) null,
+        //(boolean[]) null,
+        // keyUsage,
+        null,
         new TransactionId("aabbccdd"));
 
     System.out.print("Finished");
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java
index ebbc334..3f413c3 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
 import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
 import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker;
 import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.utils.LoggerUtils;
 import at.gv.egovernment.moaspss.util.DOMUtils;
 
 @RunWith(BlockJUnit4ClassRunner.class)
@@ -46,10 +47,13 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
   XMLSignatureCreationInvoker xadesSignInvoker;
 
   @BeforeClass
-  public static void classInitializer() throws IOException, ConfigurationException, 
+  public static void classInitializer() throws IOException, ConfigurationException,
       NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+    LoggerUtils.fixLoggerFactory();
+
     jvmStateReset();
-    
+
     final String current = new java.io.File(".").getCanonicalPath();
     System.setProperty("moa.spss.server.configuration",
         current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
@@ -166,27 +170,27 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
     assertEquals("used sig alg", "SHA256withRSA", result.getSignatureAlgorithm());
 
   }
-  
+
   @Test
   public void simpleXmlSignature() throws MOAException, ParserConfigurationException, SAXException, IOException, TransformerException {
     // build request
     Element xml = DOMUtils.parseXmlNonValidating(
         CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_1.xml"));
     CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml);
-    
+
     // create signature
     CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET);
-    
-    
+
+
     // verify response
     assertNotNull("xadesResp", xmlResp);
     assertNotNull("xadesResp elements", xmlResp.getResponseElements());
     assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty());
-    
-    SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);   
+
+    SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
     assertNotNull("signed xml", signedXml.getSignatureEnvironment());
-    
-    
+
+
     // verify signature
     final VerifyXMLSignatureRequest request = buildVerifyXmlRequest(
           DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(),
@@ -199,7 +203,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
       assertNotNull("verification result", result);
       assertEquals("sigCode", 0, result.getSignatureCheck().getCode());
       assertEquals("certCode", 0, result.getCertificateCheck().getCode());
-    
+
   }
 
   @Test
@@ -208,20 +212,20 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
     Element xml = DOMUtils.parseXmlNonValidating(
         CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_2.xml"));
     CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml);
-    
+
     // create signature
     CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET);
-    
-    
+
+
     // verify response
     assertNotNull("xadesResp", xmlResp);
     assertNotNull("xadesResp elements", xmlResp.getResponseElements());
     assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty());
-    
-    SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);   
+
+    SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
     assertNotNull("signed xml", signedXml.getSignatureEnvironment());
-    
-    
+
+
     // verify signature
     final VerifyXMLSignatureRequest request = buildVerifyXmlRequest(
           DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(),
@@ -234,7 +238,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
       assertNotNull("verification result", result);
       assertEquals("sigCode", 0, result.getSignatureCheck().getCode());
       assertEquals("certCode", 0, result.getCertificateCheck().getCode());
-    
+
   }
-  
+
 }
-- 
cgit v1.2.3


From 3776bd908568cf4612fa80e1ab4b576a2585fbf7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 18 Sep 2025 09:07:19 +0200
Subject: chore(core): remove deprecated API calls and fix JavaDoc

---
 .../at/gv/egovernment/moaspss/util/DOMUtils.java   | 20 -------------
 .../gv/egovernment/moaspss/util/KeyStoreUtils.java |  2 +-
 .../egovernment/moaspss/util/MOAErrorHandler.java  |  4 +--
 .../at/gv/egovernment/moaspss/util/MOATimer.java   |  4 +--
 .../VerifyASICSignatureResponseBuilder.java        |  3 +-
 .../gv/egovernment/moa/spss/api/SPSSFactory.java   | 13 ++++-----
 ...ateSignatureEnvironmentProfileExplicitImpl.java |  2 +-
 .../spss/api/impl/VerifyTransformsDataImpl.java    |  2 +-
 .../moa/spss/api/xmlbind/RequestParserUtils.java   | 19 +++++++------
 .../moa/spss/api/xmlbind/ResponseBuilderUtils.java |  2 +-
 .../xmlbind/VerifyCMSSignatureRequestParser.java   |  2 +-
 .../spss/server/config/CRLDistributionPoint.java   | 33 +++++++++++-----------
 .../server/config/ConfigurationPartsBuilder.java   | 12 ++++----
 .../cmssign/CMSSignatureCreationProfileImpl.java   | 19 +++++++++----
 .../moa/spss/server/iaik/config/CRLRetriever.java  |  1 -
 .../iaik/config/DataBaseArchiveParameterImpl.java  |  4 ---
 .../store/truststore/TrustStoreProfileImpl.java    |  7 ++---
 .../invoke/CMSSignatureVerificationInvoker.java    |  2 +-
 .../invoke/CreateCMSSignatureResponseBuilder.java  | 14 ++++-----
 .../invoke/VerifyCMSSignatureResponseBuilder.java  | 31 +++++++++++++-------
 .../invoke/VerifyXMLSignatureResponseBuilder.java  |  2 +-
 .../invoke/XMLSignatureVerificationInvoker.java    |  6 ++--
 .../egovernment/moa/spss/util/AdESResultUtils.java | 10 +++----
 .../moa/spss/util/ExternalURIVerifier.java         |  4 +--
 .../spss/server/service/ConfigurationServlet.java  |  6 ----
 25 files changed, 105 insertions(+), 119 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java')

diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java
index 2f96196..86d2e54 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java
@@ -315,26 +315,6 @@ public class DOMUtils {
    *
    * @param inputStream                       The <code>InputStream</code>
    *                                          containing the XML document.
-   * @param validating                        If <code>true</code>, parse
-   *                                          validating.
-   * @param externalSchemaLocations           A <code>String</code> containing
-   *                                          namespace URI to schema location
-   *                                          pairs, the same way it is accepted
-   *                                          by the <code>xsi:
-   * schemaLocation</code>                 attribute.
-   * @param externalNoNamespaceSchemaLocation The schema location of the schema
-   *                                          for elements without a namespace,
-   *                                          the same way it is accepted by the
-   *                                          <code>xsi:noNamespaceSchemaLocation</code>
-   *                                          attribute.
-   * @param entityResolver                    An <code>EntityResolver</code> to
-   *                                          resolve external entities (schemas
-   *                                          and DTDs). If <code>null</code>, it
-   *                                          will not be set.
-   * @param errorHandler                      An <code>ErrorHandler</code> to
-   *                                          decide what to do with parsing
-   *                                          errors. If <code>null</code>, it
-   *                                          will not be set.
    * @return The parsed XML document as a DOM tree.
    * @throws SAXException                 An error occurred parsing the document.
    * @throws IOException                  An error occurred reading the document.
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java
index f62b82a..94ecc8b 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java
@@ -202,7 +202,7 @@ public class KeyStoreUtils {
   /**
    * Loads a keyStore without knowing the keyStore type
    *
-   * @param in       input stream
+   * @param is       input stream
    * @param password Password protecting the keyStore
    * @return keyStore loaded
    * @throws KeyStoreException     thrown if keyStore cannot be loaded
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java
index f4acabf..2ab55a2 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java
@@ -113,8 +113,8 @@ public class MOAErrorHandler extends DefaultErrorHandler {
     return new Object[] {
         e.getMessage(),
         e.getSystemId(),
-        new Integer(e.getLineNumber()),
-        new Integer(e.getColumnNumber()) };
+        Integer.valueOf(e.getLineNumber()),
+        Integer.valueOf(e.getColumnNumber()) };
   }
 
 }
\ No newline at end of file
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java
index 591495a..13133ea 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java
@@ -70,7 +70,7 @@ public class MOATimer {
    * @param id The action ID.
    */
   public void startTiming(Object id) {
-    timemapstart.put(id, new Long(System.currentTimeMillis()));
+    timemapstart.put(id, Long.valueOf(System.currentTimeMillis()));
   }
 
   /**
@@ -79,7 +79,7 @@ public class MOATimer {
    * @param id The action ID.
    */
   public void stopTiming(Object id) {
-    timemapend.put(id, new Long(System.currentTimeMillis()));
+    timemapend.put(id, Long.valueOf(System.currentTimeMillis()));
   }
 
   /**
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
index 34744ef..02fbeb2 100644
--- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
@@ -74,8 +74,7 @@ public class VerifyASICSignatureResponseBuilder {
    * element being the XML representation of the given
    * <code>VerifyCMSSignatureResponse</code> API object.
    *
-   * @param response The <code>VerifyCMSSignatureResponse</code> to convert to
-   *                 XML.
+   * @param results The <code>VerifyCMSSignatureResponse</code> to convert to XML.
    * @return A document containing the <code>VerifyCMSSignatureResponse</code> DOM
    *         element.
    * @throws MOAApplicationException An error occurred building the response.
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index d0be7d5..5d378ce 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -316,7 +316,7 @@ public abstract class SPSSFactory {
    * @param profileID The profile ID to resolve during signature creation.
    * @return The <code>CreateSignatureEnvironmentProfile</code> containing the
    *         given profile ID.
-   * 
+   *
    * @pre profileID != null && profileID.length() > 0
    * @post return != null
    */
@@ -398,8 +398,7 @@ public abstract class SPSSFactory {
   /**
    * Create a new <code>SignatureEnvironmentResponse</code> object.
    *
-   * @param signatureEnvironment The signature environment containing the
-   *                             signature.
+   * @param base64value Signature as Base64 encoded data
    * @return The <code>SignatureEnvironmentResponse</code> containing the
    *         <code>signatureEnvironment</code>.
    *
@@ -959,15 +958,15 @@ public abstract class SPSSFactory {
 
   /**
    * Create a new <code>Content</code> object containing location reference data.
-   * 
+   *
    * @param locationReferenceURI a URI pointing to the actual remote location of
    *                             the content.
-   * 
+   *
    * @param referenceURI         An URI identifying the data. May be
    *                             <code>null</code>.
-   * 
+   *
    * @return The <code>Content</code> object containing the data.
-   * 
+   *
    * @pre locationReferenceURI != null
    * @post return != null
    */
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
index 3d5279f..ab73c22 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
 
 /**
  * Default implementation of
- * <codeCreateSignatureEnvironmentProfileExplicit</code>.
+ * <code>CreateSignatureEnvironmentProfileExplicit</code>.
  *
  * @author Patrick Peck
  * @version $Id$
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
index d1eebca..ed6f449 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
@@ -30,7 +30,7 @@ import java.util.List;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
 
 /**
- * Default implementation of <codeReferenceInfo</code>.
+ * Default implementation of <code>ReferenceInfo</code>.
  *
  * @author Fatemeh Philippi
  * @version $Id$
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
index 173ecbf..571977e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
@@ -62,7 +62,7 @@ public class RequestParserUtils {
 
   /**
    * Parse a <code>XMLDataObjectAssociationType</code> kind of DOM element.
-   * 
+   *
    * @param assocElem The <code>XMLDataObjectAssociationType</code> kind of DOM
    *                  elmeent to parse.
    * @return The <code>XMLDataObjectAssociation</code> API object containing the
@@ -79,7 +79,7 @@ public class RequestParserUtils {
 
   /**
    * Parse a <code>MetaInfoType</code> kind of DOM element.
-   * 
+   *
    * @param metaInfoElem The <code>MetaInfoType</code> kind of DOM element.
    * @return The <code>MetaInfo</code> API object containing the data from the
    *         <code>metaInfoElem</code>.
@@ -97,7 +97,7 @@ public class RequestParserUtils {
   /**
    * Parse a <code>ContentOptionalRefType</code> or
    * <code>ContentRequiredRefType</code> kind of DOM element.
-   * 
+   *
    * @param contentParentElem The DOM element being the parent of the content
    *                          element.
    * @return The <code>Content</code> API object containing the data from the
@@ -127,7 +127,7 @@ public class RequestParserUtils {
 
   /**
    * Get the signing time from a Verfiy(CMS|XML)SignatureRequest.
-   * 
+   *
    * @param requestElem   A <code>Verify(CMS|XML)SignatureRequest</code> DOM
    *                      element.
    * @param dateTimeXPath The XPath to lookup the <code>DateTime</code> element
@@ -162,11 +162,12 @@ public class RequestParserUtils {
 
   /**
    * Get the signing time from a Verfiy(CMS|XML)SignatureRequest.
-   * 
-   * @param requestElem   A <code>Verify(CMS|XML)SignatureRequest</code> DOM
-   *                      element.
-   * @param dateTimeXPath The XPath to lookup the <code>DateTime</code> element
-   *                      within the request.
+   *
+   * @param requestElem             A <code>Verify(CMS|XML)SignatureRequest</code>
+   *                                DOM element.
+   * @param extendedValidationXPath The XPath to lookup the <code>DateTime</code>
+   *                                element within the request.
+   * @param defaultValue            Default value if XPath value is null or empty
    * @return Date The date and time corresponding to the <code>DateTime</code>
    *         element in the request. If no <code>DateTime</code> element exists in
    *         the request, <code>null</code> is returned.
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 1156aa1..daf3802 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -499,7 +499,7 @@ public class ResponseBuilderUtils {
    *                    element.
    * @param elementName The name of the newly created element.
    * @param code        The content of the <code>Code</code> subelement.
-   * @param info        The content of the <code>Info</code> subelement.
+   * @param name        The content of the <code>Info</code> subelement.
    */
   public static void addFormCheckElement(
       Document response,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index bcab978..1279d73 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -171,7 +171,7 @@ public class VerifyCMSSignatureRequestParser {
       // put the signatories into a List
       while (tokenizer.hasMoreTokens()) {
         try {
-          signatoriesList.add(new Integer(tokenizer.nextToken()));
+          signatoriesList.add(Integer.valueOf(tokenizer.nextToken()));
         } catch (final NumberFormatException e) {
           // this cannot occur if the request has been validated
         }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
index bf11240..0f1a57d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
@@ -50,18 +50,19 @@ public class CRLDistributionPoint extends DistributionPoint implements
 
     // create the mapping between reason code strings and their integer
     // values
-    RC_MAPPING.put("unused", new Integer(iaik.asn1.structures.DistributionPoint.unused));
-    RC_MAPPING.put("keyCompromise", new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise));
-    RC_MAPPING.put("cACompromise", new Integer(iaik.asn1.structures.DistributionPoint.cACompromise));
-    RC_MAPPING.put("affiliationChanged", new Integer(
+    RC_MAPPING.put("unused", Integer.valueOf(iaik.asn1.structures.DistributionPoint.unused));
+    RC_MAPPING.put("keyCompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.keyCompromise));
+    RC_MAPPING.put("cACompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.cACompromise));
+    RC_MAPPING.put("affiliationChanged", Integer.valueOf(
         iaik.asn1.structures.DistributionPoint.affiliationChanged));
-    RC_MAPPING.put("superseded", new Integer(iaik.asn1.structures.DistributionPoint.superseded));
+    RC_MAPPING.put("superseded", Integer.valueOf(iaik.asn1.structures.DistributionPoint.superseded));
     RC_MAPPING.put("cessationOfOperation",
-        new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
-    RC_MAPPING.put("certificateHold", new Integer(iaik.asn1.structures.DistributionPoint.certificateHold));
-    RC_MAPPING.put("privilegeWithdrawn", new Integer(
+        Integer.valueOf(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
+    RC_MAPPING.put("certificateHold", Integer.valueOf(
+        iaik.asn1.structures.DistributionPoint.certificateHold));
+    RC_MAPPING.put("privilegeWithdrawn", Integer.valueOf(
         iaik.asn1.structures.DistributionPoint.privilegeWithdrawn));
-    RC_MAPPING.put("aACompromise", new Integer(iaik.asn1.structures.DistributionPoint.aACompromise));
+    RC_MAPPING.put("aACompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.aACompromise));
   }
 
   /**
@@ -76,12 +77,12 @@ public class CRLDistributionPoint extends DistributionPoint implements
 
   /**
    * Create a <code>CRLDistributionPoint</code>.
-   * 
+   *
    * @param issuerName    The name of the CA issuing the CRL referred to by this
    *                      DP.
-   * 
+   *
    * @param uri           The URI of the distribution point.
-   * 
+   *
    * @param reasonCodeStr A list of reason codes (a space-separated enumeration).
    */
   public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) {
@@ -101,7 +102,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
   /**
    * Convert a list of reason codes provided as a <code>String</code> to a binary
    * representation.
-   * 
+   *
    * @param reasonCodeStr A <code>String</code> containing a blank-separated,
    *                      textual representation of reason codes.
    * @return int A binary representation of reason codes.
@@ -143,7 +144,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
   /**
    * Return a binary representation of the reason codes of this distribution
    * point.
-   * 
+   *
    * @return The binary representation of the reason codes.
    */
   @Override
@@ -153,7 +154,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
 
   /**
    * Return a <code>String</code> representation of this distribution point.
-   * 
+   *
    * @return The <code>String</code> representation of this distribution point.
    * @see java.lang.Object#toString()
    */
@@ -163,7 +164,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
   }
 
   /**
-   * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName()
+   * Get CRL issuer-name.
    */
   public String getIssuerName() {
     return issuerName_;
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index ff2f9a5..09ec921 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -581,7 +581,7 @@ public class ConfigurationPartsBuilder {
         entry = new BlackListEntry(host, -1);
         info("config.34", new Object[] { host });
       } else {
-        entry = new BlackListEntry(host, new Integer(port).intValue());
+        entry = new BlackListEntry(host, Integer.valueOf(port).intValue());
         info("config.34", new Object[] { host + ":" + port });
       }
 
@@ -631,7 +631,7 @@ public class ConfigurationPartsBuilder {
         entry = new WhiteListEntry(host, -1);
         info("config.49", new Object[] { host });
       } else {
-        entry = new WhiteListEntry(host, new Integer(port).intValue());
+        entry = new WhiteListEntry(host, Integer.valueOf(port).intValue());
         info("config.49", new Object[] { host + ":" + port });
       }
 
@@ -1522,7 +1522,7 @@ public class ConfigurationPartsBuilder {
    * Returns the JDBC URL for the revocation archive database.
    *
    * @return the JDBC URL for the revocation archive database, or
-   *         <code>null</code, if the corresponding parameter is not set in the
+   *         <code>null</code>, if the corresponding parameter is not set in the
    *         configuration.
    */
   public String getRevocationArchiveJDBCURL() {
@@ -1534,7 +1534,7 @@ public class ConfigurationPartsBuilder {
    * Returns the JDBC driver class name for the revocation archive database.
    *
    * @return the JDBC driver class name for the revocation archive database, or
-   *         <code>null</code, if the corresponding parameter is not set in the
+   *         <code>null</code>, if the corresponding parameter is not set in the
    *         configuration.
    */
   public String getRevocationArchiveJDBCDriverClass() {
@@ -1780,7 +1780,7 @@ public class ConfigurationPartsBuilder {
     while ((modElem = (Element) modIter.nextNode()) != null) {
       final String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null);
       final String i = getElementValue(modElem, CONF + "Interval", null);
-      final Integer interval = new Integer(i);
+      final Integer interval = Integer.valueOf(i);
       map.put(ConfigurationProvider.normalizeX500Names(x509IssuerName), interval);
 
     }
@@ -1880,7 +1880,7 @@ public class ConfigurationPartsBuilder {
       final String x509IssuerName = ConfigurationProvider.normalizeX500Names(
           getElementValue(modElem, CONF + "X509IssuerName", null));
       final String i = getElementValue(modElem, CONF + "ValidityPeriod", null);
-      final Integer interval = new Integer(i);
+      final Integer interval = Integer.valueOf(i);
       map.put(x509IssuerName, interval);
       Logger.debug("Set shortTimePeriodInterval: " + interval + " for Issuer: " + x509IssuerName);
 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
index b43ec2f..e5b6025 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -81,13 +81,20 @@ public class CMSSignatureCreationProfileImpl
   }
 
   /**
-   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+   * Creates a CMS based signature-creation profile.
    *
-   * @param createProfileCount Provides external information about the number of
-   *                           calls to the signature creation module, using the
-   *                           same request.
-   * @param reservedIDs        The set of IDs that must not be used while
-   *                           generating new IDs.
+   * @param keySet               Set of signing keys
+   * @param digestMethod         Hash algorithm
+   * @param signedProperties     List of signing properties
+   * @param securityLayerConform If <code>true</code> create a CAdES-B signature,
+   *                             otherwise CMS signature
+   * @param includeData          If <code>true</code> create an embedded
+   *                             signature, otherwise a detached
+   * @param mimeType             MimeType to be set
+   * @param isPAdESConform       If <code>true</code> signature fulfill PAdES
+   *                             requirements
+   * @param rsaSsaPss            If <code>true</code> use RSASSA-PSS algorithms,
+   *                             otherwise RSA#1.5
    */
   public CMSSignatureCreationProfileImpl(
       Set keySet,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
index d1b776b..befeab7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
@@ -43,7 +43,6 @@ import iaik.pki.store.revocation.RevocationStoreException;
  * A customized implementation of
  * {@link iaik.pki.store.revocation.RevocationInfoRetriever}. Will be used
  * instead of the default implementation
- * {@link iaik.pki.store.revocation.CRLRetriever} to overcome a classloader
  * problem in connection with the {@link java.net.URL} class in a Tomcat
  * deployment environment.
  *
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
index 22cceeb..0e12f89 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
@@ -28,7 +28,6 @@ import iaik.pki.store.revocation.archive.DataBaseArchiveParameters;
 /**
  * An implementation of the <code>DataBaseArchiveParameter</code> interface.
  *
- * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter
  * @author Patrick Peck
  * @version $Id$
  */
@@ -46,9 +45,6 @@ public class DataBaseArchiveParameterImpl implements DataBaseArchiveParameters {
     this.jDBCUrl = jDBCUrl;
   }
 
-  /**
-   * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter#getJDBCUrl()
-   */
   @Override
   public String getJDBCUrl() {
     return jDBCUrl;
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
index 9ef3764..7a036ec 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
@@ -60,10 +60,9 @@ public class TrustStoreProfileImpl implements TrustStoreProfile {
   /**
    * Create a new <code>TrustStoreProfileImpl</code>.
    *
-   * @param config         The MOA configuration data, from which trust store
-   *                       configuration data is read.
-   * @param trustProfileId The trust profile id on which this
-   *                       <code>TrustStoreProfile</code> is based.
+   * @param trustProfileId  The trust profile id on which this
+   *                        <code>TrustStoreProfile</code> is based.
+   * @param trustProfileUri File path to trust profile
    * @throws MOAApplicationException The <code>trustProfileId</code> could not be
    *                                 found in the MOA configuration.
    */
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 19b3a12..7aca40e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -248,7 +248,7 @@ public class CMSSignatureVerificationInvoker {
             handlePDFResult(resultObject, responseBuilder, trustProfile);
           }
         } catch (final IndexOutOfBoundsException e) {
-          throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) });
+          throw new MOAApplicationException("2249", new Object[] { Integer.valueOf(sigIndex) });
         }
       }
     }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
index bc5d884..bca9b8e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
@@ -69,12 +69,12 @@ public class CreateCMSSignatureResponseBuilder {
   /**
    * Add a <code>SignatureEnvironment</code> element to the response.
    *
-   * @param signatureEnvironment The content to put under the
-   *                             <code>SignatureEnvironment</code> element. This
-   *                             should either be a <code>dsig:Signature</code>
-   *                             element (in case of a detached signature) or the
-   *                             signature environment containing the signature
-   *                             (in case of an enveloping signature).
+   * @param base64value The content to put under the
+   *                    <code>SignatureEnvironment</code> element. This should
+   *                    either be a <code>dsig:Signature</code> element (in case
+   *                    of a detached signature) or the signature environment
+   *                    containing the signature (in case of an enveloping
+   *                    signature).
    */
   public void addCMSSignature(String base64value) {
     final CMSSignatureResponse responseElement =
@@ -84,7 +84,7 @@ public class CreateCMSSignatureResponseBuilder {
 
   /**
    * Add a <code>ErrorResponse</code> element to the response.
-   * 
+   *
    * @param errorCode The error code.
    * @param info      Additional information about the error.
    */
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 813d28e..79b4c29 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -74,15 +74,26 @@ public class VerifyCMSSignatureResponseBuilder {
   /**
    * Add a verification result to the response.
    *
-   * @param result         The result to add.
-   * @param trustprofile   The actual trustprofile
-   * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the
-   *                       certificate as qualified, otherwise <code>false</code>.
-   * @param checkSSCD      <code>true</code>, if the TSL check verifies the
-   *                       signature based on a SSDC, otherwise
-   *                       <code>false</code>.
-   * @param sscdSourceTSL  <code>true</code>, if the SSCD information comes from
-   *                       the TSL, otherwise <code>false</code>.
+   * @param result                         The result to add.
+   * @param trustProfile                   The actual trustprofile
+   * @param checkQC                        <code>true</code>, if the TSL check
+   *                                       verifies the certificate as qualified,
+   *                                       otherwise <code>false</code>.
+   * @param qcSourceTSL                    <true> if QC info comes from the TSL,
+   *                                       otherwise <code>false</code>.
+   * @param checkSSCD                      <code>true</code>, if the TSL check
+   *                                       verifies the signature based on a SSDC,
+   *                                       otherwise <code>false</code>.
+   * @param sscdSourceTSL                  <code>true</code>, if the SSCD
+   *                                       information comes from the TSL,
+   *                                       otherwise <code>false</code>.
+   * @param issuerCountryCode              TSL issuer country
+   * @param adesResults                    Form validation results
+   * @param extendedCertificateCheckResult Extended validation results
+   * @param tslInfos                       Full TSL validation result
+   * @param extendedVerification           <code>true</code> if extended
+   *                                       validation was used, otherwise
+   *                                       <code>false</code>
    * @throws MOAException
    */
   public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC,
@@ -150,7 +161,7 @@ public class VerifyCMSSignatureResponseBuilder {
   }
 
   /**
-   * 
+   *
    * @param result
    * @param trustProfile
    * @param checkQC
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 7e882ed..25ce8d1 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -515,7 +515,7 @@ public class VerifyXMLSignatureResponseBuilder {
 
       try {
         if (refInfo.isHashCalculated() && !refInfo.isHashValid()) {
-          failedReferencesList.add(new Integer(i + 1));
+          failedReferencesList.add(Integer.valueOf(i + 1));
         }
       } catch (final HashUnavailableException e) {
         // nothing to do here because we called refInfo.isHashCalculated first
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 2973b36..0fb2d82 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -539,7 +539,7 @@ public class XMLSignatureVerificationInvoker {
         }
 
         if (!found) {
-          final Integer refIndex = new Integer(refData.getReferenceIndex());
+          final Integer refIndex = Integer.valueOf(refData.getReferenceIndex());
           final String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex });
 
           failedReferencesList.add(refIndex);
@@ -581,8 +581,8 @@ public class XMLSignatureVerificationInvoker {
           final int[] failedReferences = new int[] { ref.getReferenceIndex() };
           final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null,
               failedReferences);
-          final String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref
-              .getReferenceIndex()) });
+          final String logMsg = msg.getMessage("invoker.02", new Object[] {
+              Integer.valueOf(ref.getReferenceIndex()) });
 
           Logger.debug(new LogMsg(logMsg));
 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
index 8e37b1c..8dd2a8b 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
@@ -21,8 +21,8 @@ import iaik.server.modules.resultcodes.ResultCodeValid;
 
 public class AdESResultUtils {
 
-  private static final int MAJORRESULTCODESKIPPED = new Integer(3);
-  private static final int MAJORRESULTCODEERROR = new Integer(4);
+  private static final int MAJORRESULTCODESKIPPED = Integer.valueOf(3);
+  private static final int MAJORRESULTCODEERROR = Integer.valueOf(4);
 
   public static Integer getResultCode(Integer adesCode) {
     return adesCode;
@@ -114,9 +114,9 @@ public class AdESResultUtils {
         minorInfo = "UNKNOWN_SUBFILTER";
       } else if (resultCode.getCode().equals(ResultCode.CODE_NO_SIGNER_CERTIFICATE_FOUND)) {
         minorInfo = "NO_SIGNER_CERTIFICATE_FOUND";
-        
-        
-        
+
+
+
         // pdf-as 3.x detection is removed from MOA-SP since 3.1.2
       } else if (resultCode.getCode().equals(ResultCode.PDF_AS_SIGNATURE)) {
         // minorInfo = "PDF_AS_SIGNATURE";
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
index be40a9e..221c361 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
@@ -47,7 +47,7 @@ public class ExternalURIVerifier {
             }
           } else {
             // check host and port
-            final int iport = new Integer(bport).intValue();
+            final int iport = Integer.valueOf(bport).intValue();
             if (ip.startsWith(bhost) && iport == port) {
               Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port
                   + " blacklisted"));
@@ -75,7 +75,7 @@ public class ExternalURIVerifier {
             }
           } else {
             // check host and port
-            final int iport = new Integer(bport).intValue();
+            final int iport = Integer.valueOf(bport).intValue();
             if (ip.startsWith(bhost) && iport == port) {
               Logger.debug(new LogMsg("Whitelist check: " + host + ":" + port + " (" + ip + ":" + port
                   + " whitelisted"));
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
index 6127305..49047d7 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -62,8 +62,6 @@ public class ConfigurationServlet extends HttpServlet {
    * Handle a HTTP GET request, used to indicated that the MOA configuration needs
    * to be updated (reloaded).
    *
-   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest,
-   *      HttpServletResponse)
    */
   @Override
   @SuppressWarnings({ "rawtypes", "unchecked" })
@@ -125,8 +123,6 @@ public class ConfigurationServlet extends HttpServlet {
   /**
    * Do the same as <code>doGet</code>.
    *
-   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest,
-   *      HttpServletResponse)
    */
   @Override
   public void doPost(HttpServletRequest request, HttpServletResponse response)
@@ -140,8 +136,6 @@ public class ConfigurationServlet extends HttpServlet {
    *
    * Does an initial load of the MOA configuration to test if a working web
    * service can be provided.
-   *
-   * @see javax.servlet.GenericServlet#init()
    */
   @Override
   public void init() throws ServletException {
-- 
cgit v1.2.3


From 5ab9024ebfdab0039488a471ab04bc94b604b771 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 19 Sep 2025 12:07:10 +0200
Subject: fix(core): wrong selection of RSASSA-PSS in case of XML signatures

---
 .../xmlsign/XMLSignatureCreationProfileImpl.java   | 23 ++++++++++++++++++----
 .../invoke/XMLSignatureCreationProfileFactory.java |  7 +++++++
 2 files changed, 26 insertions(+), 4 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 76814a4..b0fea7f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
 import java.util.List;
 import java.util.Set;
 
+import org.apache.commons.lang3.StringUtils;
+
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -163,6 +165,14 @@ public class XMLSignatureCreationProfileImpl
   @Override
   public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
       throws AlgorithmUnavailableException {
+    String sigAlgIdentifier = getInternalSignatureAlgorithmName(selectedKeyID);
+    Logger.debug("Selected SignatureAlgorithmIdentifier: " + sigAlgIdentifier);
+    return sigAlgIdentifier;
+
+  }
+
+  private String getInternalSignatureAlgorithmName(KeyEntryID selectedKeyID)
+      throws AlgorithmUnavailableException {
 
     final TransactionContext context =
         TransactionContextManager.getInstance().getTransactionContext();
@@ -178,14 +188,16 @@ public class XMLSignatureCreationProfileImpl
           e,
           null);
     }
+    Logger.trace("RSASSA-PSS: " + rsaSsaPss + " XAdESDigistAlg: " + digestMethodXAdES142
+        + " Algorithms: " + StringUtils.join(algorithms, ","));
 
     // TODO: maybe add support for parameterized RSASSA-PSS
-
     if (digestMethodXAdES142 == null) {
       // XAdES 1.4.2 not enabled - legacy MOA
-      if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)
-          || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)
-          || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+      if (rsaSsaPss
+          && (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)
+              || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)
+              || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1))) {
         return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
 
       } else if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
@@ -198,10 +210,13 @@ public class XMLSignatureCreationProfileImpl
           || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
 
         return SignatureAlgorithms.SHA256_WITH_RSA;
+
       } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
         return SignatureAlgorithms.ECDSA;
+
       } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
         return SignatureAlgorithms.DSA;
+
       } else {
         throw new AlgorithmUnavailableException(
             "No algorithm for key entry: " + selectedKeyID,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index 7585ac7..46c4983 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -266,6 +266,13 @@ public class XMLSignatureCreationProfileFactory {
       throws MOASystemException {
     final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass();
     final boolean configUseRsaSsaPss = config.isUseRsaSsaPss();
+
+    Logger.trace("Config using RSASSA-PSS. KeyStore: "
+        + useRsaSsaPssKg != null
+            ? useRsaSsaPssKg
+            : "NOT-DEFINED"
+                + " Default: " + config);
+
     return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss;
 
   }
-- 
cgit v1.2.3