From ae378f2293528188235be596af8d68504803e082 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 28 Jun 2017 12:33:25 +0200
Subject: fix problem in CMS response builder

---
 .../xmlbind/CreateCMSSignatureResponseBuilder.java | 39 ++++++++++++++--------
 1 file changed, 26 insertions(+), 13 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
index d808f2b..7ce0871 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureResponseBuilder.java
@@ -80,22 +80,35 @@ public class CreateCMSSignatureResponseBuilder {
   public Document build(CreateCMSSignatureResponse response) {
     Iterator iter;
 
-        
+    
+     
+    
     for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
-      CreateCMSSignatureResponseElement responseElement =
-        (CreateCMSSignatureResponseElement) iter.next();
       
-      switch (responseElement.getResponseType()) {
-        case CreateCMSSignatureResponseElement.CMS_SIGNATURE :
-        	CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseElement;
+    	Object responseObj = iter.next();
+    	
+    	if (responseObj instanceof ErrorResponse) {
+    		ErrorResponse errorResponse = (ErrorResponse) responseObj;
+            addErrorResponse(errorResponse);
+    		
+    	} else if (responseObj instanceof CreateCMSSignatureResponseElement) {
+    		CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) responseObj;
         	addCMSSignature(cmsSignatureResponse);
-          break;
-
-        case CreateCMSSignatureResponseElement.ERROR_RESPONSE :
-          ErrorResponse errorResponse = (ErrorResponse) responseElement;
-          addErrorResponse(errorResponse);
-          break;
-      }
+    		
+    	}
+    	
+//    	CreateCMSSignatureResponseElement responseElement =
+//        (CreateCMSSignatureResponseElement) iter.next();
+//      
+//      switch (responseElement.getResponseType()) {
+//        case CreateCMSSignatureResponseElement.CMS_SIGNATURE :
+//        	
+//          break;
+//
+//        case CreateCMSSignatureResponseElement.ERROR_RESPONSE :
+//          
+//          break;
+//      }
 
     }
 
-- 
cgit v1.2.3


From e1535be7c97e86e40e04258cbdaf47f60e6292bf Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 7 Aug 2017 16:30:58 +0200
Subject: add PAdES conformity flag to CAdES SOAP interface. Info: additional
 work is required when IAIK-MOA is updated

---
 .../gv/egovernment/moa/spss/api/SPSSFactory.java   |   3 +-
 .../moa/spss/api/cmssign/SingleSignatureInfo.java  |   8 +
 .../moa/spss/api/impl/SPSSFactoryImpl.java         |   3 +-
 .../spss/api/impl/SingleSignatureInfoCMSImpl.java  |   9 +-
 .../xmlbind/CreateCMSSignatureRequestParser.java   |   9 +-
 .../server/invoke/CMSSignatureCreationInvoker.java |  64 +-
 .../resources/resources/wsdl/MOA-SPSS-2.0.0.wsdl   |   2 +-
 .../resources/resources/wsdl/MOA-SPSS-3.1.0.xsd    | 814 +++++++++++++++++++++
 8 files changed, 866 insertions(+), 46 deletions(-)
 create mode 100644 moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-3.1.0.xsd

(limited to 'moaSig/moa-sig-lib/src/main')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index aadaefb..a39edf4 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -190,13 +190,14 @@ public abstract class SPSSFactory {
    * @param dataObjectInfo The data object that will be signed.
    * @param securityLayerConform If <code>true</code>, a Security Layer conform
    * signature manifest is created, otherwise not.
+ * @param isPAdESSignature 
    * @return The <code>SingleSignatureInfo</code> containing the above data.
    * 
    * @post return != null
    */
   public abstract at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(	
     at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo,
-    boolean securityLayerConform);
+    boolean securityLayerConform, boolean isPAdESSignature);
   
 
   
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
index 1f87a50..4d56cf3 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmssign/SingleSignatureInfo.java
@@ -48,4 +48,12 @@ public interface SingleSignatureInfo {
    * will be created, <code>false</code> otherwise.
    */
   public boolean isSecurityLayerConform();
+  
+  /**
+   * Check whether a PAdES conform CAdES signature will be created 
+   * 
+   * @return <code>true</code>, if a PAdES conform CAdES signature 
+   * will be created, <code>false</code> otherwise.
+   */
+  public boolean isPAdESConform();
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index ea8d295..b9fad4f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -124,10 +124,11 @@ public class SPSSFactoryImpl extends SPSSFactory {
 	}
 
 	public at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo createSingleSignatureInfoCMS(
-			at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform) {
+			at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo dataObjectInfo, boolean securityLayerConform, boolean isPAdESConform) {
 		SingleSignatureInfoCMSImpl singleSignatureInfo = new SingleSignatureInfoCMSImpl();
 		singleSignatureInfo.setDataObjectInfo(dataObjectInfo);
 		singleSignatureInfo.setSecurityLayerConform(securityLayerConform);
+		singleSignatureInfo.setPAdESConform(isPAdESConform);
 		return singleSignatureInfo;
 	}
 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
index cb36515..c8558dc 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SingleSignatureInfoCMSImpl.java
@@ -40,6 +40,7 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
 
 
   private boolean securityLayerConform = true;
+  private boolean padesConform = false;
 
   public void setDataObjectInfo(DataObjectInfo dataObjectInfo) {
     this.dataObjectInfo = dataObjectInfo;
@@ -49,9 +50,15 @@ public class SingleSignatureInfoCMSImpl implements SingleSignatureInfo {
     return dataObjectInfo;
   }
 
+  public boolean isPAdESConform() {
+	return padesConform;
+  }
 
+  public void setPAdESConform(boolean padesConform) {
+	this.padesConform = padesConform;
+  }
 
-  public void setSecurityLayerConform(boolean securityLayerConform) {
+public void setSecurityLayerConform(boolean securityLayerConform) {
     this.securityLayerConform = securityLayerConform;
   }
 
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
index 3550c27..a4c4d29 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/CreateCMSSignatureRequestParser.java
@@ -67,6 +67,7 @@ public class CreateCMSSignatureRequestParser {
   private static final String DATA_OBJECT_XPATH = MOA + "DataObject";
   
   private static final String SL_CONFORM_ATTR_NAME = "SecurityLayerConformity";
+  private static final String IS_PADES_SIGNATURE_ATTR_NAME = "PAdESConformity";
 
   private static final String META_INFO_XPATH = MOA + "MetaInfo";
   private static final String CONTENT_XPATH = MOA + "Content";
@@ -149,6 +150,7 @@ public class CreateCMSSignatureRequestParser {
 
     DataObjectInfo dataObjectInfo = parseDataObjectInfo(sigInfoElem);
     boolean securityLayerConform;
+    boolean isPAdESSignature = false;
 
     if (sigInfoElem.hasAttribute(SL_CONFORM_ATTR_NAME)) {
       securityLayerConform =
@@ -157,9 +159,14 @@ public class CreateCMSSignatureRequestParser {
       securityLayerConform = true;
     }
 
+    if (sigInfoElem.hasAttribute(IS_PADES_SIGNATURE_ATTR_NAME)) {
+    	isPAdESSignature = BoolUtils.valueOf(sigInfoElem.getAttribute(IS_PADES_SIGNATURE_ATTR_NAME));
+    }
+    
     return factory.createSingleSignatureInfoCMS(
       dataObjectInfo,
-      securityLayerConform);
+      securityLayerConform,
+      isPAdESSignature);
   }
 
   /**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 8e9380e..753d769 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -154,6 +154,7 @@ public class CMSSignatureCreationInvoker {
 	  CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl();
 
 	  boolean isSecurityLayerConform = false;
+	  boolean isPAdESConformRequired = false;
 	  String structure = null;
 	  String mimetype = null;
 	  
@@ -164,6 +165,14 @@ public class CMSSignatureCreationInvoker {
 	  while (singleSignatureInfoIter.hasNext()) {
 		  SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next();
 		  isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
+		  isPAdESConformRequired = singleSignatureInfo.isPAdESConform();
+		  
+		  //PAdES conformity always requires SecurityLayer conformity, because certificates must be included
+		  if (isPAdESConformRequired && !isSecurityLayerConform) {
+			  isSecurityLayerConform = isPAdESConformRequired;
+			  Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested");
+			  
+		  }
 		  
 		  
 		  DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
@@ -171,7 +180,17 @@ public class CMSSignatureCreationInvoker {
 		  
 		  CMSDataObject dataobject = dataObjectInfo.getDataObject();
 		  MetaInfo metainfo = dataobject.getMetaInfo();
-		  mimetype = metainfo.getMimeType();
+		  
+		  /*TODO: does not set SigningTime in IAIK-MOA request or any other
+		   * API method/parameter when IAIK-MOA API is updated.
+		   * Maybe also update mimetype solution below
+		   */
+		  //does not set mimetype if PAdES conformity is requested
+		  if (!isPAdESConformRequired) {
+			  mimetype = metainfo.getMimeType();
+			  
+		  } else
+			  Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature");
 			  
 		  CMSContent content = dataobject.getContent();
 		  InputStream contentIs = null;
@@ -218,7 +237,7 @@ public class CMSSignatureCreationInvoker {
 			    
 		  // get digest algorithm
 		  String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
-			    
+	  
 		  // create CMSSignatureCreation profile:			    
 		  CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
 				  keySet,
@@ -239,39 +258,7 @@ public class CMSSignatureCreationInvoker {
 			  boolean base64 = true;
 			  OutputStream  signedDataStream = signature.getSignature(out, base64);
 					 
-			  // now write the data to be signed to the signedDataStream
-			  
-			  // 
-			  int byteRead;
-			  /*
-			  BigDecimal counter = new BigDecimal("0");
-			  BigDecimal one = new BigDecimal("1");
-			  
-			  ByteArrayOutputStream filteredStream = new ByteArrayOutputStream();
-			  
-			  while ((byteRead=contentIs.read()) >= 0) {
-				  //System.out.println("counterXX: " + counter);
-				  
-				  // Wrong behaviour < 3
-				  // excluded bytes should not be part of the signature as 0 bytes
-				  // they should be not part of the signature at all!
-				  
-//				  if (inRange(counter, dataobject))
-//					  filteredStream.write(0);
-//				  else
-//					  filteredStream.write(byteRead);
-//				  
-				  
-				  // correct behaviour
-				  if (!inRange(counter, dataobject)) {
-					  filteredStream.write(byteRead);
-				  }
-
-				  counter = counter.add(one);
-			  }
-			  byte[] data = filteredStream.toByteArray();
-			  signedDataStream.write(data, 0, data.length);
-			  */
+			  // now write the data to be signed to the signedDataStream			  
 			  // Stream based, this should have a better performance
 			  FilteredOutputStream filteredOuputStream = new FilteredOutputStream(
 					  signedDataStream, 4096, dataobject.getExcludeByteRangeFrom(),
@@ -279,12 +266,7 @@ public class CMSSignatureCreationInvoker {
 			  
 			  IOUtils.copyLarge(contentIs, filteredOuputStream);
 			  filteredOuputStream.flush();
-//			  byte[] buf = new byte[4096];
-//			  int bytesRead;
-//			  while ((bytesRead = contentIs.read(buf)) >= 0) {
-//				  signedDataStream.write(buf, 0, bytesRead);
-//			  } 
-//					 
+ 
 			  // finish SignedData processing by closing signedDataStream
 			  signedDataStream.close();
 			  String base64value = out.toString();
diff --git a/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.wsdl b/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.wsdl
index f11c669..338282e 100644
--- a/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.wsdl
+++ b/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-2.0.0.wsdl
@@ -3,7 +3,7 @@
   Web Service Description for MOA SP/SS 1.4
 -->
 <definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-3.0.0.xsd"/>
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-3.1.0.xsd"/>
 	<message name="CreateCMSSignatureInput">
 		<part name="body" element="moa:CreateCMSSignatureRequest"/>
 	</message>
diff --git a/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-3.1.0.xsd b/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-3.1.0.xsd
new file mode 100644
index 0000000..15f8a2c
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/resources/resources/wsdl/MOA-SPSS-3.1.0.xsd
@@ -0,0 +1,814 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- MOA SP/SS 2.0.0 Schema -->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create CMS Signature ### -->
+	<!--### Create CMS Signature Request ### -->
+	<xsd:element name="CreateCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateCMSSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch
+						wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="CMSDataObjectInfoType"/>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+					<xsd:attribute name="PAdESConformity" type="xsd:boolean" use="optional" default="false"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create CMS Signature Response ### -->
+	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+	<xsd:complexType name="CreateCMSSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine
+					Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung
+						erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--########## Create XML Signature ### -->
+	<!--### Create XML Signature Request ### -->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch
+						wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des
+												Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit
+												der Signaturumgebung, oder Verweis auf ein benanntes Profil
+											</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ### -->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine
+					Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung
+						erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Create PDF Signature ### -->
+	<!--### Create PDF Signature Request ### -->
+	<xsd:element name="CreatePDFSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreatePDFSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreatePDFSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch
+						wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="PDFDocument" type="xsd:base64Binary"/>
+						<xsd:element name="SignatureProfile" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+						<xsd:element name="SignaturePosition" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+						<xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create PDF Signature Response ### -->
+	<xsd:element name="CreatePDFSignatureResponse" type="CreatePDFSignatureResponseType"/>
+	<xsd:complexType name="CreatePDFSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="PDFSignature" type="PDFSignedRepsonse" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify CMS Signature ### -->
+	<!--### Verifiy CMS Signature Request ### -->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von
+						vertrauenswürdigen Wurzelzertifikaten spezifiziert
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ### -->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is
+						supported; QualifiedCertificate is included as
+						X509Data/any;publicAuthority is included as X509Data/any;
+						SecureSignatureCreationDevice is included as X509Data/any,
+						IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+			<xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyASICCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is
+						supported; QualifiedCertificate is included as
+						X509Data/any;publicAuthority is included as X509Data/any;
+						SecureSignatureCreationDevice is included as X509Data/any,
+						IssuingCountry is included as X509Data/any,
+						TSLInformation is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+			<xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify PDF Signature ### -->
+	<!--### Verifiy PDF Signature Request ### -->
+	<xsd:element name="VerifyPDFSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyPDFSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyPDFSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+			<xsd:element name="PDFSignature" type="xsd:base64Binary"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von
+						vertrauenswürdigen Wurzelzertifikaten spezifiziert
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify PDF Signature ### -->
+	<!--### Verifiy ASIC Signature Request ### -->
+	<xsd:element name="VerifyASICSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyASICSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyASICSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+			<xsd:element name="ASICSignature" type="xsd:base64Binary"/>
+			<xsd:element name="ASICExtension" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>asics or asice</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von
+						vertrauenswürdigen Wurzelzertifikaten spezifiziert
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify ASIC Signature Response ### -->
+	<xsd:element name="VerifyASICSignatureResponse" type="VerifyASICSignatureResponseType"/>
+	<xsd:complexType name="VerifyASICSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="ASiCSignatureResult" type="ASICResultType" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ASICResultType">
+		<xsd:sequence>
+			<xsd:element name="signedFiles" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="XMLSignatureResult" type="VerifyASICXMLSignatureResponseType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CMSSignatureResult" type="VerifyASICCMSSignatureResponseType" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ### -->
+	<xsd:element name="VerifyPDFSignatureResponse" type="VerifyPDFSignatureResponseType"/>
+	<xsd:complexType name="VerifyPDFSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignatureResult" type="PDFSignatureResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PDFSignatureResultType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is
+						supported; QualifiedCertificate is included as
+						X509Data/any;publicAuthority is included as X509Data/any;
+						SecureSignatureCreationDevice is included as X509Data/any,
+						IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+			<xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ### -->
+	<!--### Verify XML Signature Request ### -->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="ExtendedValidation" type="xsd:boolean" default="false" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu
+									überprüfenden XML-Signatur muss hier ein
+									ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen
+									ReferenceInfo Elemente entspricht jener der dsig:Reference
+									Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von
+						vertrauenswürdigen Wurzelzertifikaten spezifiziert
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ### -->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is
+						supported; QualifiedCertificate is included as X509Data/any;
+						PublicAuthority is included as X509Data/any;
+						SecureSignatureCreationDevice is included as X509Data/any,
+						IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+			<xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyASICXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is
+						supported; QualifiedCertificate is included as X509Data/any;
+						PublicAuthority is included as X509Data/any;
+						SecureSignatureCreationDevice is included as X509Data/any,
+						IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+			<xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ExtendedCertificateCheck" type="ExtendedCertificateCheckResultType" minOccurs="0" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER
+						Transformationskette inklusive ggf. sinnvoller Supplements oder
+						Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PDFSignedRepsonse">
+		<xsd:sequence>
+			<xsd:element name="SignatureID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+			<xsd:choice maxOccurs="1">
+				<xsd:element name="PDFSignature" type="xsd:base64Binary">
+					<xsd:annotation>
+						<xsd:documentation>Resultat, falls die Signaturerstellung
+							erfolgreich war</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element ref="ErrorResponse"/>
+			</xsd:choice>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectRequiredMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FormResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger" minOccurs="1" maxOccurs="1"/>
+			<xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="IndicationResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger" minOccurs="1" maxOccurs="1"/>
+			<xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ExtendedCertificateCheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Major" type="IndicationResultType" minOccurs="1" maxOccurs="1"/>
+			<xsd:element name="Minor" type="IndicationResultType" minOccurs="0" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ### -->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert
+				ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ### -->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent>
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von
+					der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur
+					hat zumindest einem dieser Transformationswege zu entsprechen. Die
+					Angabe kann explizit oder als Profilbezeichner erfolgen.
+				</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="SecureSignatureCreationDevice">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="IssuingCountry" type="xsd:token"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters
+					(explizit oder als Hashwert) kann unterlassen werden, wenn die
+					Applikation von der Unveränderlichkeit des Inhalts der in
+					"Transformationsparamter", Attribut "URI" angegebenen URI ausgehen
+					kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.
+					</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs
+			</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die
+							zum Durchlaufen der oben angeführten Transformationskette
+							bekannt sein müssen, müssen hier angeführt werden. Das
+							Attribut "URI" bezeichnet den Transformationsparameter in exakt
+							jener Weise, wie er in der zu überprüfenden Signatur gebraucht
+							wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
-- 
cgit v1.2.3


From 7b12b9c698c20b34faa72be882d5f3fb87114483 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 8 Sep 2017 14:27:07 +0200
Subject: add PAdES flag and update IAIK libs

---
 .../server/iaik/cmssign/CMSSignatureCreationProfileImpl.java  | 11 ++++++++++-
 .../moa/spss/server/invoke/CMSSignatureCreationInvoker.java   |  5 +++--
 2 files changed, 13 insertions(+), 3 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
index 2dc047a..a465049 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -61,6 +61,7 @@ public class CMSSignatureCreationProfileImpl
   private boolean includeData;
   /** Digest Method algorithm  */
   private String digestMethod;
+  private boolean isPAdESConform;
   
   
   /**
@@ -77,13 +78,15 @@ public class CMSSignatureCreationProfileImpl
     List signedProperties,
     boolean securityLayerConform,
     boolean includeData,
-    String mimeType) {
+    String mimeType,
+    boolean isPAdESConform) {
 	  this.keySet = keySet;
 	  this.signedProperties = signedProperties;
 	  this.securityLayerConform = securityLayerConform;
 	  this.includeData = includeData;
 	  this.mimeType = mimeType;
 	  this.digestMethod = digestMethod;
+	  this.isPAdESConform = isPAdESConform;
 
   }
 
@@ -246,4 +249,10 @@ public class CMSSignatureCreationProfileImpl
 	return this.includeData;
   }
 
+
+@Override
+public boolean isPAdESConform() {
+	return this.isPAdESConform;
+}
+
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 753d769..4050ebc 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -181,7 +181,7 @@ public class CMSSignatureCreationInvoker {
 		  CMSDataObject dataobject = dataObjectInfo.getDataObject();
 		  MetaInfo metainfo = dataobject.getMetaInfo();
 		  
-		  /*TODO: does not set SigningTime in IAIK-MOA request or any other
+		  /*TODO: do not set SigningTime in IAIK-MOA request or any other
 		   * API method/parameter when IAIK-MOA API is updated.
 		   * Maybe also update mimetype solution below
 		   */
@@ -245,7 +245,8 @@ public class CMSSignatureCreationInvoker {
 				  signedProperties,
 				  isSecurityLayerConform, 
 				  includeData, 
-				  mimetype);
+				  mimetype,
+				  isPAdESConformRequired);
 		  
 		  // create CMSSignature from the CMSSignatureCreationModule
 		  // build the additionalSignedProperties
-- 
cgit v1.2.3