Finalize moa-sig-lib's Integration and Add Testcase

- Interpret `ISignatureVerificationService` response properly (by
  following security layer spec [1] and moaspss handbook [2]).
- Add config flag `moa.spss.is-manifest-check-active`
- Change SignatureVerifier Interface: Remove @return boolean, just
  throw an exception when a validation error occurs. Reason: In case
  the signature cannot be validated, the application always needs the
  reason for the validation error, which requires the verifier to
  throw an exception. In turn, the only valid return value for
  `verify()` becomes `true`, which can be omitted at that point.
- Add testcase for verifying a valid enveloped xml signature
- Remove Certificates that are not needed.

[1] https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html
[2] https://apps.egiz.gv.at/handbooks/moa-spss/handbook/handbook/usage/usage.html

1 files changed, 4 insertions, 4 deletions

diff --git a/src/main/java/at/gv/egiz/moazs/verify/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/verify/SignatureVerifier.java
index 01e90c8..a31c4cf 100644
--- a/src/main/java/at/gv/egiz/moazs/verify/SignatureVerifier.java
+++ b/src/main/java/at/gv/egiz/moazs/verify/SignatureVerifier.java
@@ -4,10 +4,10 @@ package at.gv.egiz.moazs.verify;
 public interface SignatureVerifier {
 
     /**
-     * Verifies the signature of a signed XML document.
+     * Verifies the signature of a signed XML document. Throws a at.gv.egiz.moazs.MoaZSException exception
+     * if the validation fails.
      * @param signedXMLdocument
-     * @return true if the signature is valid; false if there is no signature, if the signature is invalid,
-     *  or if an exception occured.
+     * @throws at.gv.egiz.moazs.MoaZSException
      */
-    boolean verify(byte[] signedXMLdocument);
+    void verify(byte[] signedXMLdocument);
 }