}
CVCRequestMessage reqmsg = new CVCRequestMessage(cvccert.getDEREncoded());
reqmsg.setUsername(username);
reqmsg.setPassword(password);
// Popo is really actually verified by the CA (in RSASignSessionBean) as well
if (reqmsg.verify() == false) {
log.debug("CVC POPO verification Failed");
throw new SignRequestSignatureException("Invalid inner signature in CVCRequest, popo-verification failed.");
} else {
log.debug("POPO verification successful");
}