add two jUnit test and CodeStyle modifications

34 files changed, 385 insertions, 206 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
index f5c687f1..8f87cbfa 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -26,17 +26,6 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Map.Entry;
 
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.lang.NonNull;
-import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
@@ -60,6 +49,17 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
 import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.NonNull;
+import org.springframework.util.Assert;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
 public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder {
   private static final Logger log =
       LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class);
@@ -145,10 +145,11 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
    * @param authProcessData Authentication information holder from current pending
    *                        request
    * @param pendingReq      current pending request
+   * @throws EaafAuthenticationException In case inconsistent authentication data
    */
   private void buildInternalAuthDataGeneric(@NonNull final IAuthData authData,
       @NonNull final IAuthProcessDataContainer authProcessData,
-      @NonNull final IRequest pendingReq) {
+      @NonNull final IRequest pendingReq) throws EaafAuthenticationException {
     Assert.notNull(pendingReq, "PendingRequest is null");
     Assert.notNull(authData, "AuthData is null");
     Assert.notNull(authProcessData, "AuthProcessData is null");
@@ -227,9 +228,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
    * @param authData        Current authentication data
    * @param authProcessData Authentication information holder from current pending
    *                        request
+   * @throws EaafAuthenticationException In case inconsistent authentication data
    */
   private void setCitizenCountryCode(final AuthenticationData authData,
-      final IAuthProcessDataContainer authProcessData) {
+      final IAuthProcessDataContainer authProcessData) throws EaafAuthenticationException {
     includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME);
     final String pvpCccAttr = authProcessData
         .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class);
@@ -239,8 +241,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
 
     } else {
       if (authData.isForeigner()) {
-        // TODO:
-        log.warn("Foreign citizen country NOT set yet!");
+        log.warn("EID_Issuing_Nation NOT SET for foreign citizen.");
+        throw new EaafAuthenticationException("builder.11",
+            new Object[] { "EID_Issuing_Nation NOT SET for foreign citizen." });
 
       } else {
         authData.setCiticenCountryCode(basicConfig.getBasicConfiguration(
@@ -324,7 +327,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
   protected void generateDeprecatedBasicAuthData(final AuthenticationData authData,
       final IRequest pendingReq, final IAuthProcessDataContainer authProcessData)
       throws EaafBuilderException, EaafConfigurationException, XPathException, DOMException,
-      EaafParserException {
+      EaafParserException, EaafAuthenticationException {
 
     if (authProcessData.getGenericSessionDataStorage() != null
         && !authProcessData.getGenericSessionDataStorage().isEmpty()) {
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
index a6017789..988a78b6 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
@@ -19,13 +19,11 @@
 
 package at.gv.egiz.eaaf.core.impl.idp.auth.data;
 
+import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.util.TimeZone;
 
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants;
@@ -33,6 +31,10 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 public class AuthProcessDataWrapper
     implements IAuthProcessDataContainer, EaafAuthProcessDataConstants {
   private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class);
@@ -72,6 +74,19 @@ public class AuthProcessDataWrapper
    * (non-Javadoc)
    *
    * @see
+   * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(
+   * java.lang.String)
+   */
+  @Override
+  public void setIssueInstant(final Date issueInstant) {
+    authProcessData.put(VALUE_ISSUEINSTANT, buildDateTimeUtc(issueInstant));
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see
    * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
    */
   @Override
@@ -305,4 +320,18 @@ public class AuthProcessDataWrapper
 
     }
   }
+
+  /**
+   * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value.
+   *
+   * @param date the <code>Calendar</code> value
+   * @return the <code>dateTime</code> value
+   */
+  public static String buildDateTimeUtc(final Date date) {
+
+    final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+    f.setTimeZone(TimeZone.getTimeZone("UTC"));
+
+    return f.format(date.getTime());
+  }
 }
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
index 07fc652a..5110d2bf 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
@@ -32,13 +32,6 @@ import java.util.UUID;
 import javax.annotation.Nonnull;
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.lang.NonNull;
-import org.springframework.lang.Nullable;
-import org.springframework.util.Assert;
-
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
@@ -52,12 +45,21 @@ import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
 
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.NonNull;
+import org.springframework.lang.Nullable;
+import org.springframework.util.Assert;
+
 public abstract class RequestImpl implements IRequest, Serializable {
 
   private static final Logger log = LoggerFactory.getLogger(RequestImpl.class);
 
   public static final String DATAID_REQUESTER_IP_ADDRESS = "reqestImpl_requesterIPAddr";
 
+  private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00";
+
   private static final long serialVersionUID = 1L;
 
   private String module = null;
@@ -143,14 +145,14 @@ public abstract class RequestImpl implements IRequest, Serializable {
 
     } catch (final MalformedURLException e) {
       log.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authUrlString, e);
-      throw new EaafAuthenticationException("errorId", new Object[] { authUrlString }, e);
+      throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e);
 
     }
     this.idpAuthUrl = authConfig.validateIdpUrl(authReqUrl);
     if (this.idpAuthUrl == null) {
       log.warn(
           "Extract AuthenticationServiceURL: " + authReqUrl + " is NOT found in configuration.");
-      throw new EaafAuthenticationException("errorId", new Object[] { authUrlString });
+      throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString });
 
     }
 
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafCoreMessageSource.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafCoreMessageSource.java
new file mode 100644
index 00000000..852c65b1
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafCoreMessageSource.java
@@ -0,0 +1,16 @@
+package at.gv.egiz.eaaf.core.impl.logging;
+
+import java.util.Arrays;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+public class EaafCoreMessageSource implements IMessageSourceLocation {
+
+  @Override
+  public List<String> getMessageSourceLocation() {
+    return Arrays.asList("classpath:messages/eaaf_core_messages");
+
+  }
+
+}
diff --git a/eaaf_core/src/main/resources/eaaf_core.beans.xml b/eaaf_core/src/main/resources/eaaf_core.beans.xml
index 9806664c..5b1962cf 100644
--- a/eaaf_core/src/main/resources/eaaf_core.beans.xml
+++ b/eaaf_core/src/main/resources/eaaf_core.beans.xml
@@ -13,8 +13,8 @@
 
   <import resource="classpath:/spring/eaaf_utils.beans.xml"/>
 
-  <bean id="httpClientFactory"
-    class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
+  <bean id="eaafCoreMessageSource"
+    class="at.gv.egiz.eaaf.core.impl.logging.EaafCoreMessageSource" />
 
   <bean id="ProtocolFinalizationController"
     class="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController" />
diff --git a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
new file mode 100644
index 00000000..5a508ccf
--- /dev/null
+++ b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
@@ -0,0 +1,4 @@
+eaaf.core.00=Requested URL: {0} is NOT allowed by configuration.
+
+
+
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java
new file mode 100644
index 00000000..a354b873
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java
@@ -0,0 +1,41 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth;
+
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({ "/eaaf_core.beans.xml",
+  "/SpringTest-context_eaaf_core.xml",
+  "/SpringTest-context_authManager.xml"})
+public class EaafCoreMessageSourceTest {
+
+  @Autowired
+  private ResourceLoader loader;
+  @Autowired(required = false)
+  private List<IMessageSourceLocation> messageSources;
+
+  @Test
+  public void checkMessageSources() {
+    Assert.assertNotNull("No messageSource", messageSources);
+
+    for (final IMessageSourceLocation messageSource : messageSources) {
+      Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation());
+
+      for (final String el : messageSource.getMessageSourceLocation()) {
+        final Resource messages = loader.getResource(el + ".properties");
+        Assert.assertTrue("Source not exist", messages.exists());
+
+      }
+    }
+  }
+}
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java
index dd3976dd..e295d69a 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyConfiguration.java
@@ -22,8 +22,7 @@ public class DummyConfiguration implements IConfigurationWithSP {
 
   @Override
   public String getBasicConfiguration(final String key, final String defaultValue) {
-    // TODO Auto-generated method stub
-    return null;
+    return defaultValue;
   }
 
   @Override
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
index f5865067..b6f602d2 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
@@ -40,4 +40,13 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions
   String EID_ENCRYPTED_SOURCEID_TYPE_NAME = "urn:eidgvat:attributes.vsz.type";
   String EID_ENCRYPTED_SOURCEID_TYPE_FRIENDLY_NAME = "vSZ-Type";
 
+  String EID_EIDBIND_NAME = "urn:eidgvat:attributes.eidbind";
+  String EID_EIDBIND_FRIENDLY_NAME = "eidBind";
+
+  String EID_CONSENT_SIGNED_NAME = "urn:eidgvat:attributes.consent.signed";
+  String EID_CONSENT_SIGNED_FRIENDLY_NAME = "userConsent";
+
+  String EID_MIS_MANDATE_NAME = "urn:eidgvat:attributes.mis.mandate";
+  String EID_MIS_MANDATE_FRIENDLY_NAME = "mandate";
+
 }
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
index 60224ea6..6c7292ac 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
@@ -41,6 +41,13 @@ public interface IAuthProcessDataContainer {
   void setIssueInstant(String issueInstant);
 
   /**
+   * Sets the issuing time of the AUTH-Block SAML assertion.
+   *
+   * @param issueInstant The issueInstant to set.
+   */
+  void setIssueInstant(Date issueInstant);
+
+  /**
    * Indicate if the authentication process is finished.
    *
    * @return
@@ -142,7 +149,7 @@ public interface IAuthProcessDataContainer {
 
   /**
    * Get Timestamp when session was created.
-   * 
+   *
    * @return the sessionCreated
    */
   Date getSessionCreated();
@@ -178,4 +185,5 @@ public interface IAuthProcessDataContainer {
    *                              to generic session-data storage
    */
   void setGenericDataToSession(String key, Object object) throws EaafStorageException;
+
 }
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 5936e106..f69efd49 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -68,8 +68,9 @@ public class EaafKeyStoreFactory {
    * Get a new KeyStore based on a KeyStore configuration-object.
    *
    * @param config KeyStore configuration
-   * @return {@link Pair} of a new KeyStore instance and an optional {@link Provider}. If the {@link Provider}
-   *     is not <code>null</code> this {@link KeyStore} requires a specific {@link Provider} for {@link Key} operations.
+   * @return {@link Pair} of a new {@link KeyStore} instance and an optional {@link Provider}.
+   *     The {@link KeyStore} is {@link Nonnull}. If the {@link Provider} is not <code>null</code>
+   *     this {@link KeyStore} requires a specific {@link Provider} for {@link Key} operations.
    * @throws EaafException In case of a KeyStore initialization error
    */
   @Nonnull
diff --git a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
index 7568f423..ab631e34 100644
--- a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
+++ b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
@@ -10,11 +10,13 @@
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
     http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" >
         
+  <bean id="eaafHttpClientFactory"
+        class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />        
+        
   <bean id="eaafKeyStoreFactory"
         class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" />
 
   <bean id="eaafUtilsMessageSource"
         class="at.gv.egiz.eaaf.core.impl.logging.EaafUtilsMessageSource" />
-
  
 </beans>
\ No newline at end of file
diff --git a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt
index 37fdc389..01be3821 100644
--- a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt
+++ b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt
@@ -1,20 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy
-b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE
-cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw
-FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F
-FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv
-0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX
-hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp
-jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX
-GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB
-LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E
-FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t
-EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W
-s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m
-pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG
-ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN
-dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4
+MIIBdDCCARqgAwIBAgIEXkz1yjAKBggqhkjOPQQDAjARMQ8wDQYDVQQDDAZlY3Jv
+b3QwHhcNMjAwMjE5MDg0NjAyWhcNMjEwMjE4MDg0NjAyWjARMQ8wDQYDVQQDDAZl
+Y3Jvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS8yvpVIWbPj4E7Lr87hwQR
+T9DZf9WY5LMV7gF6NKpnJ5JkEql/s7fqBVbrh8aSNo6gmfmSk4VYGhPJ+DCMzzQj
+o2AwXjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFOXafzYpIOlu6BgNU+Ee
+JWuJobgWMB0GA1UdDgQWBBTl2n82KSDpbugYDVPhHiVriaG4FjALBgNVHQ8EBAMC
+AQYwCgYIKoZIzj0EAwIDSAAwRQIgRt/51PKL/bATuLCdib95Ika+h845Jo0G+Sbn
+bzNwJAcCIQCVD1cxEBuUkKaiaLbTiNVsEjvQb6ti0TFbbQUH66jCGA==
 -----END CERTIFICATE-----
- 
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvp2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvp2BasicConfiguration.java
index 3e321c21..a54eb0b8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvp2BasicConfiguration.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvp2BasicConfiguration.java
@@ -24,6 +24,7 @@ import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 
 import org.opensaml.saml.saml2.metadata.ContactPerson;
@@ -95,4 +96,14 @@ public interface IPvp2BasicConfiguration {
   @Nonnull
   Organization getIdpOrganisation() throws EaafException;
 
+  /**
+   * Get the basic {@link IConfiguration} object that was
+   * used to generate this {@link IPvp2BasicConfiguration}.
+   *
+   * @return Basic application configuration
+   */
+  @Nonnull
+  IConfiguration getBasicConfiguration();
+
+
 }
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java
index 1af8db7b..2f058af8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java
@@ -19,6 +19,9 @@
 
 package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
 
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
 import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 
@@ -26,6 +29,14 @@ import net.shibboleth.utilities.java.support.resolver.ResolverException;
 
 public interface IPvp2MetadataProvider extends ExtendedRefreshableMetadataResolver {
 
-  EntityDescriptor getEntityDescriptor(String entityID) throws ResolverException;
+  /**
+   * Get a SAML2 EntityDescriptor with an EntityId from metadata provider.
+   *
+   * @param entityID Unique EntityId of the application
+   * @return SAML2 {@link EntityDescriptor}
+   * @throws ResolverException In case of an internal resolver error.
+   */
+  @Nullable
+  EntityDescriptor getEntityDescriptor(@Nonnull String entityID) throws ResolverException;
 
 }
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index 902f84c7..40448b45 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -33,6 +33,13 @@ import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.naming.ConfigurationException;
 
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+
 import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
 import org.opensaml.core.criterion.EntityIdCriterion;
@@ -43,12 +50,6 @@ import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
 import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
 import lombok.extern.slf4j.Slf4j;
 import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
 import net.shibboleth.utilities.java.support.component.IdentifiedComponent;
@@ -486,6 +487,7 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
 
   }
 
+  @Nullable
   private EntityDescriptor internalResolveSingle(@Nullable final CriteriaSet criteria)
       throws ResolverException {
     for (final MetadataResolver resolver : internalResolvers) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
index c476846b..5059b1fb 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
@@ -413,8 +413,8 @@ public class Saml2Utils {
    * @param value      Attribute value
    * @return
    */
-  public static EaafRequestedAttribute generateReqAuthnAttributeSimple(final Attribute attr,
-      final boolean isRequired, final String value) {
+  public static EaafRequestedAttribute generateReqAuthnAttributeSimple(
+      final Attribute attr, final boolean isRequired, final String value) {
     final EaafRequestedAttribute requested =
         Saml2Utils.createSamlObject(EaafRequestedAttribute.class);
     requested.setName(attr.getName());
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
index 1994eba0..b9e0c37f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
@@ -39,10 +39,19 @@ public class SchemaValidationFilter implements MetadataFilter {
 
   private static SAMLSchemaBuilder schemaBuilder = new SAMLSchemaBuilder(SAML1Version.SAML_11);
 
+  /**
+   * XML Schema validation filter for SAML2 metadata.
+   * <p>Schemavalidation is active by default</p>
+   */
   public SchemaValidationFilter() {
 
   }
 
+  /**
+   * XML Schema validation filter for SAML2 metadata.
+   *
+   * @param useSchemaValidation <code>true</code> XML schema validation is active, otherwise <code>false</code>
+   */
   public SchemaValidationFilter(final boolean useSchemaValidation) {
     this.isActive = useSchemaValidation;
   }
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
index a2b52fbc..72cf9677 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
@@ -28,4 +28,7 @@
   <bean id="PvpSoapBinding"
         class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding" />
 
+  <bean id="samlVerificationEngine"
+        class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine" />
+
 </beans>
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
index 3ba4c962..5690038c 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
@@ -30,7 +30,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({
     "/spring/test_eaaf_core_map_config.beans.xml",
-    "/spring/SpringTest-context_lazy.xml"
+    "/spring/SpringTest-context_lazy.xml",
+    "/spring/eaaf_utils.beans.xml"
   })
 public class CredentialProviderTest {
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
index cc15df90..b94ed8cc 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
@@ -16,7 +16,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-"/spring/test_eaaf_core_spring_config.beans.xml" })
+"/spring/test_eaaf_core_spring_config.beans.xml",
+"/spring/eaaf_utils.beans.xml" })
 @TestPropertySource(locations = { "/config/config_1.props" })
 public class PvpCoreMessageSourceTest {
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
index bc0084f7..64bfb8f6 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
@@ -40,7 +40,8 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-    "/spring/test_eaaf_core_spring_config.beans.xml" })
+    "/spring/test_eaaf_core_spring_config.beans.xml",
+    "/spring/eaaf_utils.beans.xml" })
 @TestPropertySource(locations = { "/config/config_1.props" })
 public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
index 95f63003..5b06a73f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
@@ -12,7 +12,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-    "/spring/test_eaaf_core_spring_config.beans.xml" })
+    "/spring/test_eaaf_core_spring_config.beans.xml",
+    "/spring/eaaf_utils.beans.xml" })
 @TestPropertySource(locations = { "/config/config_3.props" })
 public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine {
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index 8833202a..147199a5 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -9,6 +9,33 @@ import java.util.Map;
 
 import javax.xml.parsers.ParserConfigurationException;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
+
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.joda.time.DateTime;
@@ -42,32 +69,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
 import net.shibboleth.utilities.java.support.net.URIComparator;
 import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -77,7 +78,8 @@ import okhttp3.mockwebserver.MockWebServer;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml",
-    "/spring/test_eaaf_core_spring_config.beans.xml"})
+    "/spring/test_eaaf_core_spring_config.beans.xml",
+    "/spring/eaaf_utils.beans.xml"})
 @TestPropertySource(locations = {"/config/config_1.props"})
 public class PostBindingTest {
 
@@ -162,7 +164,7 @@ public class PostBindingTest {
     }
 
   }
-  
+
   @Test
   public void decodeRequestWrongEndpoint() throws MessageDecodingException, SecurityException,
       IOException, Pvp2MetadataException {
@@ -363,13 +365,13 @@ public class PostBindingTest {
         XMLObjectProviderRegistrySupport.getParserPool(),
         PostBindingTest.class.getResourceAsStream("/data/eIDAS_connector_authn.xml"));
     authnReq.setIssueInstant(DateTime.now());
-    Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
     issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/");
     authnReq.setIssuer(issuer);
-    
-    RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);
-    Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn);
-    final String b64AuthnReq = 
+
+    final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);
+    final Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn);
+    final String b64AuthnReq =
         Base64.getEncoder().encodeToString(SerializeSupport.nodeToString(signedElement).getBytes("UTF-8"));
     httpReq.setMethod("POST");
     httpReq.addParameter("SAMLRequest", b64AuthnReq);
@@ -391,35 +393,35 @@ public class PostBindingTest {
     Assert.assertNotNull("EntityId is null", msg.getEntityID());
     Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
     Assert.assertTrue("Wrong isVerified flag", msg.isVerified());
-    
+
     org.springframework.util.Assert.isInstanceOf(PvpSProfileRequest.class, msg, "Inbound message is of wrong type");
-    org.springframework.util.Assert.isInstanceOf(AuthnRequest.class, ((PvpSProfileRequest)msg).getSamlRequest(), 
+    org.springframework.util.Assert.isInstanceOf(AuthnRequest.class, ((PvpSProfileRequest)msg).getSamlRequest(),
         "Inbound message is of wrong type");
-    
-    AuthnRequest parsedAuthnReq = (AuthnRequest)((PvpSProfileRequest)msg).getSamlRequest();
+
+    final AuthnRequest parsedAuthnReq = (AuthnRequest)((PvpSProfileRequest)msg).getSamlRequest();
     Assert.assertNotNull("No extension", parsedAuthnReq.getExtensions());
     Assert.assertNotNull("No extension child", parsedAuthnReq.getExtensions().getUnknownXMLObjects());
     Assert.assertEquals("extension child size", 1, parsedAuthnReq.getExtensions().getUnknownXMLObjects().size());
-    
-    XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0);
+
+    final XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0);
     org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type");
-    EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs;
+    final EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs;
     Assert.assertNotNull("Req attr is null", eaafReqAttrs.getAttributes());
     Assert.assertFalse("Req attr is empty", eaafReqAttrs.getAttributes().isEmpty());
     Assert.assertEquals("Req attr size", 1, eaafReqAttrs.getAttributes().size());
-    
-    EaafRequestedAttribute eaafReqAttr = eaafReqAttrs.getAttributes().get(0);
+
+    final EaafRequestedAttribute eaafReqAttr = eaafReqAttrs.getAttributes().get(0);
     Assert.assertNotNull("Req Attibute is null", eaafReqAttr);
     Assert.assertEquals("Req. Attr. Friendlyname", "EID-SECTOR-FOR-IDENTIFIER", eaafReqAttr.getFriendlyName());
     Assert.assertEquals("Req. Attr. Name", "urn:oid:1.2.40.0.10.2.1.1.261.34", eaafReqAttr.getName());
-    
+
     Assert.assertEquals("Req. Attr. Value size", 1,  eaafReqAttr.getAttributeValues().size());
-    org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0), 
+    org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0),
         "Wrong requested Attributes Value type");
     Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF",  ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue());
-    
+
   }
-  
+
   @Test
   public void decodeRequestSuccessWithoutRelayStateEcdsaSig() throws MessageDecodingException, SecurityException,
       IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException {
@@ -446,13 +448,13 @@ public class PostBindingTest {
     Assert.assertNotNull("EntityId is null", msg.getEntityID());
     Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
     Assert.assertTrue("Wrong isVerified flag", msg.isVerified());
-    
+
     //check if reconstraction from serialized form work well
     ((InboundMessage)msg).setSamlMessage(null);
     try {
       Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
-      
-    } catch (RuntimeException e) { }
+
+    } catch (final RuntimeException e) { }
 
   }
 
@@ -480,7 +482,7 @@ public class PostBindingTest {
     Assert.assertNotNull("EntityId is null", msg.getEntityID());
     Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
     Assert.assertTrue("Wrong isVerified flag", msg.isVerified());
-    
+
     org.springframework.util.Assert.isInstanceOf(PvpSProfileResponse.class, msg, "Inbound message is of wrong type");
 
   }
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
index 408729e3..37e4acd1 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
@@ -5,6 +5,25 @@ import java.net.URLDecoder;
 
 import javax.xml.parsers.ParserConfigurationException;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
+
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.joda.time.DateTime;
@@ -29,24 +48,6 @@ import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.xml.sax.SAXException;
 
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
 import net.shibboleth.utilities.java.support.net.URIComparator;
 import net.shibboleth.utilities.java.support.net.URISupport;
 import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -56,7 +57,8 @@ import okhttp3.mockwebserver.MockWebServer;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-    "/spring/test_eaaf_core_spring_config.beans.xml" })
+    "/spring/test_eaaf_core_spring_config.beans.xml",
+    "/spring/eaaf_utils.beans.xml" })
 @TestPropertySource(locations = { "/config/config_1.props" })
 public class RedirectBindingTest {
 
@@ -167,7 +169,7 @@ public class RedirectBindingTest {
 
     }
   }
-  
+
   @Test
   public void wrongRedirectBindingType() throws MessageDecodingException,
       SecurityException, IOException, Pvp2MetadataException {
@@ -211,7 +213,7 @@ public class RedirectBindingTest {
 
     }
   }
-  
+
   @Test
   public void decodeRequestNoSignature() throws MessageDecodingException,
       SecurityException, IOException, Pvp2MetadataException {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
index b43f6a3e..f3a7e01d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
@@ -45,7 +45,8 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml",
-    "/spring/test_eaaf_core_spring_config.beans.xml"})
+    "/spring/test_eaaf_core_spring_config.beans.xml",
+    "/spring/eaaf_utils.beans.xml"})
 @TestPropertySource(locations = {"/config/config_1.props"})
 public class SoapBindingTest {
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
index 8e00068f..6abe52dc 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
@@ -36,7 +36,8 @@ import okhttp3.mockwebserver.MockWebServer;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-    "/spring/test_eaaf_core_spring_config.beans.xml" })
+    "/spring/test_eaaf_core_spring_config.beans.xml",
+    "/spring/eaaf_utils.beans.xml" })
 @TestPropertySource(locations = { "/config/config_1.props" })
 public class ChainingMetadataTest {
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index 6cf81d2b..0f8817a0 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -14,6 +14,15 @@ import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactoryConfigurationError;
 
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -41,14 +50,6 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
 import net.shibboleth.utilities.java.support.xml.XMLParserException;
 
 
@@ -57,7 +58,8 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-    "/spring/test_eaaf_core_spring_config.beans.xml" })
+    "/spring/test_eaaf_core_spring_config.beans.xml",
+    "/spring/eaaf_utils.beans.xml" })
 @TestPropertySource(locations = { "/config/config_1.props" })
 public class MetadataBuilderTest {
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
index bcdeb765..accdd8b0 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
@@ -79,7 +79,8 @@ import okhttp3.mockwebserver.MockWebServer;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-    "/spring/test_eaaf_core_spring_config.beans.xml" })
+    "/spring/test_eaaf_core_spring_config.beans.xml",
+    "/spring/eaaf_utils.beans.xml" })
 @TestPropertySource(locations = { "/config/config_1.props" })
 public class MetadataResolverTest {
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt
index 37fdc389..01be3821 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt
@@ -1,20 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy
-b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE
-cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw
-FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F
-FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv
-0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX
-hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp
-jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX
-GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB
-LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E
-FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t
-EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W
-s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m
-pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG
-ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN
-dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4
+MIIBdDCCARqgAwIBAgIEXkz1yjAKBggqhkjOPQQDAjARMQ8wDQYDVQQDDAZlY3Jv
+b3QwHhcNMjAwMjE5MDg0NjAyWhcNMjEwMjE4MDg0NjAyWjARMQ8wDQYDVQQDDAZl
+Y3Jvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS8yvpVIWbPj4E7Lr87hwQR
+T9DZf9WY5LMV7gF6NKpnJ5JkEql/s7fqBVbrh8aSNo6gmfmSk4VYGhPJ+DCMzzQj
+o2AwXjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFOXafzYpIOlu6BgNU+Ee
+JWuJobgWMB0GA1UdDgQWBBTl2n82KSDpbugYDVPhHiVriaG4FjALBgNVHQ8EBAMC
+AQYwCgYIKoZIzj0EAwIDSAAwRQIgRt/51PKL/bATuLCdib95Ika+h845Jo0G+Sbn
+bzNwJAcCIQCVD1cxEBuUkKaiaLbTiNVsEjvQb6ti0TFbbQUH66jCGA==
 -----END CERTIFICATE-----
- 
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml
index 67eed2ac..7ccd5484 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml
@@ -67,20 +67,23 @@ ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L
                 </ds:X509Certificate>
 				</ds:X509Data>
                 <ds:X509Data>
-                  <ds:X509Certificate>MIIDEzCCArqgAwIBAgIIHL62SBANl8QwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwYS2V5c3RvcmVC
-YWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxNzEyMzMxNloXDTIwMDUxNzExMzMxNlowMjEdMBsGA1UE
-AwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNVBAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEAtVRK3ocL1aqCO+Q0OELikVbEU6tOsXGg1HCWr07YdTsu/qoRCVrB
-THF6xqgtFjBVGWkg5kFS7853Lg3peSO1K63RzXWldcgUUM8o9zTybbBI74eXcK8pug1LLAkytQ1i
-I6w166am8eoG/vTrc+TIFCDm+pyzmGcl5K8c8Gnm0k41vsMViEFgy6Oq9glts8eEUCOF3ZnL8rIv
-w4hjrGsQ+8iZPZEEuMj+rZ2iLI9bjWv6xmNKWTLSO9dm7d2kTNGLQST0XFJkmFDXjQ1jXApXkGlp
-i8igWCX3CU8jSuPLdCQ4VU/Pqr/J4uzBWBsv01vs4aqyLVZTGs23xUjJ+9I9fmn1VIfhuh6zGHq+
-jfjBfD6FhndNoPiMEpJT34h39rtF14GOlhb/I1OGjxIyMQGvT7up7p3AlPC7Lz2ylWrVWojR/cAE
-umzS6zWgRW9zmVIgC7j48EmMjkapyUWVBR7FkfdodedzSPNETRdWXr7WulSBjjj82AWmwuoDrSZd
-330g7FUZHd0D1JFUkLXOgZ1SmyFXds7fTiJGzk4XdYiS8MD07pokNDhZ7FHFGSoTHB8u4fvG2r0u
-6tvLRBRkv/3wzDcTcPbEa9Z1JQ3Qh+/aJQmaQMMnE9m4msW4GqTGBoshss8FW1EvUi7JAh4EvXJJ
-bhNQmfwU5wBD6WbPsURo7i0CAwEAATAKBggqhkjOPQQDAgNHADBEAiAyb9SMaC7U/HY//YcfjcR0
-j0/DL+9ckFNMvdw0IUq3yAIgEtWkYQrh5Oog7DmVJv0z/C1qPzcjfzDwJI4AlF7IfO4=</ds:X509Certificate>
+                  <ds:X509Certificate>MIIDFDCCArqgAwIBAgIIFy4Oe7D+zq8wCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwY
+S2V5c3RvcmVCYWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxOTE0MDMxNVoXDTIwMDUx
+OTEzMDMxNVowMjEdMBsGA1UEAwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNV
+BAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtE1v
+1J54suM3VR17mTO5OKrCBeDP6a2dQswhMmUNO6i1l4eXNbtBvMj7k0mnc4yLLZxQ
+P0cosjT1kNkOvSNCQcSI+869EOdU4QDCreGLss9a84ZNf/X3ioq/2PYTLOJSMkDQ
+qLMHUVawwPYw+ZyUHaY7G0AwX5Gj1gMadfWVMDPAo5OT9WntpqG1850yO0aUMBaF
+GSE9RrWVmL1+d2qHqh/pAwq6DQEtbKCl18t1zQfLZvumnQfF930KB2IkLaq6wRTW
+IRdwte20PfVmEloAOdegXqUX59rkq6+5CaXfIsN+4Vkb12n2ArZwI/EFjgRdtGYj
+CmuySDorynSHrCO934/LHjZtdJPFbg5/4CTXpI1aInum4uqDuq6xoL+ns4hk8kkD
+9H9Pj5MYyjUc51+450ylOwLmGkqNDJBh3ecnH76NIoKviR3KlBaj0bSlnoV5Kl8H
+bfnXQD98BH+YLeULrD3XWVjirOWPdfdNKcInpuXrdTZ/GvyGL5T/63mtEWiWysfP
+Gw4+9AlWNXpyLviaHfxTpC6T76qYHKHd4eltRLubrgL8gHZrJwHio98kKfVMS3Oy
+qHAEWBSWv+LveARn0RF4jlcPIL3gclrU9jxF4k5Btvdax3+if1MWVAZ9ML5263ug
+Qr11Pkbko09VqppyM484/o+mJihTWyucKdVONw8CAwEAATAKBggqhkjOPQQDAgNI
+ADBFAiBJSZqfI1kmJGy8/tRut7h2YbZWNeUA+gmFX+wJxu9ePwIhALgjht8La4AZ
+/r3t33clJW8tGRMiA8cBbxm3Ox0y7DyP</ds:X509Certificate>
                 </ds:X509Data>
 			</ds:KeyInfo>
 		</md:KeyDescriptor>
@@ -162,20 +165,23 @@ ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L
                 </ds:X509Certificate>
 				</ds:X509Data>
         <ds:X509Data>
-                  <ds:X509Certificate>MIIDEzCCArqgAwIBAgIIHL62SBANl8QwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwYS2V5c3RvcmVC
-YWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxNzEyMzMxNloXDTIwMDUxNzExMzMxNlowMjEdMBsGA1UE
-AwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNVBAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEAtVRK3ocL1aqCO+Q0OELikVbEU6tOsXGg1HCWr07YdTsu/qoRCVrB
-THF6xqgtFjBVGWkg5kFS7853Lg3peSO1K63RzXWldcgUUM8o9zTybbBI74eXcK8pug1LLAkytQ1i
-I6w166am8eoG/vTrc+TIFCDm+pyzmGcl5K8c8Gnm0k41vsMViEFgy6Oq9glts8eEUCOF3ZnL8rIv
-w4hjrGsQ+8iZPZEEuMj+rZ2iLI9bjWv6xmNKWTLSO9dm7d2kTNGLQST0XFJkmFDXjQ1jXApXkGlp
-i8igWCX3CU8jSuPLdCQ4VU/Pqr/J4uzBWBsv01vs4aqyLVZTGs23xUjJ+9I9fmn1VIfhuh6zGHq+
-jfjBfD6FhndNoPiMEpJT34h39rtF14GOlhb/I1OGjxIyMQGvT7up7p3AlPC7Lz2ylWrVWojR/cAE
-umzS6zWgRW9zmVIgC7j48EmMjkapyUWVBR7FkfdodedzSPNETRdWXr7WulSBjjj82AWmwuoDrSZd
-330g7FUZHd0D1JFUkLXOgZ1SmyFXds7fTiJGzk4XdYiS8MD07pokNDhZ7FHFGSoTHB8u4fvG2r0u
-6tvLRBRkv/3wzDcTcPbEa9Z1JQ3Qh+/aJQmaQMMnE9m4msW4GqTGBoshss8FW1EvUi7JAh4EvXJJ
-bhNQmfwU5wBD6WbPsURo7i0CAwEAATAKBggqhkjOPQQDAgNHADBEAiAyb9SMaC7U/HY//YcfjcR0
-j0/DL+9ckFNMvdw0IUq3yAIgEtWkYQrh5Oog7DmVJv0z/C1qPzcjfzDwJI4AlF7IfO4=</ds:X509Certificate>
+                  <ds:X509Certificate>MIIDFDCCArqgAwIBAgIIFy4Oe7D+zq8wCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwY
+S2V5c3RvcmVCYWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxOTE0MDMxNVoXDTIwMDUx
+OTEzMDMxNVowMjEdMBsGA1UEAwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNV
+BAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtE1v
+1J54suM3VR17mTO5OKrCBeDP6a2dQswhMmUNO6i1l4eXNbtBvMj7k0mnc4yLLZxQ
+P0cosjT1kNkOvSNCQcSI+869EOdU4QDCreGLss9a84ZNf/X3ioq/2PYTLOJSMkDQ
+qLMHUVawwPYw+ZyUHaY7G0AwX5Gj1gMadfWVMDPAo5OT9WntpqG1850yO0aUMBaF
+GSE9RrWVmL1+d2qHqh/pAwq6DQEtbKCl18t1zQfLZvumnQfF930KB2IkLaq6wRTW
+IRdwte20PfVmEloAOdegXqUX59rkq6+5CaXfIsN+4Vkb12n2ArZwI/EFjgRdtGYj
+CmuySDorynSHrCO934/LHjZtdJPFbg5/4CTXpI1aInum4uqDuq6xoL+ns4hk8kkD
+9H9Pj5MYyjUc51+450ylOwLmGkqNDJBh3ecnH76NIoKviR3KlBaj0bSlnoV5Kl8H
+bfnXQD98BH+YLeULrD3XWVjirOWPdfdNKcInpuXrdTZ/GvyGL5T/63mtEWiWysfP
+Gw4+9AlWNXpyLviaHfxTpC6T76qYHKHd4eltRLubrgL8gHZrJwHio98kKfVMS3Oy
+qHAEWBSWv+LveARn0RF4jlcPIL3gclrU9jxF4k5Btvdax3+if1MWVAZ9ML5263ug
+Qr11Pkbko09VqppyM484/o+mJihTWyucKdVONw8CAwEAATAKBggqhkjOPQQDAgNI
+ADBFAiBJSZqfI1kmJGy8/tRut7h2YbZWNeUA+gmFX+wJxu9ePwIhALgjht8La4AZ
+/r3t33clJW8tGRMiA8cBbxm3Ox0y7DyP</ds:X509Certificate>
                 </ds:X509Data>
 			</ds:KeyInfo>
 		</md:KeyDescriptor>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
index 5e3f0b9b..0c421356 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -10,16 +10,12 @@
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
     http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
 
+  <!-- import resource="classpath:/spring/eaaf_utils.beans.xml" /-->
+
   <bean id="dummyVelocityGuiBuilder"
         class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyVelocityGuiFormBuilder" />
 
   <bean id="dummyGuiBuilderConfigFactory"
         class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
   
-  <bean id="httpClientFactory"
-        class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
-
-  <bean id="eaafKeyStoreFactory"
-        class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" />
-
 </beans>
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/dummy/DummyPvpConfiguration.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/dummy/DummyPvpConfiguration.java
index d9cb251c..c5fc0f13 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/dummy/DummyPvpConfiguration.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/dummy/DummyPvpConfiguration.java
@@ -2,14 +2,18 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.test.dummy;
 
 import java.util.List;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
 
 import org.opensaml.saml.saml2.metadata.ContactPerson;
 import org.opensaml.saml.saml2.metadata.Organization;
+import org.springframework.beans.factory.annotation.Autowired;
 
 public class DummyPvpConfiguration implements IPvp2BasicConfiguration {
 
+  @Autowired private IConfiguration basicConfig;
+
   @Override
   public String getIdpEntityId(String authUrl) throws EaafException {
     return authUrl + "/idp";
@@ -40,4 +44,9 @@ public class DummyPvpConfiguration implements IPvp2BasicConfiguration {
     return null;
   }
 
+  @Override
+  public IConfiguration getBasicConfiguration() {
+    return basicConfig;
+  }
+
 }
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
index 53d9d9e8..b12a5913 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
@@ -28,6 +28,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
 import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
 
@@ -52,14 +53,19 @@ public class AssertionAttributeExtractor {
   private final Map<String, List<String>> attributs = new HashMap<>();
   // private PersonalAttributeList storkAttributes = new PersonalAttributeList();
 
+  @Deprecated
   private final List<String> minimalMdsAttributeNamesList =
       Arrays.asList(PvpConstants.PRINCIPAL_NAME_NAME, PvpConstants.GIVEN_NAME_NAME,
           PvpConstants.BIRTHDATE_NAME, PvpConstants.BPK_NAME);
 
+  @Deprecated
   private final List<String> minimalIdlAttributeNamesList =
       Arrays.asList(PvpConstants.EID_IDENTITY_LINK_NAME, PvpConstants.EID_SOURCE_PIN_NAME,
           PvpConstants.EID_SOURCE_PIN_TYPE_NAME);
 
+  private final List<String> minimalEidAttributeNamesList =
+      Arrays.asList(ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME);
+
   /**
    * Parse the SAML2 Response element and extracts included information. <br>
    * <br>
@@ -128,8 +134,9 @@ public class AssertionAttributeExtractor {
    * @return
    */
   public boolean containsAllRequiredAttributes() {
-    return containsAllRequiredAttributes(minimalMdsAttributeNamesList)
-        || containsAllRequiredAttributes(minimalIdlAttributeNamesList);
+    return containsAllRequiredAttributes(minimalEidAttributeNamesList)
+        || containsAllRequiredAttributes(minimalIdlAttributeNamesList)
+        || containsAllRequiredAttributes(minimalMdsAttributeNamesList);
 
   }
 
@@ -300,6 +307,25 @@ public class AssertionAttributeExtractor {
   }
 
   /**
+   * Get the Assertion issuing date.
+   *
+   * <p>
+   * This method returns value of SAML 'Conditions' element.
+   * </p>
+   *
+   * @return Date, when the SAML2 assertion was issued, otherwise null
+   */
+  public Date getAssertionIssuingDate() {
+    try {
+      return getFullAssertion().getIssueInstant().toDate();
+
+    } catch (final NullPointerException e) {
+      return null;
+
+    }
+  }
+
+  /**
    * Get the Assertion validFrom period.
    *
    * <p>
@@ -316,7 +342,6 @@ public class AssertionAttributeExtractor {
       return null;
 
     }
-
   }
 
   private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {