add more jUnit test

5 files changed, 456 insertions, 87 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/Pvp2SProfileCoreSpringResourceProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/Pvp2SProfileCoreSpringResourceProviderTest.java
new file mode 100644
index 00000000..67c59dec
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/Pvp2SProfileCoreSpringResourceProviderTest.java
@@ -0,0 +1,56 @@
+package at.gv.egiz.eaaf.modules.pvp2.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.eaaf.core.test.TestConstants;
+import at.gv.egiz.eaaf.modules.pvp2.Pvp2SProfileCoreSpringResourceProvider;
+
+
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class Pvp2SProfileCoreSpringResourceProviderTest {
+
+  @Test
+  public void testSpringConfig() {
+    final Pvp2SProfileCoreSpringResourceProvider test =
+        new Pvp2SProfileCoreSpringResourceProvider();
+    for (final Resource el : test.getResourcesToLoad()) {
+      try {
+        IOUtils.toByteArray(el.getInputStream());
+
+      } catch (final IOException e) {
+        Assert.fail("Ressouce: " + el.getFilename() + " not found");
+      }
+
+    }
+
+    Assert.assertNotNull("no Name", test.getName());
+    Assert.assertNull("Find package definitions", test.getPackagesToScan());
+
+  }
+
+  @Test
+  public void testSpILoaderConfig() {
+    final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH);
+    try {
+      final String spiFile = IOUtils.toString(el, "UTF-8");
+
+      Assert.assertEquals("Wrong classpath in SPI file",
+          Pvp2SProfileCoreSpringResourceProvider.class.getName(), spiFile);
+
+
+    } catch (final IOException e) {
+      Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found");
+
+    }
+  }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
new file mode 100644
index 00000000..44cdf111
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
@@ -0,0 +1,147 @@
+package at.gv.egiz.eaaf.modules.pvp2.test;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.QaaLevelVerifier;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class QaaLevelVerifierTest {
+
+  QaaLevelVerifier verifyer = new QaaLevelVerifier();
+  
+  @Test
+  public void matchingModeUnknown() {
+    String matchingMode = "notExist";
+    List<String> requiredLoAs = Arrays.asList(EaafConstants.EIDAS_LOA_SUBSTANTIAL);
+   
+    try {
+      QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+      
+    } catch (QaaNotAllowedException e) {
+      
+    }
+    
+    try {
+      QaaLevelVerifier.verifyQaaLevel("not_exist", requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+      
+    } catch (QaaNotAllowedException e) {
+      
+    }
+    
+  }
+  
+  @Test
+  public void matchingMinimumRequiredLow() throws QaaNotAllowedException {
+    String matchingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
+    List<String> requiredLoAs = Arrays.asList(EaafConstants.EIDAS_LOA_LOW);
+   
+    QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode);
+    QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode);
+    QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode);
+    
+    try {
+      QaaLevelVerifier.verifyQaaLevel("not_exist", requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+      
+    } catch (QaaNotAllowedException e) {
+      
+    }
+    
+  }
+  
+  @Test
+  public void matchingMinimumRequiredSubstantial() throws QaaNotAllowedException {
+    String matchingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
+    List<String> requiredLoAs = Arrays.asList(EaafConstants.EIDAS_LOA_SUBSTANTIAL);
+   
+    try {
+      QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+      
+    } catch (QaaNotAllowedException e) {
+      
+    }
+    
+    QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode);
+    QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode);
+    
+    try {
+      QaaLevelVerifier.verifyQaaLevel("not_exist", requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+      
+    } catch (QaaNotAllowedException e) {
+      
+    }
+    
+  }
+  
+  @Test
+  public void matchingMinimumRequiredHigh() throws QaaNotAllowedException {
+    String matchingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
+    List<String> requiredLoAs = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH);
+   
+    try {
+      QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+      
+    } catch (QaaNotAllowedException e) {
+      
+    }
+    
+    try {
+      QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+    
+    } catch (QaaNotAllowedException e) {
+      
+    }
+    
+    QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode);
+    
+    try {
+      QaaLevelVerifier.verifyQaaLevel("not_exist", requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+      
+    } catch (QaaNotAllowedException e) {
+      
+    }
+    
+  }
+  
+  @Test
+  public void matchingExact1() throws QaaNotAllowedException {
+    String matchingMode = EaafConstants.EIDAS_LOA_MATCHING_EXACT;
+    List<String> requiredLoAs = Arrays.asList(EaafConstants.EIDAS_LOA_SUBSTANTIAL, EaafConstants.EIDAS_LOA_LOW);
+   
+    try {
+      QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+      
+    } catch (QaaNotAllowedException e) {
+      
+    }
+        
+    QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode);
+    QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode);
+    
+    try {
+      QaaLevelVerifier.verifyQaaLevel("not_exist", requiredLoAs, matchingMode);
+      Assert.fail("LoA should not be allowed");
+      
+    } catch (QaaNotAllowedException e) {
+      
+    }
+    
+  }
+  
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index 76dba510..8833202a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -9,27 +9,6 @@ import java.util.Map;
 
 import javax.xml.parsers.ParserConfigurationException;
 
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
-
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.joda.time.DateTime;
@@ -38,14 +17,19 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.opensaml.core.xml.XMLObject;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
 import org.opensaml.core.xml.io.Unmarshaller;
 import org.opensaml.core.xml.io.UnmarshallerFactory;
 import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.schema.XSString;
 import org.opensaml.core.xml.util.XMLObjectSupport;
 import org.opensaml.messaging.decoder.MessageDecodingException;
 import org.opensaml.messaging.encoder.MessageEncodingException;
 import org.opensaml.saml.common.SignableSAMLObject;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
 import org.opensaml.saml.saml2.core.RequestAbstractType;
 import org.opensaml.saml.saml2.core.StatusResponseType;
 import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
@@ -58,7 +42,34 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
 import net.shibboleth.utilities.java.support.net.URIComparator;
+import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 import net.shibboleth.utilities.java.support.xml.XMLParserException;
 import okhttp3.HttpUrl;
 import okhttp3.mockwebserver.MockResponse;
@@ -125,6 +136,34 @@ public class PostBindingTest {
   }
 
   @Test
+  public void wrongPostBindingEncoding() throws MessageDecodingException, SecurityException,
+      IOException, Pvp2MetadataException {
+    final String serviceUrl = "https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/post";
+
+    final IPvp2MetadataProvider metadataProvider =
+        metadataResolverFactory.createMetadataProvider(
+            "classpath:/data/pvp_metadata_wrong_sig.xml", null, "jUnit metadata resolver", null);
+
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.setParameter("SAMLEncoding", RandomStringUtils.randomAlphabetic(5));
+
+    try {
+      bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator);
+      Assert.fail("Missing signature not detected");
+
+    } catch (final Pvp2Exception e) {
+      Assert.assertEquals("Wrong errorCode", "internal.pvp.02", e.getErrorId());
+
+    }
+
+  }
+  
+  @Test
   public void decodeRequestWrongEndpoint() throws MessageDecodingException, SecurityException,
       IOException, Pvp2MetadataException {
     final String serviceUrl = "https://wrongEndpoint/pvp2/post";
@@ -315,6 +354,73 @@ public class PostBindingTest {
   }
 
   @Test
+  public void decodeRequestSuccessWithRequestAttributes() throws MessageDecodingException, SecurityException,
+      IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException {
+    final String serviceUrl = "https://eidas-test.bmi.gv.at/ms_connector/pvp/post";
+    final String relayState = RandomStringUtils.randomAlphanumeric(10);
+
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/eIDAS_connector_authn.xml"));
+    authnReq.setIssueInstant(DateTime.now());
+    Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+    issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/");
+    authnReq.setIssuer(issuer);
+    
+    RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);
+    Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn);
+    final String b64AuthnReq = 
+        Base64.getEncoder().encodeToString(SerializeSupport.nodeToString(signedElement).getBytes("UTF-8"));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.addParameter("RelayState", relayState);
+
+    final IPvp2MetadataProvider metadataProvider =
+        metadataResolverFactory.createMetadataProvider(
+            "classpath:/data/pvp_metadata_junit_keystore.xml", null, "jUnit metadata resolver", null);
+
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNotNull("RelayState is not null", msg.getRelayState());
+    Assert.assertEquals("RelayState not match", relayState, msg.getRelayState());
+    Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
+    Assert.assertTrue("Wrong isVerified flag", msg.isVerified());
+    
+    org.springframework.util.Assert.isInstanceOf(PvpSProfileRequest.class, msg, "Inbound message is of wrong type");
+    org.springframework.util.Assert.isInstanceOf(AuthnRequest.class, ((PvpSProfileRequest)msg).getSamlRequest(), 
+        "Inbound message is of wrong type");
+    
+    AuthnRequest parsedAuthnReq = (AuthnRequest)((PvpSProfileRequest)msg).getSamlRequest();
+    Assert.assertNotNull("No extension", parsedAuthnReq.getExtensions());
+    Assert.assertNotNull("No extension child", parsedAuthnReq.getExtensions().getUnknownXMLObjects());
+    Assert.assertEquals("extension child size", 1, parsedAuthnReq.getExtensions().getUnknownXMLObjects().size());
+    
+    XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0);
+    org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type");
+    EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs;
+    Assert.assertNotNull("Req attr is null", eaafReqAttrs.getAttributes());
+    Assert.assertFalse("Req attr is empty", eaafReqAttrs.getAttributes().isEmpty());
+    Assert.assertEquals("Req attr size", 1, eaafReqAttrs.getAttributes().size());
+    
+    EaafRequestedAttribute eaafReqAttr = eaafReqAttrs.getAttributes().get(0);
+    Assert.assertNotNull("Req Attibute is null", eaafReqAttr);
+    Assert.assertEquals("Req. Attr. Friendlyname", "EID-SECTOR-FOR-IDENTIFIER", eaafReqAttr.getFriendlyName());
+    Assert.assertEquals("Req. Attr. Name", "urn:oid:1.2.40.0.10.2.1.1.261.34", eaafReqAttr.getName());
+    
+    Assert.assertEquals("Req. Attr. Value size", 1,  eaafReqAttr.getAttributeValues().size());
+    org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0), 
+        "Wrong requested Attributes Value type");
+    Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF",  ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue());
+    
+  }
+  
+  @Test
   public void decodeRequestSuccessWithoutRelayStateEcdsaSig() throws MessageDecodingException, SecurityException,
       IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException {
     final String serviceUrl = "http://testservice.org";
@@ -340,6 +446,13 @@ public class PostBindingTest {
     Assert.assertNotNull("EntityId is null", msg.getEntityID());
     Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
     Assert.assertTrue("Wrong isVerified flag", msg.isVerified());
+    
+    //check if reconstraction from serialized form work well
+    ((InboundMessage)msg).setSamlMessage(null);
+    try {
+      Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+      
+    } catch (RuntimeException e) { }
 
   }
 
@@ -367,6 +480,8 @@ public class PostBindingTest {
     Assert.assertNotNull("EntityId is null", msg.getEntityID());
     Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
     Assert.assertTrue("Wrong isVerified flag", msg.isVerified());
+    
+    org.springframework.util.Assert.isInstanceOf(PvpSProfileResponse.class, msg, "Inbound message is of wrong type");
 
   }
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
index f85e5c2a..408729e3 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
@@ -2,36 +2,15 @@ package at.gv.egiz.eaaf.modules.pvp2.test.binding;
 
 import java.io.IOException;
 import java.net.URLDecoder;
-import java.util.Base64;
 
 import javax.xml.parsers.ParserConfigurationException;
 
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
-
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.joda.time.DateTime;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
@@ -50,6 +29,24 @@ import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
 import net.shibboleth.utilities.java.support.net.URIComparator;
 import net.shibboleth.utilities.java.support.net.URISupport;
 import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -129,6 +126,93 @@ public class RedirectBindingTest {
   }
 
   @Test
+  public void wrongHttpRequestMethod() throws MessageDecodingException,
+      SecurityException, IOException, Pvp2MetadataException {
+    final String serviceUrl = "http://testservice.org";
+
+    final IPvp2MetadataProvider metadataProvider =
+        metadataResolverFactory.createMetadataProvider(
+            "classpath:/data/pvp_metadata_wrong_sig.xml", null, "jUnit metadata resolver", null);
+
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    httpReq.setMethod("POST");
+    httpReq.setRequestURI("http://testservice.org");
+    httpReq.setQueryString("SAMLRequest=nVRNb9swDD13wP6DoXvkr%2FRjQuzCSFAgQDd0TbfDLoVi0642Wcok2kn766c4duABWw%"
+        + "2B%2BSdQj%2BfhIanF7qKXXgrFCq4SENCAeqFwXQlUJ%2BfZ0N7sht%2BnC8lpGO5Y1%2BKIe4XcDFj3nqCw7vSSkMYppboVli"
+        + "tdgGeZsk32%2BZxEN2M5o1LmWxMusBYMu1VIr29RgNmBakcNaFXBw6R0C0Yhtg3BCOBp%2FQxy%2FlcsuFMeO8Qvijvk%2BOps"
+        + "9Aak2FfHWq4Q8c4BtySHO4eomLCEuipyXURjzeVQGYRE7mLWNC22RK0xIFITzWRDPgsun4IrFn1gQ0evryx%2FE%2Bz4o5Oohv"
+        + "R6sczZjId7XgQ%2FVE%2B9Om5rj%2B%2FCjRRSzsoMyUCjwlaTHgq2ruIBaU6jEG61ayrG777RBLp%2BPR6krofyFP2Y68N402"
+        + "5%2BQ4xTi6ccPFxd9mC8Ot15NI9T7umiDpSd1nrUT4kFLkb96mZR6vzTAERKCpoEpCu6OPbTohCRThtc%2FU%2Bs3AIpuH9ygI"
+        + "hwm7cNYzXGspXSKP0I5qUP9Ruz3e2pRm1%2B00i2Fxne77ecCxRuor1l2Dy1Ifz6o%2F6%2Fso%2B78p%2Bb0%2FDz%2BGdI%2"
+        + "F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DOVMqh17xn4wl%2"
+        + "Byvifm4McMsBjKDVf1eqph9ss362ZEbp2nkAIXUzkNWv72I96iNK3r%2BYbAxY9dwZ8Z7jKzCGiJ9Qm34YSfPvzXWl3EVrdI86"
+        + "9U%2BH6HGIMqVew3cVdr4q3Qv9ZBIhdRxbrDu%2F%2BnMjdf8mzbgcQnfjSQiQIYWxOIXZFyxKsyrxJtIam4hoNwUT7mMN6Rjg"
+        + "zvyeS3mARsTJdcI0Vn4ItiprhLgIkD18V9WIdeSZR0gfRaFj8PKdmXCD%2FIa0cKgjhVKoiIZisV4vcthBOeDIqBORL2Ad3Xhc"
+        + "NRQ3%2BcpAf65zHGMBAv1aRy7Bmv0%2B%2BOvCavufykqI2EHtg%3D%3D");
+
+    httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter(
+        httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8"));
+    httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter(
+        httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()),
+        "UTF-8"));
+
+    try {
+      bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME,
+          comparator);
+      Assert.fail("Missing signature not detected");
+
+    } catch (final Pvp2Exception e) {
+      Assert.assertEquals("Wrong errorCode", "internal.pvp.95", e.getErrorId());
+
+    }
+  }
+  
+  @Test
+  public void wrongRedirectBindingType() throws MessageDecodingException,
+      SecurityException, IOException, Pvp2MetadataException {
+    final String serviceUrl = "http://testservice.org";
+
+    final IPvp2MetadataProvider metadataProvider =
+        metadataResolverFactory.createMetadataProvider(
+            "classpath:/data/pvp_metadata_wrong_sig.xml", null, "jUnit metadata resolver", null);
+
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    httpReq.setMethod("POST");
+    httpReq.setRequestURI("http://testservice.org");
+    httpReq.setQueryString("SAMLRequest=nVRNb9swDD13wP6DoXvkr%2FRjQuzCSFAgQDd0TbfDLoVi0642Wcok2kn766c4duABWw%"
+        + "2B%2BSdQj%2BfhIanF7qKXXgrFCq4SENCAeqFwXQlUJ%2BfZ0N7sht%2BnC8lpGO5Y1%2BKIe4XcDFj3nqCw7vSSkMYppboVli"
+        + "tdgGeZsk32%2BZxEN2M5o1LmWxMusBYMu1VIr29RgNmBakcNaFXBw6R0C0Yhtg3BCOBp%2FQxy%2FlcsuFMeO8Qvijvk%2BOps"
+        + "9Aak2FfHWq4Q8c4BtySHO4eomLCEuipyXURjzeVQGYRE7mLWNC22RK0xIFITzWRDPgsun4IrFn1gQ0evryx%2FE%2Bz4o5Oohv"
+        + "R6sczZjId7XgQ%2FVE%2B9Om5rj%2B%2FCjRRSzsoMyUCjwlaTHgq2ruIBaU6jEG61ayrG777RBLp%2BPR6krofyFP2Y68N402"
+        + "5%2BQ4xTi6ccPFxd9mC8Ot15NI9T7umiDpSd1nrUT4kFLkb96mZR6vzTAERKCpoEpCu6OPbTohCRThtc%2FU%2Bs3AIpuH9ygI"
+        + "hwm7cNYzXGspXSKP0I5qUP9Ruz3e2pRm1%2B00i2Fxne77ecCxRuor1l2Dy1Ifz6o%2F6%2Fso%2B78p%2Bb0%2FDz%2BGdI%2"
+        + "F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DOVMqh17xn4wl%2"
+        + "Byvifm4McMsBjKDVf1eqph9ss362ZEbp2nkAIXUzkNWv72I96iNK3r%2BYbAxY9dwZ8Z7jKzCGiJ9Qm34YSfPvzXWl3EVrdI86"
+        + "9U%2BH6HGIMqVew3cVdr4q3Qv9ZBIhdRxbrDu%2F%2BnMjdf8mzbgcQnfjSQiQIYWxOIXZFyxKsyrxJtIam4hoNwUT7mMN6Rjg"
+        + "zvyeS3mARsTJdcI0Vn4ItiprhLgIkD18V9WIdeSZR0gfRaFj8PKdmXCD%2FIa0cKgjhVKoiIZisV4vcthBOeDIqBORL2Ad3Xhc"
+        + "NRQ3%2BcpAf65zHGMBAv1aRy7Bmv0%2B%2BOvCavufykqI2EHtg%3D%3D");
+
+    httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter(
+        httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8"));
+    httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter(
+        httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()),
+        "UTF-8"));
+    httpReq.setParameter("SAMLEncoding", RandomStringUtils.randomAlphabetic(5));
+
+    try {
+      bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME,
+          comparator);
+      Assert.fail("Missing signature not detected");
+
+    } catch (final Pvp2Exception e) {
+      Assert.assertEquals("Wrong errorCode", "internal.pvp.95", e.getErrorId());
+
+    }
+  }
+  
+  @Test
   public void decodeRequestNoSignature() throws MessageDecodingException,
       SecurityException, IOException, Pvp2MetadataException {
     final String serviceUrl = "http://testservice.org";
@@ -169,7 +253,6 @@ public class RedirectBindingTest {
       Assert.assertEquals("Wrong errorCode", "internal.pvp.02", e.getErrorId());
 
     }
-
   }
 
   @Test
@@ -362,38 +445,6 @@ public class RedirectBindingTest {
 
   }
 
-  @Ignore
-  @Test
-  public void decodeRequestSuccessWithRelayState() throws MessageDecodingException,
-      SecurityException, IOException, Pvp2Exception {
-    final String serviceUrl = "http://testservice.org";
-    final String relayState = RandomStringUtils.randomAlphanumeric(10);
-
-    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
-        RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml")));
-    httpReq.setMethod("POST");
-    httpReq.addParameter("SAMLRequest", b64AuthnReq);
-    httpReq.addParameter("RelayState", relayState);
-
-    final IPvp2MetadataProvider metadataProvider = null;
-
-    final URIComparator comparator = new EaafUriCompare(serviceUrl);
-
-    final InboundMessageInterface msg =
-        bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME,
-            comparator);
-
-    Assert.assertNotNull("PVP msg is null", msg);
-    Assert.assertNotNull("RelayState is not null", msg.getRelayState());
-    Assert.assertEquals("RelayState not match", relayState, msg.getRelayState());
-    Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
-    Assert.assertNotNull("EntityId is null", msg.getEntityID());
-    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg
-        .getEntityID());
-    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
-
-  }
-
   @Test
   public void decodeResponseSuccess() throws MessageDecodingException, SecurityException, IOException,
       Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index f8402510..6cf81d2b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -14,14 +14,6 @@ import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactoryConfigurationError;
 
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -49,6 +41,14 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
 import net.shibboleth.utilities.java.support.xml.XMLParserException;
 
 
@@ -84,7 +84,7 @@ public class MetadataBuilderTest {
       TransformerException, ParserConfigurationException, IOException, SignatureException,
       XMLParserException, UnmarshallingException, CertificateException {
 
-    final IPvpMetadataBuilderConfiguration config = idpMetadataConfig(false, true);
+    final IPvpMetadataBuilderConfiguration config = idpMetadataConfig(credentialProvider, false, true);
 
     //generate metadata
     final String metadata = metadataBuilder.buildPvpMetadata(config);
@@ -102,7 +102,7 @@ public class MetadataBuilderTest {
       TransformerException, ParserConfigurationException, IOException, SignatureException,
       XMLParserException, UnmarshallingException, CertificateException {
 
-    final IPvpMetadataBuilderConfiguration config = idpMetadataConfig(true, false);
+    final IPvpMetadataBuilderConfiguration config = idpMetadataConfig(credentialProvider, true, false);
 
     //generate metadata
     final String metadata = metadataBuilder.buildPvpMetadata(config);
@@ -120,7 +120,7 @@ public class MetadataBuilderTest {
       TransformerException, ParserConfigurationException, IOException, SignatureException,
       XMLParserException, UnmarshallingException, CertificateException {
 
-    final IPvpMetadataBuilderConfiguration config = idpMetadataConfig(true, true);
+    final IPvpMetadataBuilderConfiguration config = idpMetadataConfig(credentialProvider, true, true);
 
     //generate metadata
     final String metadata = metadataBuilder.buildPvpMetadata(config);
@@ -155,7 +155,7 @@ public class MetadataBuilderTest {
     return entity;
   }
 
-  private IPvpMetadataBuilderConfiguration idpMetadataConfig(boolean buildSpInfos, boolean buildIdpInfos) {
+  public static IPvpMetadataBuilderConfiguration idpMetadataConfig(IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) {
     return new IPvpMetadataBuilderConfiguration() {
 
       @Override