a lot of more OpenSAML3 refactoring staff

This version is also NOT stable!
author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-01-31 20:41:54 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-01-31 20:41:54 +0100
commit: d41afe91ee59daf6b5f5037cecac52900fe2ccb2 (patch)
tree: 3a19e1818d276d701574758ce6166b2f3a7e2030 /eaaf_modules/eaaf_module_pvp2_core/src/test
parent: 0cf9926282ba4aa46bad3f4e8020cec72683492f (diff)
download: EAAF-Components-d41afe91ee59daf6b5f5037cecac52900fe2ccb2.tar.gz
EAAF-Components-d41afe91ee59daf6b5f5037cecac52900fe2ccb2.tar.bz2
EAAF-Components-d41afe91ee59daf6b5f5037cecac52900fe2ccb2.zip
12 files changed, 1252 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
new file mode 100644
index 00000000..6adce26e
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -0,0 +1,448 @@
+package at.gv.egiz.eaaf.modules.pvp2.test.binding;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Base64;
+import java.util.Map;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.Unmarshaller;
+import org.opensaml.core.xml.io.UnmarshallerFactory;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.common.SignableSAMLObject;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.StatusResponseType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.net.URIComparator;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml"})
+@TestPropertySource(locations = {"/config/config_1.props"})
+public class PostBindingTest {
+
+  public static final String HTTP_FORM_RELAYSTATE = "RelayState=";
+  public static final String HTTP_FORM_SAMLREQ = "SAMLRequest=";
+  public static final String HTTP_FORM_SAMLRESP = "SAMLResponse=";
+
+  @Autowired private PostBinding bindingImpl;
+  @Autowired private DummyCredentialProvider credentialProvider;
+  @Autowired private DummyGuiBuilderConfigurationFactory guiBuilderFactory;
+
+  protected MockHttpServletRequest httpReq;
+  protected MockHttpServletResponse httpResp;
+  protected IRequest pendingReq;
+
+  @BeforeClass
+  public static void classInitializer() throws InitializationException, ComponentInitializationException {
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+  }
+
+  /**
+   * Test initializer.
+   *
+   */
+  @Before
+  public void initialize() {
+    httpReq = new MockHttpServletRequest();
+    httpResp = new MockHttpServletResponse();
+
+    pendingReq = new TestRequestImpl();
+
+  }
+
+  @Test
+  public void checkCanHandle() {
+    httpReq.setMethod("POST");
+    Assert.assertTrue("Wrong canHandle result", bindingImpl.handleDecode("Post", httpReq));
+    Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Redirect", httpReq));
+
+    httpReq.setMethod("GET");
+    Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Post", httpReq));
+    Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Redirect", httpReq));
+  }
+
+  @Test
+  public void decodeRequestSuccess() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNull("RelayState is not null", msg.getRelayState());
+    Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Test
+  public void decodeRequestSuccessWithRelayState() throws MessageDecodingException, SecurityException,
+      IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphanumeric(10);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.addParameter("RelayState", relayState);
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNotNull("RelayState is not null", msg.getRelayState());
+    Assert.assertEquals("RelayState not match", relayState, msg.getRelayState());
+    Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Test
+  public void decodeResponseSuccess() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/Response_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNull("RelayState is not null", msg.getRelayState());
+    Assert.assertNotNull("Response is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Test
+  public void decodeResponseSuccessWithRelayState() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphanumeric(10);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/Response_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.addParameter("RelayState", relayState);
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNotNull("RelayState is not null", msg.getRelayState());
+    Assert.assertEquals("RelayState not match", relayState, msg.getRelayState());
+    Assert.assertNotNull("Response is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Test
+  public void encodeRequestSuccess() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = null;
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+
+    bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertFalse("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLREQ));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLREQ);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  @Test
+  public void encodeRequestSuccessEcdsa() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = null;
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+
+    bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpAssertionSigningCredential(), pendingReq);
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertFalse("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLREQ));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLREQ);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  @Test
+  public void encodeRequestSuccessWithRelayState() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphabetic(10);
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+
+    bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertTrue("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+    final String httpRelayState = extractParamFromHttpForm(http, HTTP_FORM_RELAYSTATE);
+    Assert.assertEquals("Wrong RelayState", relayState, httpRelayState);
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLREQ));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLREQ);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  @Test
+  public void encodeResponseSuccessWithRelayState() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphabetic(10);
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
+
+    bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertTrue("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+    final String httpRelayState = extractParamFromHttpForm(http, HTTP_FORM_RELAYSTATE);
+    Assert.assertEquals("Wrong RelayState", relayState, httpRelayState);
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLRESP));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLRESP);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  @Test
+  public void encodeResponseSuccess() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = null;
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
+
+    bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertFalse("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLRESP));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLRESP);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  private IVelocityGuiBuilderConfiguration createDummyGuiConfig() {
+    return new IVelocityGuiBuilderConfiguration() {
+
+      @Override
+      public Map<String, Object> getViewParameters() {
+        return null;
+      }
+
+      @Override
+      public String getViewName() {
+        return "SAML2 Post-Binding";
+      }
+
+      @Override
+      public String getDefaultContentType() {
+        return null;
+      }
+
+      @Override
+      public InputStream getTemplate(String viewName) {
+        return PostBindingTest.class.getResourceAsStream("/data/pvp_postbinding_template.html");
+      }
+
+      @Override
+      public String getClasspathTemplateDir() {
+        return null;
+
+      }
+    };
+  }
+
+  private void checkSamlMessageSigned(String b64Msg) throws ParserConfigurationException,
+      SAXException, IOException, UnmarshallingException {
+    final Element httpSamlReqElment = DomUtils.parseXmlNonValidating(
+        new ByteArrayInputStream(Base64.getDecoder().decode(b64Msg)));
+
+    final UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
+    final Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(httpSamlReqElment);
+    final SignableSAMLObject msg = (SignableSAMLObject) unmarshaller.unmarshall(httpSamlReqElment);
+    Assert.assertTrue("SAML msg not signed", msg.isSigned());
+
+  }
+
+  private String extractParamFromHttpForm(String http, String httpFormRelaystate) {
+    final int startIndex = http.indexOf(httpFormRelaystate) + httpFormRelaystate.length();
+    final int endIndex = http.indexOf("\"", startIndex);
+    return http.substring(startIndex, endIndex);
+
+  }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
new file mode 100644
index 00000000..80dfc400
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
@@ -0,0 +1,490 @@
+package at.gv.egiz.eaaf.modules.pvp2.test.binding;
+
+import java.io.IOException;
+import java.net.URLDecoder;
+import java.util.Base64;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.StatusResponseType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.xml.sax.SAXException;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.net.URIComparator;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml"})
+@TestPropertySource(locations = {"/config/config_1.props"})
+public class RedirectBindingTest {
+
+  public static final String HTTP_FORM_RELAYSTATE = "RelayState=";
+  public static final String HTTP_FORM_SAMLREQ = "SAMLRequest=";
+  public static final String HTTP_FORM_SAMLRESP = "SAMLResponse=";
+
+  public static final String HTTP_REDIRECT_SIGALG = "SigAlg=";
+  public static final String HTTP_REDIRECT_SIGNATURE = "Signature=";
+
+  @Autowired private RedirectBinding bindingImpl;
+  @Autowired private DummyCredentialProvider credentialProvider;
+
+  protected MockHttpServletRequest httpReq;
+  protected MockHttpServletResponse httpResp;
+  protected IRequest pendingReq;
+
+  @BeforeClass
+  public static void classInitializer() throws InitializationException, ComponentInitializationException {
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+  }
+
+  /**
+   * Test initializer.
+   *
+   */
+  @Before
+  public void initialize() {
+    httpReq = new MockHttpServletRequest();
+    httpResp = new MockHttpServletResponse();
+
+    pendingReq = new TestRequestImpl();
+
+  }
+
+  @Test
+  public void checkCanHandle() {
+    httpReq.setMethod("POST");
+    Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Post", httpReq));
+    Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Redirect", httpReq));
+
+    httpReq.setMethod("GET");
+    Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Post", httpReq));
+    Assert.assertTrue("Wrong canHandle result", bindingImpl.handleDecode("Redirect", httpReq));
+  }
+
+  @Test
+  public void decodeRequestSuccess() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    httpReq.setMethod("GET");
+    httpReq.setRequestURI("http://testservice.org");
+    httpReq.setParameter("SAMLRequest","nVRNb9swDD13wP6DoXvkr/RjQuzCSFAgQDd0TbfDLoVi0642Wcok2kn766c4duABWw++SdQj+fhIanF7qKXXgrFCq4SENCAeqFwXQlUJ+fZ0N7sht+nC8lpGO5Y1+KIe4XcDFj3nqCw7vSSkMYppboVlitdgGeZsk32+ZxEN2M5o1LmWxMusBYMu1VIr29RgNmBakcNaFXBw6R0C0Yhtg3BCOBp/Qxy/lcsuFMeO8Qvijvk+Ops9Aak2FfHWq4Q8c4BtySHO4eomLCEuipyXURjzeVQGYRE7mLWNC22RK0xIFITzWRDPgsun4IrFn1gQ0evryx/E+z4o5OohvR6sczZjId7XgQ/VE+9Om5rj+/CjRRSzsoMyUCjwlaTHgq2ruIBaU6jEG61ayrG777RBLp+PR6krofyFP2Y68N4025+Q4xTi6ccPFxd9mC8Ot15NI9T7umiDpSd1nrUT4kFLkb96mZR6vzTAERKCpoEpCu6OPbTohCRThtc/U+s3AIpuH9ygIhwm7cNYzXGspXSKP0I5qUP9Ruz3e2pRm1+00i2Fxne77ecCxRuor1l2Dy1Ifz6o/6/so+78p+b0/Dz+GdI/");
+    httpReq.setParameter("SigAlg","http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
+    httpReq.setParameter("Signature","DOVMqh17xn4wl+yvifm4McMsBjKDVf1eqph9ss362ZEbp2nkAIXUzkNWv72I96iNK3r+YbAxY9dwZ8Z7jKzCGiJ9Qm34YSfPvzXWl3EVrdI869U+H6HGIMqVew3cVdr4q3Qv9ZBIhdRxbrDu/+nMjdf8mzbgcQnfjSQiQIYWxOIXZFyxKsyrxJtIam4hoNwUT7mMN6RjgzvyeS3mARsTJdcI0Vn4ItiprhLgIkD18V9WIdeSZR0gfRaFj8PKdmXCD/Ia0cKgjhVKoiIZisV4vcthBOeDIqBORL2Ad3XhcNRQ3+cpAf65zHGMBAv1aRy7Bmv0++OvCavufykqI2EHtg==");
+
+
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNull("RelayState is not null", msg.getRelayState());
+    Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Ignore
+  @Test
+  public void decodeRequestSuccessWithRelayState() throws MessageDecodingException,
+      SecurityException, IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphanumeric(10);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.addParameter("RelayState", relayState);
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNotNull("RelayState is not null", msg.getRelayState());
+    Assert.assertEquals("RelayState not match", relayState, msg.getRelayState());
+    Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Ignore
+  @Test
+  public void decodeResponseSuccess() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        RedirectBindingTest.class.getResourceAsStream("/data/Response_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNull("RelayState is not null", msg.getRelayState());
+    Assert.assertNotNull("Response is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Ignore
+  @Test
+  public void decodeResponseSuccessWithRelayState() throws MessageDecodingException, SecurityException,
+      IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphanumeric(10);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        RedirectBindingTest.class.getResourceAsStream("/data/Response_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.addParameter("RelayState", relayState);
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNotNull("RelayState is not null", msg.getRelayState());
+    Assert.assertEquals("RelayState not match", relayState, msg.getRelayState());
+    Assert.assertNotNull("Response is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Test
+  public void encodeRequestSuccess() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = null;
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+
+    bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+    //validate
+    Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
+    Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength());
+
+    Assert.assertNull("ContentType", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String locationHeader = httpResp.getHeader("Location");
+    Assert.assertNotNull("Location header is null", locationHeader);
+    Assert.assertFalse("Location header is empty", locationHeader.isEmpty());
+
+    Assert.assertTrue("Wrong redirect URL",
+        locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLREQ));
+
+    final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLREQ, true);
+    Assert.assertNotNull("Saml msg is null", respSamlMsg);
+    Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty());
+
+    final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG, true);
+    Assert.assertNotNull("SigAlg is null", sigAlg);
+    Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty());
+    Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+        URLDecoder.decode(sigAlg, "UTF-8"));
+
+    final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE, true);
+    Assert.assertNotNull("Saml signature null", samlSig);
+    Assert.assertFalse("Saml signature is empty", samlSig.isEmpty());
+
+    final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE, false);
+    Assert.assertNull("RelayState parameter", respRelayState);
+
+  }
+
+
+  @Test
+  public void encodeRequestSuccessEcdsa() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = null;
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+
+    bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpAssertionSigningCredential(), pendingReq);
+
+    //validate
+    //validate
+    Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
+    Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength());
+
+    Assert.assertNull("ContentType", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String locationHeader = httpResp.getHeader("Location");
+    Assert.assertNotNull("Location header is null", locationHeader);
+    Assert.assertFalse("Location header is empty", locationHeader.isEmpty());
+
+    Assert.assertTrue("Wrong redirect URL",
+        locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLREQ));
+
+    final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLREQ, true);
+    Assert.assertNotNull("Saml msg is null", respSamlMsg);
+    Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty());
+
+    final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG, true);
+    Assert.assertNotNull("SigAlg is null", sigAlg);
+    Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty());
+    Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_EC,
+        URLDecoder.decode(sigAlg, "UTF-8"));
+
+    final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE, true);
+    Assert.assertNotNull("Saml signature null", samlSig);
+    Assert.assertFalse("Saml signature is empty", samlSig.isEmpty());
+
+    final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE, false);
+    Assert.assertNull("RelayState parameter", respRelayState);
+
+
+  }
+
+  @Test
+  public void encodeRequestSuccessWithRelayState() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphabetic(10);
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+
+    bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+
+    //validate
+    Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
+    Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength());
+
+    Assert.assertNull("ContentType", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String locationHeader = httpResp.getHeader("Location");
+    Assert.assertNotNull("Location header is null", locationHeader);
+    Assert.assertFalse("Location header is empty", locationHeader.isEmpty());
+
+    Assert.assertTrue("Wrong redirect URL",
+        locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLREQ));
+
+    final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLREQ, true);
+    Assert.assertNotNull("Saml msg is null", respSamlMsg);
+    Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty());
+
+    final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG, true);
+    Assert.assertNotNull("SigAlg is null", sigAlg);
+    Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty());
+    Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+        URLDecoder.decode(sigAlg, "UTF-8"));
+
+    final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE, true);
+    Assert.assertNotNull("Saml signature null", samlSig);
+    Assert.assertFalse("Saml signature is empty", samlSig.isEmpty());
+
+    final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE, false);
+    Assert.assertNotNull("RelayState parameter", respRelayState);
+    Assert.assertEquals("RelayState not match", relayState,
+        URLDecoder.decode(respRelayState, "UTF-8"));
+
+
+  }
+
+  @Test
+  public void encodeResponseSuccessWithRelayState() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphabetic(10);
+    final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
+
+    bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+
+    //validate
+    Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
+    Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength());
+
+    Assert.assertNull("ContentType", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String locationHeader = httpResp.getHeader("Location");
+    Assert.assertNotNull("Location header is null", locationHeader);
+    Assert.assertFalse("Location header is empty", locationHeader.isEmpty());
+
+    Assert.assertTrue("Wrong redirect URL",
+        locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLRESP));
+
+    final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLRESP, true);
+    Assert.assertNotNull("Saml msg is null", respSamlMsg);
+    Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty());
+
+    final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG, true);
+    Assert.assertNotNull("SigAlg is null", sigAlg);
+    Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty());
+    Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+        URLDecoder.decode(sigAlg, "UTF-8"));
+
+    final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE, true);
+    Assert.assertNotNull("Saml signature null", samlSig);
+    Assert.assertFalse("Saml signature is empty", samlSig.isEmpty());
+
+    final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE, false);
+    Assert.assertNotNull("RelayState parameter", respRelayState);
+    Assert.assertEquals("RelayState not match", relayState,
+        URLDecoder.decode(respRelayState, "UTF-8"));
+
+  }
+
+  @Test
+  public void encodeResponseSuccess() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = null;
+    final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
+
+    bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+
+    //validate
+    Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
+    Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength());
+
+    Assert.assertNull("ContentType", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String locationHeader = httpResp.getHeader("Location");
+    Assert.assertNotNull("Location header is null", locationHeader);
+    Assert.assertFalse("Location header is empty", locationHeader.isEmpty());
+
+    Assert.assertTrue("Wrong redirect URL",
+        locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLRESP));
+
+    final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLRESP, true);
+    Assert.assertNotNull("Saml msg is null", respSamlMsg);
+    Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty());
+
+    final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG, true);
+    Assert.assertNotNull("SigAlg is null", sigAlg);
+    Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty());
+    Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+        URLDecoder.decode(sigAlg, "UTF-8"));
+
+    final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE, true);
+    Assert.assertNotNull("Saml signature null", samlSig);
+    Assert.assertFalse("Saml signature is empty", samlSig.isEmpty());
+
+    final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE, false);
+    Assert.assertNull("RelayState parameter", respRelayState);
+
+  }
+
+  private String checkMessagePart(String locationHeader, String httpFormSamlreq, boolean isRequired) {
+    final int startIndex = locationHeader.indexOf(httpFormSamlreq);
+    int endIndex = locationHeader.indexOf("&", startIndex);
+
+    if (isRequired && startIndex == -1) {
+      Assert.fail("Element: " + httpFormSamlreq + " NOT found");
+
+    } else if (startIndex == -1) {
+      return null;
+
+    }
+
+    if (endIndex == -1) {
+      endIndex = locationHeader.length();
+
+    }
+
+    return locationHeader.substring(startIndex + httpFormSamlreq.length(), endIndex);
+
+  }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
new file mode 100644
index 00000000..6930790d
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
@@ -0,0 +1,70 @@
+package at.gv.egiz.eaaf.modules.pvp2.test.dummy;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
+public class DummyCredentialProvider extends AbstractCredentialProvider {
+
+  @Autowired IConfiguration basicConfig;
+
+  public static final String KEYSTORE_PATH = "keystore.path";
+  public static final String KEYSTORE_PASSWORD = "keystore.pass";
+
+  public static final String KEY_METADATA_ALIAS = "key.metadata.alias";
+  public static final String KEY_METADATA_PASSWORD = "key.metadata.pass";
+
+  public static final String KEY_SIGNING_ALIAS = "key.sig.alias";
+  public static final String KEY_SIGNING_PASSWORD = "key.sig.pass";
+
+  public static final String KEY_ENCRYPTION_ALIAS = "key.enc.alias";
+  public static final String KEY_ENCRYPTION_PASSWORD = "key.enc.pass";
+
+  @Override
+  public String getFriendlyName() {
+    return "jUnit test credential provider";
+  }
+
+  @Override
+  public String getKeyStoreFilePath() throws EaafException {
+    return basicConfig.getBasicConfiguration(KEYSTORE_PATH);
+  }
+
+  @Override
+  public String getKeyStorePassword() {
+    return basicConfig.getBasicConfiguration(KEYSTORE_PASSWORD);
+  }
+
+  @Override
+  public String getMetadataKeyAlias() {
+    return basicConfig.getBasicConfiguration(KEY_METADATA_ALIAS);
+  }
+
+  @Override
+  public String getMetadataKeyPassword() {
+    return basicConfig.getBasicConfiguration(KEY_METADATA_PASSWORD);
+  }
+
+  @Override
+  public String getSignatureKeyAlias() {
+    return basicConfig.getBasicConfiguration(KEY_SIGNING_ALIAS);
+  }
+
+  @Override
+  public String getSignatureKeyPassword() {
+    return basicConfig.getBasicConfiguration(KEY_SIGNING_PASSWORD);
+  }
+
+  @Override
+  public String getEncryptionKeyAlias() {
+    return basicConfig.getBasicConfiguration(KEY_ENCRYPTION_ALIAS);
+  }
+
+  @Override
+  public String getEncryptionKeyPassword() {
+    return basicConfig.getBasicConfiguration(KEY_ENCRYPTION_PASSWORD);
+  }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
new file mode 100644
index 00000000..74b805ba
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
@@ -0,0 +1,8 @@
+keystore.path=classpath:/data/junit.jks
+keystore.pass=password
+key.metadata.alias=meta
+key.metadata.pass=password
+key.sig.alias=sig
+key.sig.pass=password
+key.enc.alias=
+key.enc.pass=
+\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/AuthRequest_with_sig_1.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/AuthRequest_with_sig_1.xml
new file mode 100644
index 00000000..f9de11c4
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/AuthRequest_with_sig_1.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="1" AttributeConsumingServiceIndex="0" Destination="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/post" ID="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:02.775Z" Version="2.0">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_demologin/</saml2:Issuer>
+	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+		<ds:SignedInfo>
+			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+			<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+			<ds:Reference URI="#_aeebfae3ce681fe3ddcaf213a42f01d3">
+				<ds:Transforms>
+					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+					<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+				</ds:Transforms>
+				<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<ds:DigestValue>sBVJQf9b+QIxRfH8YuTbF6hBrf4=</ds:DigestValue>
+			</ds:Reference>
+		</ds:SignedInfo>
+		<ds:SignatureValue>JK68H5XqmD2OEA8O/UCZFenVj0TrvauPhaKJt73pbHbi//hO1hBcRQbV2Qg3gQ11EcJ9Q+TM3TCe9nT6tdU/z7ry3qdZvlOfrkMF13fY4HOIuvB9AcySdxq2yKA3V5O9sLhf5S9qCyx9lMnTARC7wkVs4j2Pv00R6P/iROOHD5ryGF2J0FdtMp9VqhvQJ9yRGM2lTduF98MqxWA2EMk6AMo7qij0Bvha1B2OyFSU9HM3fyfRQpXDeiLnKHcjLpzu5TDNkKrP75c7vv85DDr7s2I0p74nAOVLMuLau5tEQ91Crk9QoqoqqEecKWcNJDXTO9MahCQw77hUDL1WOEMFFg==</ds:SignatureValue>
+		<ds:KeyInfo>
+			<ds:KeyValue>
+				<ds:RSAKeyValue>
+					<ds:Modulus>nEPzKMh3TovnfBnTyv+TMYFsGep8Uil7iNbfVyfLoBfqRdeGDOk4es2qWkgB6az+kM/9Js2H06m4
+pjEY7/RIjd0lMWqgi8eqdjilMmbFQykkYYQhlZbvi8KqoBcCKzj5N3GY4qh8A5qN4y85Q3sZj23T
+iiIY1rphE+ZTOHCm6CKeRso9jj409YHP1xAXfPvtIYx2TA1uuagxOmL75OC/hr7gcUm0tmuKiSeq
++TO4VZw2Q7K7YESZ1WkiBoG2i4cHdcBFKnVrGNtyxl6UkjWxXRJSU9aNLs5QxsE6iFwCvFoIO+IU
+cVWxfFHqOGbRtAcRUb4fk+KFHE2o1DLmfwZaUQ==</ds:Modulus>
+					<ds:Exponent>AQAB</ds:Exponent>
+				</ds:RSAKeyValue>
+			</ds:KeyValue>
+		</ds:KeyInfo>
+	</ds:Signature>
+	<saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
+		<saml2:NameID>https://demo.egiz.gv.at/demoportal_demologin/</saml2:NameID>
+	</saml2:Subject>
+	<saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+	<saml2p:RequestedAuthnContext>
+		<saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.stork.gov.eu/1.0/citizenQAALevel/4</saml2:AuthnContextClassRef>
+	</saml2p:RequestedAuthnContext>
+</saml2p:AuthnRequest>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/AuthRequest_without_sig_1.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/AuthRequest_without_sig_1.xml
new file mode 100644
index 00000000..ef35ea92
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/AuthRequest_without_sig_1.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="1" AttributeConsumingServiceIndex="0" Destination="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/post" ID="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:02.775Z" Version="2.0">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_demologin/</saml2:Issuer>
+	<saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
+		<saml2:NameID>https://demo.egiz.gv.at/demoportal_demologin/</saml2:NameID>
+	</saml2:Subject>
+	<saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+	<saml2p:RequestedAuthnContext>
+		<saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.stork.gov.eu/1.0/citizenQAALevel/4</saml2:AuthnContextClassRef>
+	</saml2p:RequestedAuthnContext>
+</saml2p:AuthnRequest>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/Response_with_sig_1.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/Response_with_sig_1.xml
new file mode 100644
index 00000000..2654f2e8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/Response_with_sig_1.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://demo.egiz.gv.at/demoportal_demologin/securearea.action" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+		<ds:SignedInfo>
+			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+			<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+			<ds:Reference URI="">
+				<ds:Transforms>
+					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+					<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+						<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+					</ds:Transform>
+				</ds:Transforms>
+				<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+				<ds:DigestValue>fCE31ZeXZybQLOuNQBePLjFrCtKdvCmeyJ1tUW/ghtA=</ds:DigestValue>
+			</ds:Reference>
+		</ds:SignedInfo>
+		<ds:SignatureValue>vUFR3YPk5wiBJnrLh6Er7V46FNDMuB5Jcu73Rw7tipgr+bnV0reRNcZ5TGT+VMjNhtKJMcqgjrQWJ6tACe1r0mzhpRSVQkw7yFkTvIhQHX1a08yqJ4yy3qiN13ctDo4VgP9qHUim7b797oOKNhRXFk+2GJA5hRcpRliUjhBlzTYrxpkY5NcYDRhDPlvMx+l11oa1iDGuAylN+ty4h3P4fIoIgL9Tz1m3l65LqkV5RBc6avSeHw9OASMigPsjd5b0IBvhvJ611xLgzC1BOtJshiw1k/p8alv8TaUmYZ/kJbRN1tuTBL129edbS0Rz0faT0tniF42QHteJ214brK3rCg==</ds:SignatureValue>
+		<ds:KeyInfo>
+			<ds:KeyValue>
+				<ds:RSAKeyValue>
+					<ds:Modulus>xRE83dJy1dj+KVBp5Syo91fjGeG1MmJDSuTZ5MwdDzvIZrbK3YPh0jbJz4lOSrw9urRacavZX4m2
+XAKfSRxaowP3GqTh3Ew4WJE7yXEnWiic7bUz8uMIr020bsvqHCvY48+oPARbz/cEOf5NgMBWqo9E
+nibdIyU5+AmfFzDaMwNocJEANoXrjLTpduCHvT0Qt/wH+7rVdgjX1djMrBhyMWs7GQyIBRfuf58m
+8kdcoiMSm9AWA4d4GzXch+bi1QRzj+Ib80DeWdcXP3Hc6pcyp/+L+hya2jZ9NMS8yup6xuoAeh7w
+6JNpfE9QnO3/CPrDZTtmjPK2OIRkhgn4Yi+iBQ==</ds:Modulus>
+					<ds:Exponent>AQAB</ds:Exponent>
+				</ds:RSAKeyValue>
+			</ds:KeyValue>
+		</ds:KeyInfo>
+	</ds:Signature>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://demo.egiz.gv.at/demoportal_demologin/securearea.action"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://demo.egiz.gv.at/demoportal_demologin/</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://www.stork.gov.eu/1.0/citizenQAALevel/4</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.94" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:integer">4</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</saml2:AttributeValue>
+			</saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/Response_without_sig_1.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/Response_without_sig_1.xml
new file mode 100644
index 00000000..3607cbc4
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/Response_without_sig_1.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://demo.egiz.gv.at/demoportal_demologin/securearea.action" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://demo.egiz.gv.at/demoportal_demologin/securearea.action"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://demo.egiz.gv.at/demoportal_demologin/</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://www.stork.gov.eu/1.0/citizenQAALevel/4</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.94" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:integer">4</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</saml2:AttributeValue>
+			</saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks
new file mode 100644
index 00000000..b5262cb8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_postbinding_template.html b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_postbinding_template.html
new file mode 100644
index 00000000..a0d31907
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_postbinding_template.html
@@ -0,0 +1,3 @@
+#if($RelayState)RelayState=${RelayState}"}#end 
+#if($SAMLRequest)SAMLRequest=${SAMLRequest}"}#end
+#if($SAMLResponse)SAMLResponse=${SAMLResponse}"}#end
+\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
new file mode 100644
index 00000000..de3cfbd1
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+  <bean id="dummyAuthConfig"
+        class="at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig" />
+
+  <bean id="dummyVelocityGuiBuilder"
+        class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyVelocityGuiFormBuilder" />
+
+  <bean id="dummyGuiBuilderConfigFactory"
+        class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
+
+</beans>
+\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_pvp.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_pvp.beans.xml
new file mode 100644
index 00000000..f261e893
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_pvp.beans.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+  <import resource="test_eaaf_core.beans.xml"/>
+
+  <bean id="dummyCredentialProvider"
+        class="at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider" />
+
+  <bean id="PvpPostBinding"
+        class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding" />
+        
+  <bean id="PvpRedirectBinding"
+        class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding" />
+        
+  <bean id="PvpSoapBinding"
+        class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding" />
+
+
+
+</beans>
+\ No newline at end of file
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-01-31 20:41:54 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-01-31 20:41:54 +0100
commit	d41afe91ee59daf6b5f5037cecac52900fe2ccb2 (patch)
tree	3a19e1818d276d701574758ce6166b2f3a7e2030 /eaaf_modules/eaaf_module_pvp2_core/src/test
parent	0cf9926282ba4aa46bad3f4e8020cec72683492f (diff)
download	EAAF-Components-d41afe91ee59daf6b5f5037cecac52900fe2ccb2.tar.gz EAAF-Components-d41afe91ee59daf6b5f5037cecac52900fe2ccb2.tar.bz2 EAAF-Components-d41afe91ee59daf6b5f5037cecac52900fe2ccb2.zip