package at.gv.egiz.eaaf.modules.pvp2.test;

import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;

//@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment")
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
    "/spring/test_eaaf_core_spring_config.beans.xml",
    "/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_3.props" })
@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine {

  @Override
  protected String getMetadataClassPathEntityPath() {
    return "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";

  }

  @Override
  protected String getMetadataJunitJKeystore() {
    return "classpath:/data/pvp_metadata_junit_keystore.xml";
  }

  @Override
  protected String getAuthnRequestWithoutSigPath() {
    return "/data/AuthRequest_without_sig_1.xml";

  }

  @Override
  protected String getResponseWithSigPath() {
    return "/data/Response_with_sig_1.xml";
  }

  @Override
  protected String getResponseWithoutSigPath() {
    return "/data/Response_without_sig_1.xml";
  }

  @Test
  public void validateSamlRequestWrongSignatureAlg() throws SecurityException, Exception {

    final String authnReqPath = getAuthnRequestWithoutSigPath();
    final String metadataPath = getMetadataJunitJKeystore();
    final String spEntityId = metadataPath;

    metadataProvider.runGarbageCollector();

    final EaafX509Credential cred = credentialProvider.getMetaDataSigningCredential();
    cred.setSignatureAlgorithmForSigning(SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5);
    try {
      initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,
          cred);
      org.junit.Assert.fail("Wrong SigAlg not detected");

    } catch (final SamlSigningException e) {
      org.junit.Assert.assertEquals("Wrong errorCode", "internal.pvp.96", e.getErrorId());

    }
  }


}