GenerateMobilePhoneSignatureRequestTaskTest

4 files changed, 946 insertions, 0 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java
new file mode 100644
index 00000000..ba531029
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java
@@ -0,0 +1,144 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+  private Map<String, String> config = new HashMap<>();
+
+  /**
+   * Empty Dummy Application-configuration.
+   *
+   */
+  public DummyAuthConfigMap() {
+
+  }
+
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param configIs Property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(configIs);
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param path Path to property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final String path) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(this.getClass().getResourceAsStream(path));
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+
+  @Override
+  public String getBasicConfiguration(final String key) {
+    return config.get(key);
+
+  }
+
+  @Override
+  public String getBasicConfiguration(final String key, final String defaultValue) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return defaultValue;
+    } else {
+      return value;
+    }
+
+  }
+
+  @Override
+  public boolean getBasicConfigurationBoolean(final String key) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return false;
+    } else {
+      return Boolean.valueOf(value);
+    }
+  }
+
+  @Override
+  public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+    return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+  }
+
+  @Override
+  public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) {
+    return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+  }
+
+  @Override
+  public ISpConfiguration getServiceProviderConfiguration(final String uniqueID)
+      throws EaafConfigurationException {
+    return null;
+  }
+
+  @Override
+  public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator)
+      throws EaafConfigurationException {
+    return null;
+  }
+
+  @Override
+  public URI getConfigurationRootDirectory() {
+    return new java.io.File(".").toURI();
+
+  }
+
+  @Override
+  public String validateIdpUrl(final URL authReqUrl) throws EaafException {
+    return authReqUrl.toString();
+  }
+
+  public void putConfigValue(final String key, final String value) {
+    config.put(key, value);
+  }
+
+  public void removeConfigValue(final String key) {
+    config.remove(key);
+
+  }
+
+  public void removeAll() {
+    config.clear();
+
+  }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java
new file mode 100644
index 00000000..cf879562
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java
@@ -0,0 +1,304 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+import lombok.Getter;
+import lombok.Setter;
+
+public class DummyOA implements IAhSpConfiguration{
+
+  private static final long serialVersionUID = 1L;
+  private String uniqueAppId = null;
+  private String targetIdentifier = null;
+  private String friendlyName = null;
+  private String cc = "AT";
+  private final Map<String, String> config = new HashMap<>();
+  private final List<Pair<String, String>> reqAttributes = new ArrayList<>();
+
+  private boolean mandateEnabled = false;
+  private boolean onlyMandateEnabled = false;
+  private String mandateProfilesCsv;
+
+  private boolean eidasEnabled = false;
+
+  private boolean testCredentialEnabled = true;
+  private String additionalBpkTargetCsv;
+  private List<Pair<String, String>> additionalEncBpkTargets;
+
+  @Setter
+  private boolean restricted = true;
+
+  @Setter
+  private long latestVdaAuthentication = 60 * 365 * 5;
+
+  @Getter
+  @Setter
+  private boolean publicServiceProvider;
+
+  @Getter
+  @Setter
+  private boolean multiMandateEnabled;
+
+  @Setter
+  private String bmiUniqueIdentifier;
+
+  @Override
+  public Map<String, String> getFullConfiguration() {
+    return this.config;
+  }
+
+  @Override
+  public String getConfigurationValue(final String key) {
+    return this.config.get(key);
+  }
+
+  @Override
+  public String getConfigurationValue(final String key, final String defaultValue) {
+    if (StringUtils.isNotEmpty(getConfigurationValue(key))) {
+      return getConfigurationValue(key);
+    } else {
+      return defaultValue;
+    }
+  }
+
+  @Override
+  public boolean isConfigurationValue(final String key) {
+    if (StringUtils.isNotEmpty(getConfigurationValue(key))) {
+      return Boolean.valueOf(getConfigurationValue(key));
+    } else {
+      return false;
+    }
+
+  }
+
+  @Override
+  public boolean isConfigurationValue(final String key, final boolean defaultValue) {
+    return Boolean.parseBoolean(getConfigurationValue(key, String.valueOf(defaultValue)));
+
+  }
+
+  @Override
+  public boolean containsConfigurationKey(final String key) {
+    return this.config.containsKey(key);
+  }
+
+  @Override
+  public String getUniqueIdentifier() {
+    return this.uniqueAppId;
+  }
+
+  @Override
+  public String getUniqueApplicationRegisterIdentifier() {
+    return this.bmiUniqueIdentifier;
+
+  }
+
+  @Override
+  public String getFriendlyName() {
+    return this.friendlyName;
+  }
+
+  @Override
+  public boolean hasBaseIdInternalProcessingRestriction() {
+    // TODO Auto-generated method stub
+    return false;
+  }
+
+  @Override
+  public boolean hasBaseIdTransferRestriction() {
+    // TODO Auto-generated method stub
+    return false;
+  }
+
+  @Override
+  public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() {
+    // TODO Auto-generated method stub
+    return null;
+  }
+
+  @Override
+  public List<String> getTargetsWithNoBaseIdTransferRestriction() {
+    // TODO Auto-generated method stub
+    return null;
+  }
+
+  @Override
+  public List<String> getRequiredLoA() {
+    // TODO Auto-generated method stub
+    return null;
+  }
+
+  @Override
+  public String getLoAMatchingMode() {
+    // TODO Auto-generated method stub
+    return null;
+  }
+
+  @Override
+  public String getAreaSpecificTargetIdentifier() {
+    return this.targetIdentifier;
+  }
+
+  @Override
+  public boolean isTestCredentialEnabled() {
+    return this.testCredentialEnabled;
+  }
+
+  @Override
+  public List<String> getTestCredentialOids() {
+    // TODO Auto-generated method stub
+    return null;
+  }
+
+  @Override
+  public List<Pair<String, String>> getRequiredAttributes() {
+    return this.reqAttributes;
+
+  }
+
+  public void setUniqueAppId(final String uniqueAppId) {
+    this.uniqueAppId = uniqueAppId;
+  }
+
+  @Override
+  public String getCountryCode() {
+    return cc;
+  }
+
+  @Override
+  public void setCountryCode(final String cc) {
+    this.cc = cc;
+
+  }
+
+  public void setTargetIdentifier(final String targetIdentifier) {
+    this.targetIdentifier = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier);
+
+  }
+
+  public void setFriendlyName(final String friendlyName) {
+    this.friendlyName = friendlyName;
+  }
+
+  public void putGenericConfigurationKey(final String key, final String value) {
+    this.config.put(key, value);
+
+  }
+
+  public void addRequiredAttribute(final String attrUri) {
+    this.reqAttributes.add(Pair.newInstance(attrUri, null));
+
+  }
+
+  public void removeRequiredAttribute(final String attrUri) {
+    for (final Pair<String, String> el : reqAttributes) {
+      if (el.getFirst().equals(attrUri)) {
+        reqAttributes.remove(el);
+        break;
+
+      }
+
+
+    }
+  }
+
+  public void addRequiredAttribute(final String attrUri, String param) {
+    this.reqAttributes.add(Pair.newInstance(attrUri, param));
+
+  }
+
+  @Override
+  public boolean isMandateEnabled() {
+    return this.mandateEnabled;
+  }
+
+  @Override
+  public boolean isOnlyMandateEnabled() {
+    return this.onlyMandateEnabled;
+
+  }
+
+  @Override
+  public List<String> getMandateProfiles() {
+    return KeyValueUtils.getListOfCsvValues(mandateProfilesCsv);
+  }
+
+  @Override
+  public List<String> getAdditionalBpkTargets() {
+    return KeyValueUtils.getListOfCsvValues(additionalBpkTargetCsv);
+
+  }
+
+  @Override
+  public List<Pair<String, String>> getAdditionalForeignBpkTargets() {
+    if (additionalEncBpkTargets == null) {
+      return Collections.emptyList();
+
+    } else {
+      return additionalEncBpkTargets;
+
+    }
+  }
+
+  @Override
+  public long lastVdaAuthenticationDelay() {
+    return latestVdaAuthentication;
+
+  }
+
+  @Override
+  public boolean isRestrictedServiceProvider() {
+    return this.restricted ;
+  }
+
+
+  public void setMandateEnabled(final boolean mandateEnabled) {
+    this.mandateEnabled = mandateEnabled;
+  }
+
+  public void setOnlyMandateEnabled(final boolean onlyMandateEnabled) {
+    this.onlyMandateEnabled = onlyMandateEnabled;
+  }
+
+  public void setMandateProfilesCsv(final String mandateProfilesCsv) {
+    this.mandateProfilesCsv = mandateProfilesCsv;
+  }
+
+  public void setTestCredentialEnabled(final boolean testCredentialEnabled) {
+    this.testCredentialEnabled = testCredentialEnabled;
+  }
+
+  public void setAdditionalBpkTargetCsv(String additionalBpkTargetCsv) {
+    this.additionalBpkTargetCsv = additionalBpkTargetCsv;
+  }
+
+  public void setAdditionalEncBpkTargets(List<Pair<String, String>> additionalEncBpkTargets) {
+    this.additionalEncBpkTargets = additionalEncBpkTargets;
+  }
+
+  @Override
+  public boolean isEnabled() {
+    return true;
+  }
+
+  @Override
+  public boolean isEidasEnabled() {
+    return this.eidasEnabled;
+
+  }
+
+  public void setEidasEnabled(boolean eidasEnabled) {
+    this.eidasEnabled = eidasEnabled;
+  }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java
new file mode 100644
index 00000000..13d61f15
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java
@@ -0,0 +1,152 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy;
+
+import java.util.List;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+
+public interface IAhSpConfiguration extends ISpConfiguration {
+
+
+  /**
+   * Flag if this Service Provider is enabled.
+   *
+   * @return true if the SP is enabled, otherwise false
+   */
+  boolean isEnabled();
+
+  /**
+   * Get unique identifier that is used in Application-Register from BM.I.
+   *
+   * <p>If no BM.I specific identifier is available then this method returns
+   * the same identifier as <code>getUniqueIdentifier()</code></p>
+   *
+   * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists
+   */
+  String getUniqueApplicationRegisterIdentifier();
+
+  /**
+   * Flag that marks this Service-Provider as <i>public</i> or <i>private</i>.
+   *
+   * <p><b>Default:</b> If it is not set or has an unknown value, its <i>private</i> by default</p>
+   *
+   * @return <code>true</code> if it is from <i>public</i>, otherwise <code>false</code>
+   */
+  boolean isPublicServiceProvider();
+
+  /**
+   * Enable test identities for this Service Provider.
+   *
+   * @return true if test identities are allowed, otherwise false
+   */
+  boolean isTestCredentialEnabled();
+
+  /**
+   * Get a List of OID's that refine the set of allowed test identities.
+   *
+   * @return @link {@link List} of test-identity OID's
+   */
+  @Nullable
+  List<String> getTestCredentialOids();
+
+
+  /**
+   * Get a List of unique attribute URI's that are required by this SP.
+   *
+   * @return {@link List} of attribute URI's / parameter {@link Pair}s
+   */
+  List<Pair<String, String>> getRequiredAttributes();
+
+
+  /**
+   * Get the CountryCode for this service. <br>
+   * <br>
+   * <b>Default:</b> AT
+   *
+   * @return
+   */
+  String getCountryCode();
+
+  /**
+   * Set the CountryCode for this service. If not countryCode is set, AT is used as default.
+   *
+   * @param cc Service-Provider country-code
+   */
+  void setCountryCode(String cc);
+
+  /**
+   * Enable mandates for this service provider.
+   *
+   * @return <code>true</code> if mandates are enabled, otherwise <code>false</code>
+   */
+  boolean isMandateEnabled();
+
+  /**
+   * Enables multi-mandates for this service-provider.
+   *
+   * @return <code>true</code> if multi-mandates are enabled, otherwise <code>false</code>
+   */
+  boolean isMultiMandateEnabled();
+
+  /**
+   * Only mandates are allowed for this service provider.
+   *
+   * @return <code>true</code> if only mandates are allowed, otherwise <code>false</code>
+   */
+  boolean isOnlyMandateEnabled();
+
+  /**
+   * Get a {@link List} of mandate profiles that are supported by this Service provider.
+   *
+   * @return
+   */
+  @Nonnull List<String> getMandateProfiles();
+
+
+  /**
+   * eIDAS authentication allowed flag.
+   *
+   * @return <code>true</code> if eIDAS authentication is enabled, otherwise <code>false</code>
+   */
+  boolean isEidasEnabled();
+
+  /**
+   * Get a List of targets for additional bPKs that are required by this service provider.
+   *
+   * @return List of prefixed bPK targets
+   */
+  @Nonnull List<String> getAdditionalBpkTargets();
+
+  /**
+   * Get a list of foreign bPK targets that are required by this service provider.
+   *
+   * @return List of pairs with prefixed bPK targets as first element and VKZ as second element
+   */
+  @Nonnull List<Pair<String, String>> getAdditionalForeignBpkTargets();
+
+  /**
+   * Flag that indicates that service-provider as restricted or unrestricted.
+   *
+   * <p>A restricted service-provider can only used by test-identities that contains a
+   * valid application-restriction in User-Certificate Pinning</p>
+   *
+   * <p><b>Default:</b> true</p>
+   *
+   * @return <code>true</code> if it is restricted, otherwise <code>false</code>
+   */
+  boolean isRestrictedServiceProvider();
+
+
+/**
+ * Defines the time in minutes how long the last VDA registration h@Override
+ ave passed as maximum.
+ *
+ * @return time in minutes
+ */
+long lastVdaAuthenticationDelay();
+
+}
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
new file mode 100644
index 00000000..379f64ee
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
@@ -0,0 +1,346 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSString;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.Base64;
+import java.util.Map;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@TestPropertySource(locations = {"classpath:/config/junit_config_1-.properties" })
+//@ContextConfiguration({"/spring/SpringTest-context_mapConfig_full.xml", "classpath:/spring/test_eaaf_core.beans.xml"})
+//@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" })
+@ContextConfiguration(locations = {
+    "/SpringTest-context_tasks_test1.xml",
+    "/SpringTest-context_basic_mapConfig1.xml"
+})
+
+public class GenerateMobilePhoneSignatureRequestTaskTest {
+
+  private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+  private static final String METADATA_SP_PATH = "classpath:/data/sp_metadata_junit.xml";
+
+  @Autowired(required = true)
+  private ApplicationContext context;
+  @Autowired(required = true)
+  protected DummyAuthConfigMap authConfig;
+  @Autowired
+  private IdAustriaClientAuthMetadataProvider metadataProvider;
+  @Autowired
+  private PvpMetadataResolverFactory metadataFactory;
+  @Autowired
+  private DummyGuiBuilderConfigurationFactory guiBuilderConfigFactory;
+//  @Autowired
+//  private SamlVerificationEngine samlVerifyEngine;
+//  @Autowired
+//  private ITransactionStorage transactionStorage;
+
+  final ExecutionContext executionContext = new ExecutionContextImpl();
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private TestRequestImpl pendingReq;
+  private DummyOA oaParam;
+
+  private GenerateMobilePhoneSignatureRequestTask task;
+
+  /**
+   * JUnit class initializer.
+   *
+   * @throws Exception In case of an OpenSAML3 initialization error
+   */
+  @BeforeClass
+  public static void initialize() throws Exception {
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+  }
+
+  /**
+   * jUnit test set-up.
+   *
+   * @throws Exception In case of an set-up error
+   */
+  @Before
+  public void setUp() throws Exception {
+    task = (GenerateMobilePhoneSignatureRequestTask) context.getBean("GenerateMobilePhoneSignatureRequestTask");
+
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    authConfig.putConfigValue("modules.idaustriaclient.request.sign.alias", "sig");
+
+    oaParam = new DummyOA();
+    oaParam.setUniqueAppId("http://test.com/test");
+    oaParam.setBmiUniqueIdentifier(oaParam.getUniqueIdentifier() + "#" + RandomStringUtils.randomAlphanumeric(5));
+    oaParam.setTargetIdentifier(
+        EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
+    oaParam.setEidasEnabled(true);
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, null);
+    //    oaParam.setMandateProfilesCsv(
+    //        RandomStringUtils.randomAlphabetic(5)
+    //            + "," + RandomStringUtils.randomAlphabetic(5)
+    //            + "," + RandomStringUtils.randomAlphabetic(5));
+
+    pendingReq = new TestRequestImpl();
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(oaParam);
+    pendingReq.setAuthUrl("https://localhost/authhandler");
+
+    metadataProvider.fullyDestroy();
+    guiBuilderConfigFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+
+  }
+
+  @Test
+  public void noMetadataAvailableOnGlobalConfig() {
+    authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID,
+        RandomStringUtils.randomAlphabetic(10));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail();
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("module.eidasauth.02",
+          ((EaafConfigurationException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void noMetadataAvailableOnSpConfig() {
+    oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL,
+        RandomStringUtils.randomAlphabetic(10));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail();
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("module.eidasauth.02",
+          ((EaafConfigurationException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void noMetadataSigningKeyStore() throws Pvp2MetadataException {
+    oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL,
+        METADATA_PATH);
+
+    authConfig.removeConfigValue("modules.idaustriaclient.request.sign.alias");
+
+    metadataProvider.addMetadataResolverIntoChain(
+        metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail();
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(CredentialsNotAvailableException.class,
+          e.getOriginalException());
+      Assert.assertEquals("internal.pvp.01",
+          ((CredentialsNotAvailableException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void success() throws Exception {
+    oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL,
+        METADATA_PATH);
+    metadataProvider.addMetadataResolverIntoChain(
+        metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null));
+    pendingReq.setTransactionId(RandomStringUtils.randomAlphanumeric(10));
+
+    task.execute(pendingReq, executionContext);
+
+    final EaafRequestedAttributes reqAttr = validate();
+    Assert.assertEquals("#Req Attribute", 2, reqAttr.getAttributes().size());
+
+    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.transactionId",
+        reqAttr.getAttributes().get(0).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(0).getAttributeValues());
+    Assert.assertEquals("#Req. Attr value", 1,
+        reqAttr.getAttributes().get(0).getAttributeValues().size());
+    org.springframework.util.Assert.isInstanceOf(XSString.class,
+        reqAttr.getAttributes().get(0).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+    Assert.assertEquals("Req. Attr. Value", pendingReq.getUniqueTransactionIdentifier(),
+        ((XSString) reqAttr.getAttributes().get(0).getAttributeValues().get(0)).getValue());
+
+    Assert.assertEquals("Wrong req attr.", "urn:oid:1.2.40.0.10.2.1.1.261.34",
+        reqAttr.getAttributes().get(1).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
+    Assert.assertEquals("#Req. Attr value", 1,
+        reqAttr.getAttributes().get(1).getAttributeValues().size());
+    org.springframework.util.Assert.isInstanceOf(XSString.class,
+        reqAttr.getAttributes().get(1).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+    Assert.assertEquals("Req. Attr. Value", oaParam.getAreaSpecificTargetIdentifier(),
+        ((XSString) reqAttr.getAttributes().get(1).getAttributeValues().get(0)).getValue());
+
+  }
+
+  private EaafRequestedAttributes validate() throws Exception {
+    Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus());
+    Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType());
+    Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String html = httpResp.getContentAsString();
+    Assert.assertNotNull("XML Metadata", html);
+
+    final int startIndex = html.indexOf("SAMLRequest=");
+    Assert.assertTrue("No SAMLRequest in html", startIndex >= 0);
+    final String authnXml = html.substring(startIndex + "SAMLRequest=".length());
+    //TODO why do i have to do that?? => remove "} from end
+//    String authnXml2 = authnXml1.substring(0,authnXml1.length()-2);
+
+    //check if relaystate was stored
+    final int startIndexRelayState = html.indexOf("RelayState=");
+    Assert.assertTrue("wrong RelayState in HTML",
+        startIndexRelayState >= 0);
+    String relayState = html.substring(startIndexRelayState + "RelayState=".length(), startIndex);
+//    String storedPendingReqId = transactionStorage.get(relayState, String.class);
+//    Assert.assertEquals("relayStore not map to pendingRequestId",
+//        pendingReq.getPendingRequestId(), storedPendingReqId);
+
+
+    final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(
+            Base64.getDecoder().decode(authnXml)));
+
+    Assert.assertNotNull("AuthnReq", authnRequest);
+    Assert.assertNotNull("Issuer", authnRequest.getIssuer());
+    Assert.assertEquals("EntityId",
+        "https://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA,
+        authnRequest.getIssuer().getValue());
+
+    //check XML scheme
+    Saml2Utils.schemeValidation(authnRequest);
+
+
+    //check signature
+    final PvpSProfileRequest msg = new PvpSProfileRequest(
+        authnRequest,
+        SAMLConstants.SAML2_POST_BINDING_URI);
+    msg.setEntityID(authnRequest.getIssuer().getValue());
+    metadataProvider.addMetadataResolverIntoChain(
+        metadataFactory.createMetadataProvider(METADATA_SP_PATH, null, "jUnit SP", null));
+//    samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+//TODO
+    //check other elements
+//    Assert.assertNotNull("Proxy-Scope", authnRequest.getScoping());
+//    Assert.assertNotNull("RequesterIds", authnRequest.getScoping().getRequesterIDs());
+//    Assert.assertEquals("#RequesterIds", 1, authnRequest.getScoping().getRequesterIDs().size());
+//    Assert.assertEquals("RequesterId", oaParam.getUniqueApplicationRegisterIdentifier(),
+//        authnRequest.getScoping().getRequesterIDs().get(0).getRequesterID());
+
+    Assert.assertNotNull("RequestedAuthnContext", authnRequest.getRequestedAuthnContext());
+    Assert.assertNotNull("AuthnContextClassRef",
+        authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs());
+    Assert.assertEquals("#AuthnContextClassRef", 1,
+        authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().size());
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high",
+        authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().get(0).getAuthnContextClassRef());
+
+    Assert.assertNotNull("Extensions", authnRequest.getExtensions());
+    Assert.assertFalse("No Requested attributes",
+        authnRequest.getExtensions().getUnknownXMLObjects().isEmpty());
+
+    Assert.assertEquals("#ReqAttributes", 1, authnRequest.getExtensions().getUnknownXMLObjects().size());
+    org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class,
+        authnRequest.getExtensions().getUnknownXMLObjects().get(0), "No Requested Attributes object");
+
+    return (EaafRequestedAttributes) authnRequest.getExtensions().getUnknownXMLObjects().get(0);
+  }
+
+  private IVelocityGuiBuilderConfiguration createDummyGuiConfig() {
+    return new IVelocityGuiBuilderConfiguration() {
+
+      @Override
+      public Map<String, Object> getViewParameters() {
+        return null;
+      }
+
+      @Override
+      public String getViewName() {
+        return "SAML2 Post-Binding";
+      }
+
+      @Override
+      public String getDefaultContentType() {
+        return null;
+      }
+
+      @Override
+      public InputStream getTemplate(String viewName) {
+        return GenerateMobilePhoneSignatureRequestTaskTest.class.getResourceAsStream("/data/pvp_postbinding_template.html");
+      }
+
+      @Override
+      public String getClasspathTemplateDir() {
+        return null;
+
+      }
+    };
+  }
+
+}