Refactor tasks for MobilePhoneSignature login and tests

5 files changed, 436 insertions, 603 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
index 2a7beb3b..e7a5547a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
@@ -24,12 +24,12 @@
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
 
 import lombok.Data;
+import org.apache.commons.lang3.builder.EqualsBuilder;
 
 @Data
 public class SimpleMobileSignatureData {
 
   private String citizenCountryCode;
-
   private String bpk;
   private String givenName;
   private String familyName;
@@ -37,19 +37,15 @@ public class SimpleMobileSignatureData {
 
   /**
    * Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS.
+   *
    * @param simpleEidasData The extracted eIDAS data
    * @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise.
    */
   public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) {
-    if (!simpleEidasData.getGivenName().equals(givenName)) {
-      return false;
-    }
-    if (!simpleEidasData.getFamilyName().equals(familyName)) {
-      return false;
-    }
-    if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) {
-      return false;
-    }
-    return true;
+    return new EqualsBuilder()
+        .append(simpleEidasData.getGivenName(), givenName)
+        .append(simpleEidasData.getFamilyName(), familyName)
+        .append(simpleEidasData.getDateOfBirth(), dateOfBirth)
+        .isEquals();
   }
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 81be04b5..0f40b337 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -64,7 +64,6 @@ import org.opensaml.messaging.decoder.MessageDecodingException;
 import org.opensaml.saml.saml2.core.Response;
 import org.opensaml.saml.saml2.core.StatusCode;
 import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import javax.servlet.http.HttpServletRequest;
@@ -86,16 +85,12 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.I
  */
 @Slf4j
 @Component("ReceiveMobilePhoneSignatureResponseTask")
-public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask {
+public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServletTask {
 
-  @Autowired
-  private SamlVerificationEngine samlVerificationEngine;
-  @Autowired
-  private RegisterSearchService registerSearchService;
-  @Autowired
-  private IdAustriaClientAuthCredentialProvider credentialProvider;
-  @Autowired
-  IdAustriaClientAuthMetadataProvider metadataProvider;
+  private final SamlVerificationEngine samlVerificationEngine;
+  private final RegisterSearchService registerSearchService;
+  private final IdAustriaClientAuthCredentialProvider credentialProvider;
+  private final IdAustriaClientAuthMetadataProvider metadataProvider;
 
   private static final String ERROR_PVP_03 = "sp.pvp2.03";
   private static final String ERROR_PVP_05 = "sp.pvp2.05";
@@ -107,9 +102,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
 
   private static final String ERROR_MSG_00 = "Receive INVALID PVP Response from ID Austria system";
   private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED.";
-  private static final String ERROR_MSG_02 = "PVP response decrytion FAILED. No credential found.";
+  private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found.";
   private static final String ERROR_MSG_03 = "PVP response validation FAILED.";
 
+  /**
+   * Creates the new task, with autowired dependencies from Spring.
+   */
+  public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine,
+                                                 RegisterSearchService registerSearchService,
+                                                 IdAustriaClientAuthCredentialProvider credentialProvider,
+                                                 IdAustriaClientAuthMetadataProvider metadataProvider) {
+    this.samlVerificationEngine = samlVerificationEngine;
+    this.registerSearchService = registerSearchService;
+    this.credentialProvider = credentialProvider;
+    this.metadataProvider = metadataProvider;
+  }
+
   @Override
   public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
       throws TaskExecutionException {
@@ -118,7 +126,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
       IDecoder decoder = loadDecoder(request);
       EaafUriCompare comparator = loadComparator(request);
       InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator);
-      final Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
+      Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
       if (processedMsg.getSecond()) {
         stopProcessFromUserDecision(executionContext, request, response);
         return;
@@ -138,30 +146,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
        *
        */
 
-      final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+      AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
       MergedRegisterSearchResult initialSearchResult =
           authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class);
       SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class);
+      String bpkZp = extractBpkZp(extractor, authProcessData, eidasData);
 
-      SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
-      if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
-        //TODO User has cheated?
-        throw new InvalidUserInputException();
-      }
-
-      String bpkZp = simpleMobileSignatureData.getBpk();
       MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp);
       if (result.getResultCount() == 0) {
-        //go to step 16
         executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
         return;
       } else if (result.getResultCount() == 1) {
         String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq);
         authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
         return;
-        //node 110
       } else if (result.getResultCount() > 1) {
-        throw new ManualFixNecessaryException("bpkZp: " + bpkZp);// node 108
+        throw new ManualFixNecessaryException("bpkZp: " + bpkZp);
       }
 
       // set NeedConsent to false, because user gives consent during authentication
@@ -180,7 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
       throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
           new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
     } catch (final CredentialsNotAvailableException e) {
-      log.debug("PVP response decrytion FAILED. No credential found.", e);
+      log.debug("PVP response decryption FAILED. No credential found.", e);
       throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
           new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
     } catch (final Exception e) {
@@ -191,6 +191,17 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
     }
   }
 
+  private String extractBpkZp(AssertionAttributeExtractor extractor,
+                              AuthProcessDataWrapper authProcessData,
+                              SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException {
+    SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
+    if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
+      //TODO User has cheated?
+      throw new InvalidUserInputException();
+    }
+    return simpleMobileSignatureData.getBpk();
+  }
+
   @NotNull
   private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response,
                                                 IDecoder decoder, EaafUriCompare comparator) throws Exception {
@@ -297,33 +308,31 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
       throws EaafBuilderException {
     List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
     SimpleMobileSignatureData result = new SimpleMobileSignatureData();
-    try {
-      if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
-        log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
-        throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{MODULE_NAME_FOR_LOGGING});
+    if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
+      log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
+      AssertionValidationExeption e = new AssertionValidationExeption(ERROR_PVP_06,
+          new Object[]{MODULE_NAME_FOR_LOGGING});
+      throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
+    }
+    final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+    for (final String attrName : includedAttrNames) {
+      if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
+        result.setBpk(extractor.getSingleAttributeValue(attrName));
       }
-      final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
-      for (final String attrName : includedAttrNames) {
-        if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
-          result.setBpk(extractor.getSingleAttributeValue(attrName));
-        }
-        if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
-          result.setGivenName(extractor.getSingleAttributeValue(attrName));
-        }
-        if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) {
-          result.setFamilyName(extractor.getSingleAttributeValue(attrName));
-        }
-        if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
-          result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
-        }
-        if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
-          authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
-        }
+      if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
+        result.setGivenName(extractor.getSingleAttributeValue(attrName));
+      }
+      if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) {
+        result.setFamilyName(extractor.getSingleAttributeValue(attrName));
+      }
+      if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
+        result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
+      }
+      if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
+        authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
       }
-      authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
-    } catch (final AssertionValidationExeption e) {
-      throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
     }
+    authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
     return result;
   }
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 34046e55..ed086493 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -121,7 +121,7 @@
         scope="prototype" />
 
   <bean id="ReceiveMobilePhoneSignatureResponseTask"
-        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask"
         scope="prototype" />
 
   <bean id="GenerateAustrianResidenceGuiTask"
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
deleted file mode 100644
index 42dd3ddc..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
+++ /dev/null
@@ -1,543 +0,0 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
-
-import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
-import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
-import net.shibboleth.utilities.java.support.xml.XMLParserException;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang3.RandomStringUtils;
-import org.joda.time.DateTime;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
-import org.opensaml.core.xml.io.MarshallingException;
-import org.opensaml.core.xml.io.UnmarshallingException;
-import org.opensaml.core.xml.util.XMLObjectSupport;
-import org.opensaml.saml.saml2.core.Issuer;
-import org.opensaml.saml.saml2.core.Response;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-
-import javax.xml.transform.TransformerException;
-import java.io.IOException;
-import java.util.Base64;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertThrows;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.springframework.util.Assert.isInstanceOf;
-
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration(locations = {
-    "/SpringTest-context_tasks_test.xml",
-    "/SpringTest-context_basic_mapConfig.xml"
-})
-public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
-
-  private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
-
-  @Autowired
-  private ApplicationContext context;
-  @Autowired
-  protected MsConnectorDummyConfigMap authConfig;
-  @Autowired
-  private IdAustriaClientAuthMetadataProvider metadataProvider;
-  @Autowired
-  private IdAustriaClientAuthCredentialProvider credentialProvider;
-  @Autowired
-  private PvpMetadataResolverFactory metadataFactory;
-
-  private final ExecutionContext executionContext = new ExecutionContextImpl();
-  private MockHttpServletRequest httpReq;
-  private MockHttpServletResponse httpResp;
-  private DummyPendingRequest pendingReq;
-
-  private ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask task;
-
-  /**
-   * JUnit class initializer.
-   *
-   * @throws Exception In case of an OpenSAML3 initialization error
-   */
-  @BeforeClass
-  public static void initialize() throws Exception {
-    EaafOpenSaml3xInitializer.eaafInitialize();
-
-  }
-
-  /**
-   * jUnit test set-up.
-   *
-   * @throws Exception In case of an set-up error
-   */
-  @Before
-  public void setUp() throws Exception {
-    task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean(
-        "ReceiveMobilePhoneSignatureResponseTask");
-
-    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
-    httpReq.setScheme("https");
-    httpReq.setServerPort(443);
-    httpReq.setContextPath("/authhandler");
-    httpResp = new MockHttpServletResponse();
-    RequestContextHolder.resetRequestAttributes();
-    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
-
-    authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH);
-
-    DummyOA oaParam = new DummyOA();
-    oaParam.setUniqueAppId("http://test.com/test");
-    oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
-
-    pendingReq = new DummyPendingRequest();
-    pendingReq.initialize(httpReq, authConfig);
-    pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
-    pendingReq.setOnlineApplicationConfiguration(oaParam);
-
-    metadataProvider.fullyDestroy();
-  }
-
-  @Test
-  public void unsupportedHttpMethode() {
-    httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler");
-    RequestContextHolder.resetRequestAttributes();
-    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
-
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-  }
-
-  @Test
-  public void httpGetNoMessage() {
-    httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler");
-    RequestContextHolder.resetRequestAttributes();
-    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
-
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
-  }
-
-  @Test
-  public void httpPostNoMessage() {
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-  }
-
-  @Test
-  public void httpPostMessageNotSigned() throws IOException {
-
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class
-            .getResourceAsStream(
-                "/data/Response_without_sig_classpath_entityid.xml"))));
-
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
-  }
-
-  @Test
-  public void httpPostMessageWrongDestinationEndpoint() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      TransformerException, MarshallingException {
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_with_wrong_destination_endpoint.xml",
-        credentialProvider.getMessageSigningCredential(), true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
-  }
-
-  @Test
-  public void httpPostValidSignedNoMetadata() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException {
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_without_sig_classpath_entityid.xml",
-        credentialProvider.getMessageSigningCredential(), true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId());
-  }
-
-  @Test
-  public void httpPostValidSignedAssertionOutDated() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException {
-
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_without_sig_classpath_entityid.xml",
-        credentialProvider.getMessageSigningCredential(), false);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
-
-  }
-
-  @Test
-  public void httpPostValidSignedAssertionFromWrongIdp() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException {
-
-    authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
-        "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5));
-
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_without_sig_classpath_entityid.xml",
-        credentialProvider.getMessageSigningCredential(),
-        true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId());
-
-  }
-
-  @Test
-  public void httpPostValidSignedAssertionMissingAttributes() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException {
-
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_without_sig_classpath_entityid.xml",
-        credentialProvider.getMessageSigningCredential(),
-        true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
-
-  }
-
-  @Test
-  public void httpPostValidSignedWithError() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException {
-
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_without_sig_with_error.xml",
-        credentialProvider.getMessageSigningCredential(),
-        true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    final TaskExecutionException e = assertThrows(TaskExecutionException.class,
-        () -> task.execute(pendingReq, executionContext));
-
-    assertNotNull(e.getPendingRequestID());
-    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-    assertNotNull(e.getOriginalException());
-    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-    assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
-
-  }
-
-  @Test
-  public void httpPostValidSignedWitUserStopErrorCode() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException, TaskExecutionException {
-
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_without_sig_with_error_userstop.xml",
-        credentialProvider.getMessageSigningCredential(),
-        true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    // perform test
-    task.execute(pendingReq, executionContext);
-
-    // validate state
-    assertTrue("process not cancelled", executionContext.isProcessCancelled());
-    assertTrue("process not stopped by user", pendingReq.isAbortedByUser());
-    assertFalse("should not authenticated", pendingReq.isAuthenticated());
-
-  }
-
-  @Test
-  public void httpPostValidSignedWithErrorAndNoSubCode() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException {
-
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_without_sig_with_error_without_subcode.xml",
-        credentialProvider.getMessageSigningCredential(),
-        true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    try {
-      task.execute(pendingReq, executionContext);
-      fail("Invalid response not detected");
-
-    } catch (final TaskExecutionException e) {
-      assertNotNull(e.getPendingRequestID());
-      assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-      assertNotNull(e.getOriginalException());
-      isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-      assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
-    }
-  }
-
-  @Test
-  public void httpPostValidSignedWithErrorAndEmptySubCode() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException {
-
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_without_sig_with_error_empty_subcode.xml",
-        credentialProvider.getMessageSigningCredential(),
-        true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    try {
-      task.execute(pendingReq, executionContext);
-      fail("Invalid response not detected");
-
-    } catch (final TaskExecutionException e) {
-      assertNotNull(e.getPendingRequestID());
-      assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-      assertNotNull(e.getOriginalException());
-      isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-      assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
-
-    }
-  }
-
-  @Test
-  public void httpPostValidSignedAssertionEidValid() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
-
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_with_EID.xml",
-        credentialProvider.getMessageSigningCredential(),
-        true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    // put SimpleEidasData in session
-    final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
-    final SimpleEidasData eidData = new SimpleEidasData();
-    eidData.setFamilyName("Mustermann");
-    eidData.setGivenName("Max");
-    eidData.setDateOfBirth("1940-01-01");
-    authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
-
-    // perform task
-    task.execute(pendingReq, executionContext);
-
-    // validate state
-    final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
-    assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
-    assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
-
-    //TODO:
-
-  }
-
-  @Test
-  public void httpPostValidSignedAssertionEidValidButNameMissmatch() throws IOException, SamlSigningException,
-      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
-      MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
-
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
-
-    final Response response = initializeResponse(
-        "classpath:/data/idp_metadata_classpath_entity.xml",
-        "/data/Response_with_EID.xml",
-        credentialProvider.getMessageSigningCredential(),
-        true);
-    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
-        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
-            "UTF-8")));
-
-    // put SimpleEidasData in session
-    final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
-    final SimpleEidasData eidData = new SimpleEidasData();
-    eidData.setFamilyName("Mustermann1");
-    eidData.setGivenName("Max");
-    eidData.setDateOfBirth("1940-01-01");
-    authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
-
-    // perform task
-    try {
-      task.execute(pendingReq, executionContext);
-      fail("Invalid response not detected");
-
-    } catch (final TaskExecutionException e) {
-      assertNotNull(e.getPendingRequestID());
-      assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
-      assertNotNull(e.getOriginalException());
-      isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
-      assertTrue(e.getOriginalException().getCause() instanceof InvalidUserInputException);
-    }
-
-  }
-
-  private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential,
-      boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException,
-      Pvp2MetadataException {
-
-    final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
-        XMLObjectProviderRegistrySupport.getParserPool(),
-        ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream(
-            responsePath));
-    response.setIssueInstant(DateTime.now());
-    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
-    issuer.setValue(idpEntityId);
-    response.setIssuer(issuer);
-
-    if (validConditions) {
-      response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
-
-    }
-
-    return Saml2Utils.signSamlObject(response, credential, true);
-  }
-
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
new file mode 100644
index 00000000..5ea7b59b
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
@@ -0,0 +1,371 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.joda.time.DateTime;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.xml.transform.TransformerException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Objects;
+
+import static org.junit.Assert.*;
+import static org.springframework.util.Assert.isInstanceOf;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+    "/SpringTest-context_tasks_test.xml",
+    "/SpringTest-context_basic_mapConfig.xml"
+})
+public class ReceiveMobilePhoneSignatureResponseTaskTest {
+
+  private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+
+  @Autowired
+  protected MsConnectorDummyConfigMap authConfig;
+  @Autowired
+  private IdAustriaClientAuthMetadataProvider metadataProvider;
+  @Autowired
+  private IdAustriaClientAuthCredentialProvider credentialProvider;
+  @Autowired
+  private PvpMetadataResolverFactory metadataFactory;
+  @Autowired
+  private ReceiveMobilePhoneSignatureResponseTask task;
+
+  private final ExecutionContext executionContext = new ExecutionContextImpl();
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private DummyPendingRequest pendingReq;
+
+  /**
+   * JUnit class initializer.
+   *
+   * @throws Exception In case of an OpenSAML3 initialization error
+   */
+  @BeforeClass
+  public static void initialize() throws Exception {
+    EaafOpenSaml3xInitializer.eaafInitialize();
+  }
+
+  /**
+   * jUnit test set-up.
+   *
+   * @throws Exception In case of an set-up error
+   */
+  @Before
+  public void setUp() throws Exception {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    httpReq.setScheme("https");
+    httpReq.setServerPort(443);
+    httpReq.setContextPath("/authhandler");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH);
+
+    DummyOA oaParam = new DummyOA();
+    oaParam.setUniqueAppId("http://test.com/test");
+    oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
+
+    pendingReq = new DummyPendingRequest();
+    pendingReq.initialize(httpReq, authConfig);
+    pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setOnlineApplicationConfiguration(oaParam);
+
+    metadataProvider.fullyDestroy();
+  }
+
+  @Test
+  public void unsupportedHttpMethod() {
+    httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler");
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+  }
+
+  @Test
+  public void httpGetNoMessage() {
+    httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler");
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+  }
+
+  @Test
+  public void httpPostNoMessage() {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+  }
+
+  @Test
+  public void httpPostMessageNotSigned() throws IOException {
+    byte[] bytes = IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseTask.class
+        .getResourceAsStream("/data/Response_without_sig_classpath_entityid.xml"));
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(bytes));
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+  }
+
+  @Test
+  public void httpPostMessageWrongDestinationEndpoint() throws Exception {
+    initResponse("/data/Response_with_wrong_destination_endpoint.xml", true);
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+  }
+
+  @Test
+  public void httpPostValidSignedNoMetadata() throws Exception {
+    initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId());
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionOutDated() throws Exception {
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+    initResponse("/data/Response_without_sig_classpath_entityid.xml", false);
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionFromWrongIdp() throws Exception {
+    authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+        "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5));
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+    initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId());
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionMissingAttributes() throws Exception {
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+    initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
+  }
+
+  @Test
+  public void httpPostValidSignedWithError() throws Exception {
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+    initResponse("/data/Response_without_sig_with_error.xml", true);
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
+  }
+
+  @Test
+  public void httpPostValidSignedWitUserStopErrorCode() throws Exception {
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+    initResponse("/data/Response_without_sig_with_error_userstop.xml", true);
+
+    task.execute(pendingReq, executionContext);
+
+    assertTrue("process not cancelled", executionContext.isProcessCancelled());
+    assertTrue("process not stopped by user", pendingReq.isAbortedByUser());
+    assertFalse("should not authenticated", pendingReq.isAuthenticated());
+  }
+
+  @Test
+  public void httpPostValidSignedWithErrorAndNoSubCode() throws Exception {
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+    initResponse("/data/Response_without_sig_with_error_without_subcode.xml", true);
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
+  }
+
+  @Test
+  public void httpPostValidSignedWithErrorAndEmptySubCode() throws Exception {
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+    initResponse("/data/Response_without_sig_with_error_empty_subcode.xml", true);
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionEidValidButNameMismatch() throws Exception {
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+    initResponse("/data/Response_with_EID.xml", true);
+    AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+    SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+    eidData.setFamilyName(eidData.getFamilyName() + "notmatching");
+    authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    isInstanceOf(InvalidUserInputException.class, e.getOriginalException().getCause());
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionEidValid() throws Exception {
+    // klar darstellen: was ist input, was ist dann expected output ... eigentlich für alle tasks!
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+    initResponse("/data/Response_with_EID.xml", true);
+    AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+    SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+    authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+
+    task.execute(pendingReq, executionContext);
+
+    AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+    assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
+    assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+
+    //TODO this is the good case
+  }
+
+  @NotNull
+  private SimpleEidasData createEidasDataMatchingToSamlResponse() {
+    // data from "/data/Response_with_EID.xml"
+    SimpleEidasData result = new SimpleEidasData();
+    result.setFamilyName("Mustermann");
+    result.setGivenName("Max");
+    result.setDateOfBirth("1940-01-01");
+    return result;
+  }
+
+  private void addSamlResponseToHttpReq(Response response) throws TransformerException, IOException, MarshallingException {
+    String node = DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response));
+    String base64encoded = Base64.getEncoder().encodeToString(node.getBytes(StandardCharsets.UTF_8));
+    httpReq.addParameter("SAMLResponse", base64encoded);
+  }
+
+  private void initResponse(String responsePath, boolean validConditions) throws Exception {
+    InputStream inputStream = ReceiveMobilePhoneSignatureResponseTaskTest.class.getResourceAsStream(responsePath);
+    ParserPool parserPool = Objects.requireNonNull(XMLObjectProviderRegistrySupport.getParserPool());
+    Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(parserPool, inputStream);
+    response.setIssueInstant(DateTime.now());
+    Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+    issuer.setValue("classpath:/data/idp_metadata_classpath_entity.xml");
+    response.setIssuer(issuer);
+    if (validConditions) {
+      response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
+    }
+    Response signedResponse = Saml2Utils.signSamlObject(response, credentialProvider.getMessageSigningCredential(), true);
+    addSamlResponseToHttpReq(signedResponse);
+  }
+
+}