From 7f0a925a72dc9841280e66fcba1515af62b9efdf Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 3 Jun 2022 15:24:01 +0200
Subject: test(core): add smoke test with full eIDAS OutGoing login and
 error-handling

---
 .../proxy/test/FullStartUpAndProcessTest.java      | 480 +++++++++++++++++++++
 1 file changed, 480 insertions(+)
 create mode 100644 ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java

(limited to 'ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific')

diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
new file mode 100644
index 00000000..bc6f5317
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
@@ -0,0 +1,480 @@
+package at.asitplus.eidas.specific.proxy.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.util.Base64;
+import java.util.Map;
+import java.util.TimeZone;
+import java.util.Timer;
+import java.util.UUID;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.ignite.Ignition;
+import org.joda.time.DateTime;
+import org.joda.time.DateTimeZone;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.util.Base64Utils;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.google.common.collect.ImmutableSet;
+
+import at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthSignalController;
+import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController;
+import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
+import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+import eu.eidas.auth.commons.EidasParameterKeys;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.auth.commons.tx.BinaryLightToken;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+import lombok.SneakyThrows;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringBootTest
+@ContextConfiguration(initializers = {
+    org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class,
+    SpringBootApplicationContextInitializer.class
+    })
+@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" })
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
+public class FullStartUpAndProcessTest {
+
+  private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+  private static final String FINAL_REDIRECT = "https://localhost/ms_proxy/public/secure/finalizeAuthProtocol?pendingid=";
+  private static final String ERROR_REDIRECT = "https://localhost/ms_proxy/public/secure/errorHandling?errorid=";
+  
+  
+  @Autowired private WebApplicationContext wac;
+
+  @Autowired private ResourceLoader resourceLoader;
+  @Autowired private EidasAttributeRegistry attrRegistry;
+  
+  @Autowired private IdAustriaAuthSignalController idAustriaEndpoint;
+  @Autowired private IdAustriaAuthMetadataProvider idAustriaMetadata;
+  @Autowired private IdAustriaAuthCredentialProvider credentialProvider;
+  
+  @Autowired private EidasProxyServiceController eidasProxyEndpoint;
+  @Autowired private ProtocolFinalizationController finalize;
+
+  @Autowired private IStatusMessenger messager;
+
+  /**
+   * jUnit class initializer.
+   * @throws InterruptedException In case of an error
+   * @throws ComponentInitializationException  In case of an error
+   * @throws InitializationException In case of an error
+   *
+   */
+  @BeforeClass
+  @SneakyThrows
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.clearProperty("eidas.ms.configuration");
+
+    //eIDAS Ref. Impl. properties
+    System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+
+    EaafOpenSaml3xInitializer.eaafInitialize();
+    
+  }
+
+  /**
+   * Test shut-down.
+   *
+   * @throws Exception In case of an error
+   */
+  @AfterClass
+  @SneakyThrows
+  public static void closeIgniteNode() {
+    System.out.println("Closiong Ignite Node ... ");
+    Ignition.stopAll(true);
+
+    //set Ignite-node holder to 'null' because static holders are shared between different tests
+    final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+    field.setAccessible(true);
+    field.set(null, null);
+    
+  }
+
+  /**
+   * jUnit test set-up.
+   *
+   *
+   */
+  @Before
+  public void setup() throws IOException {
+    DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(this.wac);
+    @SuppressWarnings("rawtypes")
+    Map<String, FilterRegistrationBean> filters = wac.getBeansOfType(FilterRegistrationBean.class);
+    for (FilterRegistrationBean<?> filter : filters.values()) {
+      if (filter.isEnabled()) {
+        builder.addFilter(filter.getFilter(), "/*");
+
+      }
+    }
+
+    LogMessageProviderFactory.setStatusMessager(messager);
+
+  }
+
+  @Test
+  @SneakyThrows
+  public void simpleError() {
+    MockHttpServletRequest proxyHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    String spCountryCode = injectEidas2AuthnReq(proxyHttpReq);
+    MockHttpServletResponse proxyHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(proxyHttpReq, proxyHttpResp));
+    
+    injectIdAustriaSaml2Metadata();
+        
+    
+    // send eIDAS Proxy-Service process hand-over
+    eidasProxyEndpoint.receiveEidasAuthnRequest(proxyHttpReq, proxyHttpResp);
+        
+    
+    // extract SAML2 AuthnRequest to IDA system
+    assertEquals("forward to finalization", 200, proxyHttpResp.getStatus());
+    assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", proxyHttpResp.getContentType());
+    String saml2ReqPage = proxyHttpResp.getContentAsString();
+    assertNotNull("selectionPage is null", saml2ReqPage);
+    assertFalse("selectionPage is empty", saml2ReqPage.isEmpty());
+
+    String saml2ReqB64 = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"SAMLRequest\" value=\"");
+    String saml2RelayState = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"RelayState\" value=\"");
+    assertNotNull("SAML2 request", saml2ReqB64);
+    assertNotNull("SAML2 relayState", saml2RelayState);
+    
+  
+    
+    // send WRONG response from IDA system to eIDAS Proxy-Service    
+    final MockHttpServletRequest idaHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    idaHttpReq.setScheme("https");
+    idaHttpReq.setServerPort(443);
+    idaHttpReq.setContextPath("/ms_proxy");
+    idaHttpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, RandomStringUtils.randomAlphanumeric(15));
+    idaHttpReq.addParameter("SAMLResponse", RandomStringUtils.randomAlphabetic(25));
+    final MockHttpServletResponse idaHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(idaHttpReq, idaHttpResp));
+    
+    idAustriaEndpoint.performEidasAuthentication(idaHttpReq, idaHttpResp);
+    
+    
+    // validate forwarding to protocol finalization
+    assertEquals("forward to finalization", 302, idaHttpResp.getStatus());
+    assertNotNull("missing redirect header", idaHttpResp.getHeader("Location"));
+    assertTrue("wrong redirect header", idaHttpResp.getHeader("Location").startsWith(ERROR_REDIRECT));
+    String finalPendingReqId = idaHttpResp.getHeader("Location").substring(ERROR_REDIRECT.length());
+    assertFalse("final errorId", finalPendingReqId.isEmpty());
+    
+    // set-up error-handling request
+    MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    finalizationReq.setParameter("errorid", finalPendingReqId);
+    MockHttpServletResponse respErrorPage = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, respErrorPage));
+    
+    // execute error-handling step
+    finalize.errorHandling(finalizationReq, respErrorPage);
+
+    
+    // extract access-token for eIDAS node communication 
+    assertEquals("errorPage", 200, respErrorPage.getStatus());
+    assertEquals("errorPage", "text/html;charset=UTF-8", respErrorPage.getContentType());
+    String errorPage = respErrorPage.getContentAsString();
+    assertNotNull("errorPage is null", errorPage);
+    assertFalse("errorPage is empty", errorPage.isEmpty());   
+    assertTrue("Missing errorCode", errorPage.contains("auth.26"));
+    
+  }
+  
+  @Test
+  @SneakyThrows
+  public void simpleSuccess() {
+    MockHttpServletRequest proxyHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    String spCountryCode = injectEidas2AuthnReq(proxyHttpReq);
+    MockHttpServletResponse proxyHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(proxyHttpReq, proxyHttpResp));
+    
+    injectIdAustriaSaml2Metadata();
+        
+    
+    // send eIDAS Proxy-Service process hand-over
+    eidasProxyEndpoint.receiveEidasAuthnRequest(proxyHttpReq, proxyHttpResp);
+        
+    
+    // extract SAML2 AuthnRequest to IDA system
+    assertEquals("forward to finalization", 200, proxyHttpResp.getStatus());
+    assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", proxyHttpResp.getContentType());
+    String saml2ReqPage = proxyHttpResp.getContentAsString();
+    assertNotNull("selectionPage is null", saml2ReqPage);
+    assertFalse("selectionPage is empty", saml2ReqPage.isEmpty());
+
+    String saml2ReqB64 = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"SAMLRequest\" value=\"");
+    String saml2RelayState = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"RelayState\" value=\"");
+    assertNotNull("SAML2 request", saml2ReqB64);
+    assertNotNull("SAML2 relayState", saml2RelayState);
+    
+    // validate SAML2 request to IDA system
+    String saml2ReqId = validateSaml2Request(saml2ReqB64, spCountryCode);
+    
+    // build SAML2 response from IDA system
+    String saml2RespB64 = buildSaml2Response(saml2ReqId);
+    
+    
+    // send response from IDA system to eIDAS Proxy-Service    
+    final MockHttpServletRequest idaHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    idaHttpReq.setScheme("https");
+    idaHttpReq.setServerPort(443);
+    idaHttpReq.setContextPath("/ms_proxy");
+    idaHttpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, saml2RelayState);
+    idaHttpReq.addParameter("SAMLResponse", saml2RespB64);
+    final MockHttpServletResponse idaHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(idaHttpReq, idaHttpResp));
+    
+    idAustriaEndpoint.performEidasAuthentication(idaHttpReq, idaHttpResp);
+    
+    
+    // validate forwarding to protocol finalization
+    assertEquals("forward to finalization", 302, idaHttpResp.getStatus());
+    assertNotNull("missing redirect header", idaHttpResp.getHeader("Location"));
+    assertTrue("wrong redirect header", idaHttpResp.getHeader("Location").startsWith(FINAL_REDIRECT));
+    String finalPendingReqId = idaHttpResp.getHeader("Location").substring(FINAL_REDIRECT.length());
+    assertFalse("final pendingRequestId", finalPendingReqId.isEmpty());
+
+    // set-up finalization request
+    MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    finalizationReq.setParameter("pendingid", finalPendingReqId);
+    MockHttpServletResponse respToEidasProxy = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, respToEidasProxy));
+    
+    // exexcute finalization step
+    finalize.finalizeAuthProtocol(finalizationReq, respToEidasProxy);
+
+    
+    // extract access-token for eIDAS node communication 
+    assertEquals("forward to finalization", 200, respToEidasProxy.getStatus());
+    assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", respToEidasProxy.getContentType());
+    String forwardPage = respToEidasProxy.getContentAsString();
+    assertNotNull("forward to eIDAS Node is null", forwardPage);
+    assertFalse("forward to eIDAS Node is empty", forwardPage.isEmpty());
+
+    String eidasNodeRespToken = extractRequestToken(forwardPage, "<input type=\"hidden\" name=\"token\" value=\"");
+    assertFalse("eidas req. token", eidasNodeRespToken.isEmpty());
+    
+    // validate eIDAS light-response to eIDAS node
+    validateEidasLightResponse(eidasNodeRespToken);        
+    
+    
+  }
+
+
+  @SneakyThrows
+  private void validateEidasLightResponse(String eidasNodeRespToken) {    
+    final SpecificCommunicationService springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) wac.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString());
+    
+    ILightResponse lightResp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(eidasNodeRespToken, 
+        attrRegistry.getCoreAttributeRegistry().getAttributes());
+
+    SimpleDateFormat dateTimeParser = new SimpleDateFormat("yyyy-MM-dd");
+    dateTimeParser.setTimeZone(TimeZone.getTimeZone("UTC"));
+       
+    assertNotNull("ligth-response", lightResp);    
+    assertEquals("eIDAS statusCode", "urn:oasis:names:tc:SAML:2.0:status:Success", lightResp.getStatus().getStatusCode());
+    assertEquals("eIDAS LoA", "http://eidas.europa.eu/LoA/high", lightResp.getLevelOfAssurance());
+    assertEquals("eIDAS attribute size", 4, lightResp.getAttributes().size());
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", "QVGm48cqcM4UcyhDTNGYmVdrIoY=");    
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName", "Max");
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName", "Mustermann");
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/DateOfBirth",
+        new DateTime(dateTimeParser.parse("1940-01-01").getTime(), DateTimeZone.UTC));
+
+
+                  
+  }
+
+  private void checkEidasAttribute(ImmutableAttributeMap attributes, String attrName, Object expected) {
+    ImmutableSet<? extends AttributeValue<Object>> attr = attributes.getAttributeValuesByNameUri(attrName);
+    assertNotNull("Attribute: " + attrName, attr);
+    assertFalse("Empty AttributeValue: " + attrName, attr.isEmpty());
+    assertNotNull("AttributeValue: " + attrName, attr.asList().get(0));
+    assertEquals("Wrong AttributeValue: " + attrName, expected, attr.asList().get(0).getValue());
+    
+  }
+
+  @SneakyThrows  
+  private String validateSaml2Request(String saml2ReqB64, String spCountryCode) {
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(), 
+        new ByteArrayInputStream(Base64Utils.decodeFromString(saml2ReqB64)));
+
+    // check requested attributes
+    assertEquals("wrong number of extension elements", 
+        1, authnReq.getExtensions().getOrderedChildren().size());
+    assertEquals("wrong number of requested attributes", 
+        4, authnReq.getExtensions().getOrderedChildren().get(0).getOrderedChildren().size());
+                
+    return authnReq.getID();
+  }
+
+  @SneakyThrows
+  private String buildSaml2Response(String saml2ReqId) {
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_with_EID.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true, saml2ReqId);    
+    return Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+            "UTF-8"));
+    
+  }
+  
+  private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential,
+      boolean validConditions, String saml2ReqId) throws SamlSigningException, XMLParserException, UnmarshallingException,
+      Pvp2MetadataException {
+
+    final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        FullStartUpAndProcessTest.class.getResourceAsStream(responsePath));
+    response.setIssueInstant(Instant.now());
+    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+    issuer.setValue(idpEntityId);
+    response.setIssuer(issuer);
+    response.setInResponseTo(saml2ReqId);
+    
+    if (validConditions) {
+      response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plusSeconds(5*60));
+
+    }
+
+    return Saml2Utils.signSamlObject(response, credential, true);
+  }
+  
+  @SneakyThrows
+  private void injectIdAustriaSaml2Metadata() {
+    final org.springframework.core.io.Resource resource = resourceLoader.getResource(METADATA_PATH);
+    Timer timer = new Timer("PVP metadata-resolver refresh");
+    ResourceBackedMetadataResolver fileSystemResolver =
+        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+    fileSystemResolver.setId("test");
+    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+    fileSystemResolver.initialize();
+    idAustriaMetadata.addMetadataResolverIntoChain(fileSystemResolver);
+    
+    
+  }
+
+  private String extractRequestToken(String selectionPage, String selector) {
+    int start = selectionPage.indexOf(selector);
+    assertTrue("find no starting element of selector", start > 0);
+    int end = selectionPage.indexOf("\"", start + selector.length());
+    assertTrue("find no end tag", end > 0);
+    return selectionPage.substring(start + selector.length(), end);
+
+  }
+  
+  @SneakyThrows
+  private String injectEidas2AuthnReq(MockHttpServletRequest proxyHttpReq) {    
+    String spCountryCode = "XX";
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+            .build());
+    
+    final SpecificCommunicationService springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) wac.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString());    
+    BinaryLightToken token = springManagedSpecificConnectorCommunicationService.putRequest(authnReqBuilder.build());        
+    proxyHttpReq.addParameter(EidasParameterKeys.TOKEN.toString(), Base64Utils.encodeToString(token.getTokenBytes()));
+    
+    return spCountryCode;
+    
+  }
+  
+}
-- 
cgit v1.2.3