src/main/java/eu/europa/ec/simpl/tlsgateway/filters/OrderedGlobalFilter.java

+package eu.europa.ec.simpl.tlsgateway.filters;
+
+import eu.europa.ec.simpl.tlsgateway.configurations.GlobalFilterProperties;
+import org.springframework.cloud.gateway.filter.GlobalFilter;
+import org.springframework.core.Ordered;
+
+public abstract class OrderedGlobalFilter implements GlobalFilter, Ordered {
+
+    private final GlobalFilterProperties globalFilterProperties;
+
+    protected OrderedGlobalFilter(GlobalFilterProperties globalFilterProperties) {
+        this.globalFilterProperties = globalFilterProperties;
+    }
+
+    @Override
+    public int getOrder() {
+        return globalFilterProperties.getOrder(getClass());
+    }
+}

src/main/java/eu/europa/ec/simpl/tlsgateway/repositories/EphemeralProofRepository.java

 package eu.europa.ec.simpl.tlsgateway.repositories;
 
-import eu.europa.ec.simpl.common.redis.model.entity.EphemeralProof;
+import eu.europa.ec.simpl.common.redis.entity.EphemeralProof;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.repository.CrudRepository;

src/main/java/eu/europa/ec/simpl/tlsgateway/services/TierOneSessionValidator.java

 package eu.europa.ec.simpl.tlsgateway.services;
 
-import eu.europa.ec.simpl.common.model.ephemeralproof.JwtEphemeralProofParser;
-import eu.europa.ec.simpl.common.redis.model.entity.EphemeralProof;
+import eu.europa.ec.simpl.common.ephemeralproof.JwtEphemeralProofParser;
+import eu.europa.ec.simpl.common.redis.entity.EphemeralProof;
 import eu.europa.ec.simpl.common.services.AbstractTierOneSessionValidator;
 import eu.europa.ec.simpl.tlsgateway.repositories.EphemeralProofRepository;
 import java.util.*;

src/main/java/eu/europa/ec/simpl/tlsgateway/utils/EphemeralProofUtil.java

 package eu.europa.ec.simpl.tlsgateway.utils;
 
-import eu.europa.ec.simpl.common.model.ephemeralproof.JwtEphemeralProofParser;
+import eu.europa.ec.simpl.common.ephemeralproof.JwtEphemeralProofParser;
+import lombok.experimental.UtilityClass;
 import lombok.extern.log4j.Log4j2;
 
 @Log4j2
+@UtilityClass
 public class EphemeralProofUtil {
 
-    private EphemeralProofUtil() {
-        throw new IllegalStateException("Utility class");
-    }
-
     public static JwtEphemeralProofParser getEphemeralProof(String ephemeralProof) {
         return new JwtEphemeralProofParser(ephemeralProof);
     }

src/main/java/eu/europa/ec/simpl/tlsgateway/utils/ExchangeUtil.java

@@ -6,6 +6,7 @@ import eu.europa.ec.simpl.tlsgateway.exceptions.NoCertificateException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Optional;
+import lombok.experimental.UtilityClass;
 import org.bouncycastle.asn1.x500.style.BCStyle;
 import org.bouncycastle.asn1.x500.style.IETFUtils;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
@@ -13,12 +14,9 @@ import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.http.server.reactive.SslInfo;
 import org.springframework.web.server.ServerWebExchange;
 
+@UtilityClass
 public class ExchangeUtil {
 
-    private ExchangeUtil() {
-        throw new IllegalStateException("Utility class");
-    }
-
     public static X509Certificate getCertificateFromRequest(ServerHttpRequest request) {
         return Optional.ofNullable(request)
                 .map(ServerHttpRequest::getSslInfo)

src/main/java/eu/europa/ec/simpl/tlsgateway/utils/JwtEphemeralProofVerifier.java

@@ -4,9 +4,9 @@ import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.crypto.ECDSAVerifier;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
+import eu.europa.ec.simpl.common.ephemeralproof.EphemeralProofAbstractParser;
+import eu.europa.ec.simpl.common.ephemeralproof.JwtEphemeralProofParser;
 import eu.europa.ec.simpl.common.model.dto.IdentityAttributeDTO;
-import eu.europa.ec.simpl.common.model.ephemeralproof.EphemeralProofAbstractParser;
-import eu.europa.ec.simpl.common.model.ephemeralproof.JwtEphemeralProofParser;
 import java.security.interfaces.ECPublicKey;
 import java.time.Instant;
 import java.util.List;

src/main/resources/application.yml

@@ -36,9 +36,23 @@ custom-ssl:
 server:
   port: 9443
 
-cors:
-  allowed-origins: "*"
-  allowed-headers: "*"
+users-roles:
+  url: [USERS_ROLES_URL]
+sap:
+  url: [SAP_URL]
+identity-provider:
+  url: [IDENTITY_PROVIDER_URL]
+authentication-provider:
+  url: [AUTHENTICATION_PROVIDER_URL]
 
 keypair:
   algorithm: [KEYPAIR_ALGORITHM]
+
+global-filters:
+  order:
+    - eu.europa.ec.simpl.tlsgateway.filters.EphemeralProofFilter
+    - eu.europa.ec.simpl.tlsgateway.filters.OcspFilter
+    - eu.europa.ec.simpl.tlsgateway.filters.HeadersFilter
+    - eu.europa.ec.simpl.tlsgateway.filters.AbacFilter
+    - eu.europa.ec.simpl.tlsgateway.filters.LoggingFilter
+

src/test/java/eu/europa/ec/simpl/tlsgateway/configurations/AuthorityKeypairPropertiesTest.java

+package eu.europa.ec.simpl.tlsgateway.configurations;
+
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+@ExtendWith(SpringExtension.class)
+@EnableConfigurationProperties({
+    AuthorityKeypairProperties.class,
+})
+@TestPropertySource(properties = {"keypair.algorithm=EC"})
+class AuthorityKeypairPropertiesTest {
+
+    @Autowired
+    AuthorityKeypairProperties properties;
+
+    @Test
+    void validateAuthorityKeypairProperties() {
+        Assertions.assertThat(properties).hasNoNullFieldsOrProperties();
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/configurations/LoggingRuleTest.java

+package eu.europa.ec.simpl.tlsgateway.configurations;
+
+import static org.mockito.Mockito.mock;
+
+import java.util.List;
+import org.junit.jupiter.api.Test;
+import org.mockito.Answers;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.web.server.ServerWebExchange;
+
+class LoggingRuleTest {
+
+    @Test
+    void matchesTest() {
+        var rule = createDefaultLoggingRule();
+        var exchange = mock(ServerWebExchange.class);
+        rule.matches(exchange);
+    }
+
+    @Test
+    void matchQueryTest() {
+        var rule = createDefaultLoggingRule();
+        var exchange = mock(ServerWebExchange.class, Answers.RETURNS_DEEP_STUBS);
+        rule.matchQuery(exchange);
+    }
+
+    @Test
+    void matchHeadersTest() {
+        var rule = createDefaultLoggingRule();
+        var exchange = mock(ServerWebExchange.class, Answers.RETURNS_DEEP_STUBS);
+        rule.matchHeaders(exchange);
+    }
+
+    @Test
+    void multimapRuleMatches() {
+        var rule = createDefaultLoggingRule();
+        var multimapRule = rule.header().getFirst();
+        var queryParams = new HttpHeaders();
+        queryParams.add("headerName", "headerValue");
+        multimapRule.matches(queryParams);
+    }
+
+    public LoggingRule createDefaultLoggingRule() {
+        var config = new LoggingRule.Config();
+        config.setMessage("Message");
+        config.setOperations(List.of());
+        var multiMapRule = new LoggingRule.MultiMapRule("name", "value", List.of());
+        var multiMapRuleHeader = new LoggingRule.MultiMapRule("nameHeader", "", List.of());
+        return new LoggingRule(HttpMethod.GET, "/path", List.of(multiMapRule), List.of(multiMapRuleHeader), config);
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/configurations/MicroservicePropertiesTest.java

+package eu.europa.ec.simpl.tlsgateway.configurations;
+
+import eu.europa.ec.simpl.tlsgateway.filters.EphemeralProofFilter;
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.test.context.ConfigDataApplicationContextInitializer;
+import org.springframework.core.Ordered;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+@ExtendWith(SpringExtension.class)
+@EnableConfigurationProperties(GlobalFilterProperties.class)
+@ContextConfiguration(initializers = ConfigDataApplicationContextInitializer.class)
+class MicroservicePropertiesTest {
+
+    @Autowired
+    GlobalFilterProperties properties;
+
+    @Test
+    void validateMicroserviceProperties() {
+        Assertions.assertThat(properties).hasNoNullFieldsOrProperties();
+    }
+
+    @Test
+    void ephemeralProofFilter_shouldHaveHighestPrecedence() {
+        Assertions.assertThat(properties.getOrder(EphemeralProofFilter.class)).isEqualTo(Ordered.HIGHEST_PRECEDENCE);
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/configurations/publickey/AbstractPublicKeyProducerTest.java

+package eu.europa.ec.simpl.tlsgateway.configurations.publickey;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.withSettings;
+
+import eu.europa.ec.simpl.tlsgateway.configurations.microservices.UsersRolesProperties;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Answers;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.web.reactive.function.client.WebClient;
+
+@ExtendWith(MockitoExtension.class)
+class AbstractPublicKeyProducerTest {
+    @Mock
+    private UsersRolesProperties usersRolesProperties;
+
+    private AbstractPublicKeyProducer abstractPublicKeyProducer;
+
+    @BeforeEach
+    public void init() {
+        abstractPublicKeyProducer = mock(
+                AbstractPublicKeyProducer.class,
+                withSettings().useConstructor(usersRolesProperties).defaultAnswer(Answers.CALLS_REAL_METHODS));
+    }
+
+    @Test
+    void authorityPublicKeyTest() {
+        try (var webClient = mockStatic(WebClient.class, Answers.RETURNS_DEEP_STUBS)) {
+            abstractPublicKeyProducer.authorityPublicKey();
+        }
+    }
+
+    @Test
+    void myPublicKeyTest() {
+        try (var webClient = mockStatic(WebClient.class, Answers.RETURNS_DEEP_STUBS)) {
+            abstractPublicKeyProducer.myPublicKey();
+        }
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/configurations/security/SecurityConfigTest.java

+package eu.europa.ec.simpl.tlsgateway.configurations.security;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.List;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Answers;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.AnnotationConfigApplicationContext;
+import org.springframework.http.HttpMethod;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+@ExtendWith(SpringExtension.class)
+class SecurityConfigTest {
+
+    @MockitoBean(answers = Answers.RETURNS_DEEP_STUBS)
+    private RouteConfig routeConfig;
+
+    @Autowired
+    private ApplicationContext applicationContext;
+
+    @Test
+    void loadContest() {
+        var rule = mock(Rule.class);
+        when(rule.method()).thenReturn(HttpMethod.GET);
+        when(rule.path()).thenReturn("/junitpath");
+        var publicUrls = List.of(rule);
+        when(routeConfig.publicUrls()).thenReturn(publicUrls);
+        when(routeConfig.deniedUrls()).thenReturn(publicUrls);
+        try (var ac = new AnnotationConfigApplicationContext()) {
+            ac.setParent(applicationContext);
+            ac.registerBean(SecurityConfig.class);
+            ac.refresh();
+        }
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/configurations/ssl/AuthenticationProviderClientTest.java

+package eu.europa.ec.simpl.tlsgateway.configurations.ssl;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.mockito.Mockito.*;
+
+import eu.europa.ec.simpl.tlsgateway.configurations.AuthorityKeypairProperties;
+import eu.europa.ec.simpl.tlsgateway.configurations.microservices.AuthenticationProviderProperties;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.web.reactive.function.client.WebClient;
+
+@ExtendWith(MockitoExtension.class)
+class AuthenticationProviderClientTest {
+
+    @Mock
+    private AuthenticationProviderProperties authenticationProviderProperties;
+
+    @Mock
+    private AuthorityKeypairProperties authorityKeypairProperties;
+
+    private AuthenticationProviderClient authenticationProviderClient;
+
+    @BeforeEach
+    public void init() {
+        when(authenticationProviderProperties.url()).thenReturn("http://authenticationprovider.junit.local");
+        authenticationProviderClient =
+                new AuthenticationProviderClient(authenticationProviderProperties, authorityKeypairProperties);
+    }
+
+    @Test
+    void loadPemCertificatesTest() {
+        try (var webClient = mockStatic(WebClient.class, RETURNS_DEEP_STUBS)) {
+            assertDoesNotThrow(() -> authenticationProviderClient.loadPrivateKey());
+            verify(WebClient.builder()).baseUrl("http://authenticationprovider.junit.local/keypair");
+        }
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/configurations/ssl/SslConfigTest.java

+package eu.europa.ec.simpl.tlsgateway.configurations.ssl;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.when;
+
+import eu.europa.ec.simpl.common.utils.CredentialUtil;
+import eu.europa.ec.simpl.tlsgateway.configurations.microservices.AuthenticationProviderProperties;
+import eu.europa.ec.simpl.tlsgateway.configurations.microservices.UsersRolesProperties;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.cert.CertificateException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.web.server.Ssl;
+import org.springframework.test.context.DynamicPropertyRegistry;
+import org.springframework.test.context.DynamicPropertySource;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+@ExtendWith(SpringExtension.class)
+// @Import(SslConfig.class)
+@EnableConfigurationProperties({
+    SslProperties.class,
+    UsersRolesProperties.class,
+    AuthenticationProviderProperties.class,
+})
+@TestPropertySource(
+        properties = {
+            "keypair.algorithm=EC",
+            "custom-ssl.enabled=true",
+            // Ssl.ClientAuth clientAuth,
+            "users-roles.url=http://usersroles.junit.local",
+            "authentication-provider.url=authenticationprovider.junit.local",
+        })
+class SslConfigTest {
+
+    @Autowired
+    private SslProperties sslProperties;
+
+    @MockitoBean
+    private AuthenticationProviderClient authenticationProviderClient;
+
+    @MockitoBean
+    private UsersRolesClient usersRolesClient;
+
+    @Autowired
+    private UsersRolesProperties usersRolesProperties;
+
+    @Autowired
+    private AuthenticationProviderProperties authenticationProviderProperties;
+
+    @DynamicPropertySource
+    public static void dynamicProperties(DynamicPropertyRegistry dynamicPropertyRegistry) throws Exception {
+        var tmpKeyStorePwd = "KEYSTORETMPPS";
+        var tmpKeyStoreFile = Files.createTempFile("junit", "").toFile();
+        var tmpKeyTrustStoreFile = Files.createTempFile("junit", "").toFile();
+        dynamicPropertyRegistry.add("custom-ssl.keyStoreLocation", () -> tmpKeyStoreFile.getAbsolutePath());
+        dynamicPropertyRegistry.add("custom-ssl.keyStorePassword", () -> tmpKeyStorePwd);
+        dynamicPropertyRegistry.add("custom-ssl.trustStoreLocation", () -> tmpKeyTrustStoreFile.getAbsolutePath());
+        dynamicPropertyRegistry.add("custom-ssl.trustStorePassword", () -> tmpKeyStorePwd);
+        dynamicPropertyRegistry.add("custom-ssl.keyStoreType", () -> KeyStore.getDefaultType());
+        dynamicPropertyRegistry.add("custom-ssl.trustStoreType", () -> KeyStore.getDefaultType());
+    }
+
+    @Test
+    void ssl_whenSslIsEnabled_ThenDefineKeyStoreAndTrustStore()
+            throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
+        var sslConfig = createDefaultSslConfig();
+        var rawKeyStore = "junit pem certificate...";
+        var privateKey = mock(PrivateKey.class);
+        var keyStore = retrieveTestStore();
+        var trustStore = retrieveTestStore();
+        when(usersRolesClient.loadPemCertificates()).thenReturn(rawKeyStore);
+        when(authenticationProviderClient.loadPrivateKey()).thenReturn(privateKey);
+
+        try (var credentialUtil = mockStatic(CredentialUtil.class)) {
+            when(CredentialUtil.loadCredential(any(), eq(privateKey))).thenReturn(keyStore);
+            when(CredentialUtil.buildTrustStore(eq(keyStore))).thenReturn(trustStore);
+            assertDoesNotThrow(() -> sslConfig.ssl());
+        }
+    }
+
+    @Test
+    void ssl_whenSslIsNotEnabled_ThenDoNotDefineKeyStoreAndTrustStore()
+            throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
+        var sslConfig = new SslConfig(
+                new SslProperties(
+                        false,
+                        sslProperties.keyStoreLocation(),
+                        sslProperties.keyStorePassword(),
+                        sslProperties.clientAuth(),
+                        sslProperties.trustStoreLocation(),
+                        sslProperties.trustStorePassword(),
+                        sslProperties.keyStoreType(),
+                        sslProperties.trustStoreType()),
+                usersRolesClient,
+                authenticationProviderClient);
+        var rawKeyStore = "junit pem certificate...";
+        var privateKey = mock(PrivateKey.class);
+        var keyStore = retrieveTestStore();
+        var trustStore = retrieveTestStore();
+        when(usersRolesClient.loadPemCertificates()).thenReturn(rawKeyStore);
+        when(authenticationProviderClient.loadPrivateKey()).thenReturn(privateKey);
+
+        try (var credentialUtil = mockStatic(CredentialUtil.class)) {
+            when(CredentialUtil.loadCredential(any(), eq(privateKey))).thenReturn(keyStore);
+            when(CredentialUtil.buildTrustStore(eq(keyStore))).thenReturn(trustStore);
+            assertDoesNotThrow(() -> sslConfig.ssl());
+        }
+    }
+
+    @Test
+    void reactiveWebServerFactoryTest() {
+        var sslConfig = createDefaultSslConfig();
+        var ssl = mock(Ssl.class);
+        assertDoesNotThrow(() -> sslConfig.reactiveWebServerFactory(ssl));
+    }
+
+    private SslConfig createDefaultSslConfig() {
+        return new SslConfig(sslProperties, usersRolesClient, authenticationProviderClient);
+    }
+
+    private KeyStore retrieveTestStore() {
+        try {
+            var ks = KeyStore.getInstance(KeyStore.getDefaultType());
+            ks.load(null, null);
+            return ks;
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/configurations/ssl/UsersRolesClientTest.java

+package eu.europa.ec.simpl.tlsgateway.configurations.ssl;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import eu.europa.ec.simpl.tlsgateway.configurations.microservices.UsersRolesProperties;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.web.reactive.function.client.WebClient;
+
+@ExtendWith(MockitoExtension.class)
+class UsersRolesClientTest {
+
+    @Mock
+    private UsersRolesProperties usersRolesProperties;
+
+    private UsersRolesClient usersRolesClient;
+
+    @BeforeEach
+    public void init() {
+        when(usersRolesProperties.url()).thenReturn("http://usersroles.junit.local");
+        usersRolesClient = new UsersRolesClient(usersRolesProperties);
+    }
+
+    @Test
+    void loadPemCertificatesTest() {
+        try (var webClient = mockStatic(WebClient.class, RETURNS_DEEP_STUBS)) {
+            assertDoesNotThrow(() -> usersRolesClient.loadPemCertificates());
+            verify(WebClient.builder()).baseUrl("http://usersroles.junit.local/credential/download");
+        }
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/exceptions/AbacExceptionTest.java

+package eu.europa.ec.simpl.tlsgateway.exceptions;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.util.List;
+import org.junit.jupiter.api.Test;
+
+class AbacExceptionTest {
+
+    @Test
+    void contructorTest() {
+        var rolePrivileges = List.of("p1", "p2", "p3");
+        var expection = new AbacException(rolePrivileges);
+        assertThat(expection.getMessage().contains("p1")).isTrue();
+        assertThat(expection.getMessage().contains("p2")).isTrue();
+        assertThat(expection.getMessage().contains("p3")).isTrue();
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/exceptions/GlobalExceptionHandlerTest.java

+package eu.europa.ec.simpl.tlsgateway.exceptions;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.CALLS_REAL_METHODS;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.withSettings;
+
+import eu.europa.ec.simpl.common.exceptions.StatusException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+
+class GlobalExceptionHandlerTest {
+
+    private GlobalExceptionHandler handler;
+
+    @BeforeEach
+    public void init() {
+        handler = new GlobalExceptionHandler();
+    }
+
+    @Test
+    void handleExceptionTest() {
+        var exception = mock(
+                StatusException.class,
+                withSettings()
+                        .useConstructor(HttpStatus.NOT_FOUND, "junit error message")
+                        .defaultAnswer(CALLS_REAL_METHODS));
+        var result = handler.handleException(exception);
+        assertThat(result.getStatusCode().value()).isEqualTo(404);
+        assertThat(result.getBody().getError()).isEqualTo("junit error message");
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/filters/FilterChainTest.java

@@ -14,9 +14,11 @@ import eu.europa.ec.simpl.client.util.CertificateRevocation;
 import eu.europa.ec.simpl.common.exceptions.EphemeralProofNotFoundException;
 import eu.europa.ec.simpl.common.model.dto.CredentialDTO;
 import eu.europa.ec.simpl.common.model.dto.IdentityAttributeDTO;
-import eu.europa.ec.simpl.common.redis.model.entity.EphemeralProof;
+import eu.europa.ec.simpl.common.redis.entity.EphemeralProof;
 import eu.europa.ec.simpl.common.test.TestCertificateUtil;
 import eu.europa.ec.simpl.common.utils.Sha384Converter;
+import eu.europa.ec.simpl.tlsgateway.configurations.AuthorityKeypairProperties;
+import eu.europa.ec.simpl.tlsgateway.configurations.GlobalFilterProperties;
 import eu.europa.ec.simpl.tlsgateway.configurations.security.RouteConfig;
 import eu.europa.ec.simpl.tlsgateway.exceptions.AbacException;
 import eu.europa.ec.simpl.tlsgateway.exceptions.NoCertificateException;
@@ -54,6 +56,12 @@ class FilterChainTest {
 
     static RouteConfig routeConfig;
 
+    @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+    GlobalFilterProperties globalFilterProperties;
+
+    @Mock
+    AuthorityKeypairProperties authorityKeypairProperties;
+
     @Mock(answer = Answers.RETURNS_DEEP_STUBS)
     JwtEphemeralProofVerifier ephemeralProofVerifier;
 
@@ -177,6 +185,7 @@ class FilterChainTest {
         // Given
         var exchangeBuilder = new MockExchangeBuilder("/ephemeral-proof-required").withCertificate();
         given(ephemeralProofRepository.findById(any())).willReturn(Optional.of(Instancio.create(EphemeralProof.class)));
+        given(authorityKeypairProperties.algorithm()).willReturn("EC");
 
         var exchange = exchangeBuilder.build();
         given(ephemeralProofVerifier.verify(any())).willReturn(true);
@@ -199,6 +208,7 @@ class FilterChainTest {
         // Given
         var exchangeBuilder = new MockExchangeBuilder("/abac").withCertificate();
         var exchange = exchangeBuilder.build();
+        given(authorityKeypairProperties.algorithm()).willReturn("EC");
         given(ephemeralProofVerifier.verify(any())).willReturn(true);
         given(ephemeralProofVerifier.getPublicKeys().getFirst())
                 .willReturn(Sha384Converter.toSha384(
@@ -221,6 +231,7 @@ class FilterChainTest {
         // Given
         var exchangeBuilder = new MockExchangeBuilder("/abac").withCertificate();
         var exchange = exchangeBuilder.build();
+        given(authorityKeypairProperties.algorithm()).willReturn("EC");
         given(ephemeralProofVerifier.verify(any())).willReturn(true);
         given(ephemeralProofVerifier.getPublicKeys().getFirst())
                 .willReturn(Sha384Converter.toSha384(
@@ -243,6 +254,7 @@ class FilterChainTest {
         // Given
         var exchangeBuilder = new MockExchangeBuilder("/abac").withCertificate();
         var exchange = exchangeBuilder.build();
+        given(authorityKeypairProperties.algorithm()).willReturn("EC");
         given(ephemeralProofVerifier.verify(any())).willReturn(true);
         given(ephemeralProofVerifier.getPublicKeys().getFirst())
                 .willReturn(Sha384Converter.toSha384(
@@ -267,6 +279,7 @@ class FilterChainTest {
         var exchangeBuilder = new MockExchangeBuilder("/abac").withCertificate().withTierOneToken();
 
         var exchange = exchangeBuilder.build();
+        given(authorityKeypairProperties.algorithm()).willReturn("EC");
         given(ephemeralProofVerifier.verify(any())).willReturn(true);
         given(ephemeralProofVerifier.getPublicKeys().getFirst())
                 .willReturn(Sha384Converter.toSha384(
@@ -290,6 +303,7 @@ class FilterChainTest {
         var exchangeBuilder =
                 new MockExchangeBuilder("/abac-not-tier-one").withCertificate().withTierOneToken();
         var exchange = exchangeBuilder.build();
+        given(authorityKeypairProperties.algorithm()).willReturn("EC");
         given(ephemeralProofVerifier.verify(any())).willReturn(true);
         given(ephemeralProofVerifier.getPublicKeys().getFirst())
                 .willReturn(Sha384Converter.toSha384(
@@ -315,6 +329,7 @@ class FilterChainTest {
         var exchangeBuilder = new MockExchangeBuilder("/abac").withCertificate().withTierOneToken("ATTR_1");
 
         var exchange = exchangeBuilder.build();
+        given(authorityKeypairProperties.algorithm()).willReturn("EC");
         given(ephemeralProofVerifier.verify(any())).willReturn(true);
         given(ephemeralProofVerifier.getPublicKeys().getFirst())
                 .willReturn(Sha384Converter.toSha384(
@@ -363,9 +378,11 @@ class FilterChainTest {
                                 .setPublicKey(Base64.getEncoder()
                                         .encodeToString(TestCertificateUtil.generateKeyPair()
                                                 .getPublic()
-                                                .getEncoded()))),
-                new OcspFilter(certificateRevocationFactory),
-                new HeadersFilter(tierOneSessionValidator),
-                new AbacFilter(routeConfig));
+                                                .getEncoded())),
+                        globalFilterProperties,
+                        authorityKeypairProperties),
+                new OcspFilter(certificateRevocationFactory, globalFilterProperties),
+                new HeadersFilter(tierOneSessionValidator, globalFilterProperties),
+                new AbacFilter(routeConfig, globalFilterProperties));
     }
 }

src/test/java/eu/europa/ec/simpl/tlsgateway/filters/LoggingFilterTest.java

+package eu.europa.ec.simpl.tlsgateway.filters;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.when;
+
+import eu.europa.ec.simpl.common.model.dto.CredentialDTO;
+import eu.europa.ec.simpl.tlsgateway.configurations.GlobalFilterProperties;
+import eu.europa.ec.simpl.tlsgateway.configurations.LoggingRule;
+import eu.europa.ec.simpl.tlsgateway.configurations.security.RouteConfig;
+import eu.europa.ec.simpl.tlsgateway.utils.ExchangeUtil;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+import java.util.List;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Answers;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.cloud.gateway.filter.GatewayFilterChain;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
+
+@ExtendWith(MockitoExtension.class)
+class LoggingFilterTest {
+
+    @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+    private CredentialDTO myPublicKey;
+
+    @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+    private RouteConfig routeConfig;
+
+    @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+    private LoggingRule loggingRule;
+
+    private LoggingFilter loggingFilter;
+
+    @BeforeEach
+    public void init() {
+        var loggingsRules = List.of(loggingRule);
+        when(routeConfig.logging().business()).thenReturn(loggingsRules);
+        var globalFilterProperties = mock(GlobalFilterProperties.class);
+        loggingFilter = new LoggingFilter(myPublicKey, routeConfig, globalFilterProperties);
+    }
+
+    @Test
+    void filter_whenRuleDoesNotMatch_thenDoesNotThrow() {
+        var exchange = mock(ServerWebExchange.class);
+        var chain = mock(GatewayFilterChain.class);
+        when(loggingRule.matches(exchange)).thenReturn(Mono.just(true));
+        when(chain.filter(exchange)).thenReturn(Mono.empty());
+        assertDoesNotThrow(() -> loggingFilter.filter(exchange, chain));
+    }
+
+    @Test
+    void businessLoggerLogTest() throws NoSuchAlgorithmException {
+        LoggingRule.Config config = mock(LoggingRule.Config.class);
+        ServerWebExchange exchange = mock(ServerWebExchange.class, Answers.RETURNS_DEEP_STUBS);
+        var request = mock(ServerHttpRequest.class, Answers.RETURNS_DEEP_STUBS);
+        when(exchange.getRequest()).thenReturn(request);
+        when(request.getMethod()).thenReturn(HttpMethod.GET);
+        when(request.getPath().value()).thenReturn("http://junit/path");
+        GatewayFilterChain chain = mock(GatewayFilterChain.class);
+        var headers = new HttpHeaders();
+        headers.set("authentication", "Bearer token");
+        when(exchange.getRequest().getHeaders()).thenReturn(headers);
+
+        var keyPair = KeyPairGenerator.getInstance("RSA").genKeyPair();
+        var pubBase64 = Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded());
+        when(myPublicKey.getPublicKey()).thenReturn(pubBase64);
+        var businessLogger = loggingFilter.newBusinessLogger(config, exchange, chain);
+        when(chain.filter(exchange)).thenReturn(Mono.empty());
+        try (var exchangeUtil = mockStatic(ExchangeUtil.class)) {
+            when(ExchangeUtil.getCredentialIdFromExchange(exchange)).thenReturn("junit-destination");
+            businessLogger.log();
+        }
+    }
+}

src/test/java/eu/europa/ec/simpl/tlsgateway/utils/EphemeralProofUtilTest.java

+package eu.europa.ec.simpl.tlsgateway.utils;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+
+import org.junit.jupiter.api.Test;
+
+class EphemeralProofUtilTest {
+
+    @Test
+    void getEphemeralProofTest() {
+        assertDoesNotThrow(
+                () -> EphemeralProofUtil.getEphemeralProof(
+                        "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"));
+    }
+}