// validate the response contents.
assertNotNull("Unexpected null response", baseResponse);
assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
collection = (RequestSecurityTokenResponseCollection) baseResponse;
assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
assertEquals("Unexpected response context", "validatecontext", response.getContext());
assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
StatusType status = response.getStatus();
assertNotNull("Unexpected null status", status);
assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_VALID, status.getCode());
assertEquals("Unexpected status reason", "SAMLV2.0 Assertion successfuly validated", status.getReason());
// now let's temper the SAML assertion and try to validate it again.
assertion.setAttribute("Version", "X");
request.getValidateTarget().add(assertion);
Source theRequest = this.createSourceFromRequest(request);
responseMessage = this.tokenService.invoke(theRequest);
collection = (RequestSecurityTokenResponseCollection) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
response = collection.getRequestSecurityTokenResponses().get(0);
assertEquals("Unexpected response context", "validatecontext", response.getContext());
assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
status = response.getStatus();
assertNotNull("Unexpected null status", status);
assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
assertEquals("Unexpected status reason", "Validation failure: digital signature is invalid", status.getReason());
}