05384a23b90e3a30ed539cd40a48193383eb4f6d
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.ByteArrayOutputStream;
53 import java.io.FileInputStream;
54 import java.io.FileNotFoundException;
55 import java.io.InputStream;
56 import java.io.StringReader;
57 import java.net.MalformedURLException;
58 import java.net.URI;
59 import java.net.URISyntaxException;
60 import java.net.URL;
61 import java.security.Principal;
62 import java.util.Arrays;
63 import java.util.HashSet;
64 import java.util.Properties;
65
66 import junit.framework.TestCase;
67
68 import org.apache.log4j.BasicConfigurator;
69 import org.apache.xerces.parsers.DOMParser;
70 import org.apache.xml.serialize.OutputFormat;
71 import org.apache.xml.serialize.XMLSerializer;
72 import org.xml.sax.EntityResolver;
73 import org.xml.sax.ErrorHandler;
74 import org.xml.sax.InputSource;
75 import org.xml.sax.SAXException;
76 import org.xml.sax.SAXParseException;
77
78 /**
79  * Validation suite for <code>Arp</code> processing.
80  * 
81  * @ author Walter Hoehn(wassa@columbia.edu)
82  */
83
84 public class ArpTests extends TestCase {
85
86         private DOMParser parser = new DOMParser();
87         private String[] arpExamples =
88                 {
89                         "data/example1.xml",
90                         "data/example2.xml",
91                         "data/example3.xml",
92                         "data/example4.xml",
93                         "data/example5.xml",
94                         "data/example6.xml",
95                         "data/example7.xml",
96                         "data/example8.xml",
97                         "data/example9.xml",
98                         "data/example10.xml",
99                         "data/example11.xml" };
100
101         public ArpTests(String name) {
102                 super(name);
103                 BasicConfigurator.resetConfiguration();
104                 BasicConfigurator.configure();
105         }
106
107         public static void main(String[] args) {
108                 junit.textui.TestRunner.run(ArpTests.class);
109                 BasicConfigurator.configure();
110         }
111
112         /**
113          * @see junit.framework.TestCase#setUp()
114          */
115         protected void setUp() throws Exception {
116                 super.setUp();
117                 try {
118                         parser.setFeature("http://xml.org/sax/features/validation", true);
119                         parser.setFeature("http://apache.org/xml/features/validation/schema", true);
120                         parser.setEntityResolver(new EntityResolver() {
121                                 public InputSource resolveEntity(String publicId, String systemId)
122                                         throws SAXException {
123
124                                         if (systemId.endsWith("shibboleth-arp-1.0.xsd")) {
125                                                 InputStream stream;
126                                                 try {
127                                                         stream = new FileInputStream("src/schemas/shibboleth-arp-1.0.xsd");
128                                                         if (stream != null) {
129                                                                 return new InputSource(stream);
130                                                         }
131                                                         throw new SAXException("Could not load entity: Null input stream");
132                                                 } catch (FileNotFoundException e) {
133                                                         throw new SAXException("Could not load entity: " + e);
134                                                 }
135                                         } else {
136                                                 return null;
137                                         }
138                                 }
139                         });
140
141                         parser.setErrorHandler(new ErrorHandler() {
142                                 public void error(SAXParseException arg0) throws SAXException {
143                                         throw new SAXException("Error parsing xml file: " + arg0);
144                                 }
145                                 public void fatalError(SAXParseException arg0) throws SAXException {
146                                         throw new SAXException("Error parsing xml file: " + arg0);
147                                 }
148                                 public void warning(SAXParseException arg0) throws SAXException {
149                                         throw new SAXException("Error parsing xml file: " + arg0);
150                                 }
151                         });
152                 } catch (Exception e) {
153                         fail("Failed to setup xml parser: " + e);
154                 }
155
156         }
157
158         public void testArpMarshalling() {
159
160                 //Test ARP description
161                 try {
162                         InputStream inStream = new FileInputStream("test/arp1.xml");
163                         parser.parse(new InputSource(inStream));
164                         Arp arp1 = new Arp();
165                         arp1.marshall(parser.getDocument().getDocumentElement());
166                         assertEquals(
167                                 "ARP Description not marshalled properly",
168                                 arp1.getDescription(),
169                                 "Simplest possible ARP.");
170
171                         //Test Rule description
172                         assertEquals(
173                                 "ARP Rule Description not marshalled properly",
174                                 arp1.getAllRules()[0].getDescription(),
175                                 "Example Rule Description.");
176                 } catch (Exception e) {
177                         fail("Failed to marshall ARP: " + e);
178                 }
179
180                 //Test case where ARP description does not exist
181                 try {
182                         InputStream inStream = new FileInputStream("test/arp2.xml");
183                         parser.parse(new InputSource(inStream));
184                         Arp arp2 = new Arp();
185                         arp2.marshall(parser.getDocument().getDocumentElement());
186                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
187
188                         //Test case where ARP Rule description does not exist   
189                         assertNull(
190                                 "ARP Rule Description not marshalled properly",
191                                 arp2.getAllRules()[0].getDescription());
192                 } catch (Exception e) {
193                         fail("Failed to marshall ARP.");
194                 }
195
196         }
197
198         public void testMatchingFunctions() {
199
200                 try {
201
202                         /*
203                          * Test Arp Engine function retrieval
204                          */
205
206                         //Lookup a function that doesn't exist
207                         MatchFunction noFunction =
208                                 ArpEngine.lookupMatchFunction(
209                                         new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
210                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
211
212                         //Lookup some real functions
213                         MatchFunction exactSharFunction =
214                                 ArpEngine.lookupMatchFunction(
215                                         new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
216                         assertNotNull(
217                                 "ArpEngine did not properly load the Exact SHAR function.",
218                                 exactSharFunction);
219                         MatchFunction resourceTreeFunction =
220                                 ArpEngine.lookupMatchFunction(
221                                         new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
222                         assertNotNull(
223                                 "ArpEngine did not properly load the Resource Tree SHAR function.",
224                                 resourceTreeFunction);
225                         MatchFunction regexFunction =
226                                 ArpEngine.lookupMatchFunction(
227                                         new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
228                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
229
230                         /* 
231                          * Test the Exact SHAR function (requester)
232                          */
233
234                         assertTrue(
235                                 "Exact SHAR function: false negative",
236                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
237                         assertTrue(
238                                 "Exact SHAR function: false negative",
239                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
240                         assertTrue(
241                                 "Exact SHAR function: false negative",
242                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
243
244                         //Make sure we properly handle bad input
245                         try {
246                                 exactSharFunction.match(null, null);
247                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
248                         } catch (ArpException ie) {
249                                 //This is supposed to fail
250                         }
251
252                         /*
253                          * Test the Resource Tree function (resource)
254                          */
255
256                         URL requestURL1 = new URL("http://www.example.edu/test/");
257                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
258                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
259                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
260
261                         assertTrue(
262                                 "Resource Tree function: false negative",
263                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
264                         assertTrue(
265                                 "Resource Tree function: false positive",
266                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
267                         assertTrue(
268                                 "Resource Tree function: false negative",
269                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
270                         assertTrue(
271                                 "Resource Tree function: false positive",
272                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
273                         assertTrue(
274                                 "Resource Tree function: false negative",
275                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
276                         assertTrue(
277                                 "Resource Tree function: false negative",
278                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
279                         assertTrue(
280                                 "Resource Tree function: false negative",
281                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
282                         assertTrue(
283                                 "Resource Tree function: false positive",
284                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
285                         assertTrue(
286                                 "Resource Tree function: false negative",
287                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
288                         assertTrue(
289                                 "Resource Tree function: false negative",
290                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
291                         assertTrue(
292                                 "Resource Tree function: false negative",
293                                 resourceTreeFunction.match(
294                                         "http://www.example.edu/test2/index.html?test1=test1",
295                                         requestURL4));
296                         assertTrue(
297                                 "Resource Tree function: false positive",
298                                 !resourceTreeFunction.match(
299                                         "http://www.example.edu/test2/index.html?test1=test1",
300                                         requestURL3));
301
302                         //Make sure we properly handle bad input
303                         try {
304                                 resourceTreeFunction.match(null, null);
305                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
306                         } catch (ArpException ie) {
307                                 //This is supposed to fail
308                         }
309                         try {
310                                 resourceTreeFunction.match("Test", "Test");
311                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
312                         } catch (ArpException ie) {
313                                 //This is supposed to fail
314                         }
315
316                         /*
317                          * Test the Regex function (requester & resource)
318                          */
319
320                         //Try requester regexes
321                         assertTrue(
322                                 "Regex function: false negative",
323                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
324                         assertTrue(
325                                 "Regex function: false negative",
326                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
327                         assertTrue(
328                                 "Regex function: false negative",
329                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
330                         assertTrue(
331                                 "Regex function: false negative",
332                                 regexFunction.match(".*\\.edu", "shar.example.edu"));
333                         assertTrue(
334                                 "Regex function: false positive",
335                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
336                         assertTrue(
337                                 "Regex function: false positive",
338                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
339                         assertTrue(
340                                 "Regex function: false positive",
341                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
342
343                         //Try resource regexes
344                         assertTrue(
345                                 "Regex function: false negative",
346                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
347                         assertTrue(
348                                 "Regex function: false negative",
349                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
350                         assertTrue(
351                                 "Regex function: false negative",
352                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
353                         assertTrue(
354                                 "Regex function: false negative",
355                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
356                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
357                         assertTrue(
358                                 "Regex function: false positive",
359                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
360                         assertTrue(
361                                 "Regex function: false positive",
362                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
363
364                         //Make sure we properly handle bad input
365                         try {
366                                 regexFunction.match(null, null);
367                                 fail("Regex function seems to take improper input without throwing an exception.");
368                         } catch (ArpException ie) {
369                                 //This is supposed to fail
370                         }
371
372                 } catch (ArpException e) {
373                         fail("Encountered a problem loading match function: " + e);
374                 } catch (URISyntaxException e) {
375                         fail("Unable to create URI from test string.");
376                 } catch (MalformedURLException e) {
377                         fail("Couldn't create test URLs: " + e);
378                 }
379
380         }
381
382         public void testRepositories() {
383
384                 /*
385                  * Test the Factory
386                  */
387
388                 //Make sure we fail if no Repository is specified
389                 Properties props = new Properties();
390                 try {
391                         ArpRepositoryFactory.getInstance(props);
392                 } catch (ArpRepositoryException e) {
393                         //This is supposed to fail
394                 }
395
396                 // Make sure we can create an Arp Repository
397                 props.setProperty(
398                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
399                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
400                 ArpRepository repository = null;
401                 try {
402                         repository = ArpRepositoryFactory.getInstance(props);
403                 } catch (ArpRepositoryException e) {
404                         fail("Failed to create memory-based Arp Repository" + e);
405                 }
406                 assertNotNull(
407                         "Failed to create memory-based Arp Repository: Factory returned null.",
408                         repository);
409
410                 /*
411                  * Exercise the Memory Arp Repository
412                  */
413
414                 //Set/retrieve/remove a Site ARP
415                 Arp siteArp1 = new Arp();
416                 siteArp1.setDescription("Test Site Arp 1.");
417                 try {
418                         repository.update(siteArp1);
419                         assertEquals(
420                                 "Memory Repository does not store and retrieve Site ARPs properly.",
421                                 siteArp1,
422                                 repository.getSitePolicy());
423                         repository.remove(repository.getSitePolicy());
424                         assertNull(
425                                 "Memorty Repository does not properly delete Site ARPs.",
426                                 repository.getSitePolicy());
427                 } catch (ArpRepositoryException e) {
428                         fail("Error adding Site ARP to Memory Repository.");
429                 }
430
431                 //Set/retrieve/delete some user ARPs
432                 Arp userArp1 = new Arp();
433                 userArp1.setDescription("Broken User Arp 1.");
434                 try {
435                         repository.update(userArp1);
436                         assertTrue(
437                                 "Memory Repository does not store and retrieve User ARPs properly.",
438                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
439                 } catch (ArpRepositoryException e) {
440                         fail("Error adding User ARP to Memory Repository.");
441                 }
442
443                 Arp userArp2 = new Arp(new AAPrincipal("TestPrincipal"));
444                 userArp2.setDescription("Test User Arp 2.");
445                 try {
446                         repository.update(userArp2);
447                         assertEquals(
448                                 "Memory Repository does not store and retrieve User ARPs properly.",
449                                 userArp2,
450                                 repository.getUserPolicy(userArp2.getPrincipal()));
451                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
452                         assertNull(
453                                 "Memorty Repository does not properly delete User ARPs.",
454                                 repository.getUserPolicy(userArp2.getPrincipal()));
455                 } catch (ArpRepositoryException e) {
456                         fail("Error adding User ARP to Memory Repository.");
457                 }
458
459                 /*
460                  * Exercise the Memory Arp Repository
461                  */
462
463                 //create a repository
464                 props.setProperty(
465                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
466                         "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
467                 props.setProperty(
468                         "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository.Path",
469                         "data");
470                 props.setProperty(
471                         "edu.internet2.middleware.shibboleth.aa.arp.BaseArpRepository.ArpTTL",
472                         "65535");
473                 repository = null;
474                 try {
475                         repository = ArpRepositoryFactory.getInstance(props);
476                 } catch (ArpRepositoryException e) {
477                         fail("Failed to create file-based Arp Repository" + e);
478                 }
479                 assertNotNull(
480                         "Failed to create file-based Arp Repository: Factory returned null.",
481                         repository);
482
483                 try {
484                         repository.getSitePolicy();
485                         repository.getUserPolicy(new AAPrincipal("test"));
486                         repository.getAllPolicies(new AAPrincipal("test"));
487                 } catch (ArpRepositoryException e) {
488                         fail("Error retrieving ARP from Repository.");
489                 }
490
491         }
492
493         public void testPossibleReleaseSetComputation() {
494                 Properties props = new Properties();
495                 props.setProperty(
496                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
497                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
498                 ArpRepository repository = null;
499                 try {
500                         repository = ArpRepositoryFactory.getInstance(props);
501                 } catch (ArpRepositoryException e) {
502                         fail("Failed to create memory-based Arp Repository" + e);
503                 }
504
505                 try {
506                         Principal principal1 = new AAPrincipal("TestPrincipal");
507                         URL url1 = new URL("http://www.example.edu/");
508                         URI[] list1 = { new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation")};
509                         URI[] list2 =
510                                 {
511                                         new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation"),
512                                         new URI("urn:mace:eduPerson:1.0:eduPersonPrincipalName")};
513                         URI[] list3 = new URI[0];
514
515                         //Test with just a site ARP
516                         InputStream inStream = new FileInputStream("test/arp1.xml");
517                         parser.parse(new InputSource(inStream));
518                         Arp arp1 = new Arp();
519                         arp1.marshall(parser.getDocument().getDocumentElement());
520                         repository.update(arp1);
521                         ArpEngine engine = new ArpEngine(repository, props);
522                         URI[] possibleAttributes =
523                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
524                         assertEquals(
525                                 "Incorrectly computed possible release set (1).",
526                                 new HashSet(Arrays.asList(possibleAttributes)),
527                                 new HashSet(Arrays.asList(list1)));
528
529                         //Test with site and user ARPs
530                         inStream = new FileInputStream("test/arp7.xml");
531                         parser.parse(new InputSource(inStream));
532                         Arp arp7 = new Arp();
533                         arp7.setPrincipal(principal1);
534                         arp7.marshall(parser.getDocument().getDocumentElement());
535                         repository.update(arp7);
536                         possibleAttributes =
537                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
538                         assertEquals(
539                                 "Incorrectly computed possible release set (2).",
540                                 new HashSet(Arrays.asList(possibleAttributes)),
541                                 new HashSet(Arrays.asList(list2)));
542
543                         //Ensure that explicit denies on any value are not in the release set
544                         inStream = new FileInputStream("test/arp6.xml");
545                         parser.parse(new InputSource(inStream));
546                         Arp arp6 = new Arp();
547                         arp6.setPrincipal(principal1);
548                         arp6.marshall(parser.getDocument().getDocumentElement());
549                         repository.update(arp6);
550                         possibleAttributes =
551                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
552                         assertEquals(
553                                 "Incorrectly computed possible release set (3).",
554                                 new HashSet(Arrays.asList(possibleAttributes)),
555                                 new HashSet(Arrays.asList(list3)));
556
557                 } catch (Exception e) {
558                         e.printStackTrace();
559                         fail("Failed to marshall ARP: " + e);
560                 }
561
562         }
563
564         public void testArpApplication() {
565
566                 //Setup a test ARP repository
567                 Properties props = new Properties();
568                 props.setProperty(
569                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
570                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
571                 ArpRepository repository = null;
572                 try {
573                         repository = ArpRepositoryFactory.getInstance(props);
574                 } catch (ArpRepositoryException e) {
575                         fail("Failed to create memory-based Arp Repository" + e);
576                 }
577
578                 try {
579
580                         arpApplicationTest1(repository, props, parser);
581                         arpApplicationTest2(repository, props, parser);
582                         arpApplicationTest3(repository, props, parser);
583                         arpApplicationTest4(repository, props, parser);
584                         arpApplicationTest5(repository, props, parser);
585                         arpApplicationTest6(repository, props, parser);
586                         arpApplicationTest7(repository, props, parser);
587                         arpApplicationTest8(repository, props, parser);
588                         arpApplicationTest9(repository, props, parser);
589                         arpApplicationTest10(repository, props, parser);
590                         arpApplicationTest11(repository, props, parser);
591                         arpApplicationTest12(repository, props, parser);
592                         arpApplicationTest13(repository, props, parser);
593                         arpApplicationTest14(repository, props, parser);
594                         arpApplicationTest15(repository, props, parser);
595                         arpApplicationTest16(repository, props, parser);
596                         arpApplicationTest17(repository, props, parser);
597                         arpApplicationTest18(repository, props, parser);
598                         arpApplicationTest19(repository, props, parser);
599                         arpApplicationTest20(repository, props, parser);
600                         arpApplicationTest21(repository, props, parser);
601
602                 } catch (Exception e) {
603                         e.printStackTrace();
604                         fail("Failed to apply filter to ARPs: " + e);
605                 }
606         }
607
608         public void testRoundtripMarshalling() {
609
610                 try {
611                         for (int i = 0; i < arpExamples.length; i++) {
612
613                                 InputStream inStream = new FileInputStream(arpExamples[i]);
614                                 parser.parse(new InputSource(inStream));
615                                 ByteArrayOutputStream directXML = new ByteArrayOutputStream();
616                                 new XMLSerializer(directXML, new OutputFormat()).serialize(
617                                         parser.getDocument().getDocumentElement());
618
619                                 Arp arp1 = new Arp();
620                                 arp1.marshall(parser.getDocument().getDocumentElement());
621
622                                 ByteArrayOutputStream processedXML = new ByteArrayOutputStream();
623                                 new XMLSerializer(processedXML, new OutputFormat()).serialize(arp1.unmarshall());
624
625                                 assertTrue(
626                                         "Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")",
627                                         directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
628                                                 processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
629                         }
630
631                 } catch (Exception e) {
632                         fail("Failed to marshall ARP: " + e);
633                 }
634
635         }
636         /**
637          * ARPs: A site ARP only
638          * Target: Any
639          * Attribute: Any value release,
640          */
641         void arpApplicationTest1(ArpRepository repository, Properties props, DOMParser parser)
642                 throws Exception {
643
644                 //Gather the Input
645                 String rawArp =
646                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
647                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
648                                 + "                     <Rule>"
649                                 + "                             <Target>"
650                                 + "                                     <AnyTarget/>"
651                                 + "                             </Target>"
652                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
653                                 + "                                     <AnyValue release=\"permit\"/>"
654                                 + "                             </Attribute>"
655                                 + "                     </Rule>"
656                                 + "     </AttributeReleasePolicy>";
657
658                 Principal principal1 = new AAPrincipal("TestPrincipal");
659                 URL url1 = new URL("http://www.example.edu/");
660                 TestAttribute testAttribute =
661                         new TestAttribute(
662                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
663                                 new Object[] { "member@example.edu", "faculty@example.edu" });
664
665                 //Setup the engine
666                 parser.parse(new InputSource(new StringReader(rawArp)));
667                 Arp siteArp = new Arp();
668                 siteArp.marshall(parser.getDocument().getDocumentElement());
669                 repository.update(siteArp);
670                 ArpEngine engine = new ArpEngine(repository, props);
671
672                 //Apply the ARP
673                 ArpAttribute[] releaseAttributes =
674                         engine.filterAttributes(
675                                 new ArpAttribute[] { testAttribute },
676                                 principal1,
677                                 "shar.example.edu",
678                                 url1);
679
680                 assertEquals(
681                         "ARP application test 1: ARP not applied as expected.",
682                         new HashSet(Arrays.asList(releaseAttributes)),
683                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
684         }
685
686         /**
687          * ARPs: A site ARP only
688          * Target: Any
689          * Attribute: Any value release, implicit deny
690          */
691         void arpApplicationTest2(ArpRepository repository, Properties props, DOMParser parser)
692                 throws Exception {
693
694                 //Gather the Input
695                 String rawArp =
696                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
697                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
698                                 + "                     <Rule>"
699                                 + "                             <Target>"
700                                 + "                                     <AnyTarget/>"
701                                 + "                             </Target>"
702                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
703                                 + "                                     <AnyValue release=\"permit\"/>"
704                                 + "                             </Attribute>"
705                                 + "                     </Rule>"
706                                 + "     </AttributeReleasePolicy>";
707
708                 Principal principal1 = new AAPrincipal("TestPrincipal");
709                 URL url1 = new URL("http://www.example.edu/");
710                 TestAttribute testAttribute1 =
711                         new TestAttribute(
712                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
713                                 new Object[] { "member@example.edu", "faculty@example.edu" });
714                 TestAttribute testAttribute2 =
715                         new TestAttribute(
716                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
717                                 new Object[] { "mehoehn@example.edu" });
718
719                 //Setup the engine
720                 parser.parse(new InputSource(new StringReader(rawArp)));
721                 Arp siteArp = new Arp();
722                 siteArp.marshall(parser.getDocument().getDocumentElement());
723                 repository.update(siteArp);
724                 ArpEngine engine = new ArpEngine(repository, props);
725
726                 //Apply the ARP
727                 ArpAttribute[] releaseAttributes =
728                         engine.filterAttributes(
729                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
730                                 principal1,
731                                 "shar.example.edu",
732                                 url1);
733
734                 assertEquals(
735                         "ARP application test 2: ARP not applied as expected.",
736                         new HashSet(Arrays.asList(releaseAttributes)),
737                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute1 })));
738         }
739
740         /**
741          * ARPs: A site ARP only
742          * Target: Any
743          * Attribute: One value release
744          */
745         void arpApplicationTest3(ArpRepository repository, Properties props, DOMParser parser)
746                 throws Exception {
747
748                 //Gather the Input
749                 String rawArp =
750                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
751                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
752                                 + "                     <Rule>"
753                                 + "                             <Target>"
754                                 + "                                     <AnyTarget/>"
755                                 + "                             </Target>"
756                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
757                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
758                                 + "                             </Attribute>"
759                                 + "                     </Rule>"
760                                 + "     </AttributeReleasePolicy>";
761
762                 Principal principal1 = new AAPrincipal("TestPrincipal");
763                 URL url1 = new URL("http://www.example.edu/");
764                 TestAttribute testAttribute =
765                         new TestAttribute(
766                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
767                                 new Object[] { "member@example.edu", "faculty@example.edu" });
768                 TestAttribute filteredAttribute =
769                         new TestAttribute(
770                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
771                                 new Object[] { "member@example.edu" });
772
773                 //Setup the engine
774                 parser.parse(new InputSource(new StringReader(rawArp)));
775                 Arp siteArp = new Arp();
776                 siteArp.marshall(parser.getDocument().getDocumentElement());
777                 repository.update(siteArp);
778                 ArpEngine engine = new ArpEngine(repository, props);
779
780                 //Apply the ARP
781                 ArpAttribute[] releaseAttributes =
782                         engine.filterAttributes(
783                                 new ArpAttribute[] { testAttribute },
784                                 principal1,
785                                 "shar.example.edu",
786                                 url1);
787
788                 assertEquals(
789                         "ARP application test 3: ARP not applied as expected.",
790                         new HashSet(Arrays.asList(releaseAttributes)),
791                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
792         }
793
794         /**
795          * ARPs: A site ARP only
796          * Target: Any
797          * Attribute: Any value except one release, canonical representation
798          */
799         void arpApplicationTest4(ArpRepository repository, Properties props, DOMParser parser)
800                 throws Exception {
801
802                 //Gather the Input
803                 String rawArp =
804                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
805                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
806                                 + "                     <Rule>"
807                                 + "                             <Target>"
808                                 + "                                     <AnyTarget/>"
809                                 + "                             </Target>"
810                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
811                                 + "                                     <AnyValue release=\"permit\"/>"
812                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
813                                 + "                             </Attribute>"
814                                 + "                     </Rule>"
815                                 + "     </AttributeReleasePolicy>";
816
817                 Principal principal1 = new AAPrincipal("TestPrincipal");
818                 URL url1 = new URL("http://www.example.edu/");
819                 TestAttribute testAttribute =
820                         new TestAttribute(
821                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
822                                 new Object[] {
823                                         "member@example.edu",
824                                         "faculty@example.edu",
825                                         "employee@example.edu" });
826                 TestAttribute filteredAttribute =
827                         new TestAttribute(
828                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
829                                 new Object[] { "faculty@example.edu", "employee@example.edu" });
830
831                 //Setup the engine
832                 parser.parse(new InputSource(new StringReader(rawArp)));
833                 Arp siteArp = new Arp();
834                 siteArp.marshall(parser.getDocument().getDocumentElement());
835                 repository.update(siteArp);
836                 ArpEngine engine = new ArpEngine(repository, props);
837
838                 //Apply the ARP
839                 ArpAttribute[] releaseAttributes =
840                         engine.filterAttributes(
841                                 new ArpAttribute[] { testAttribute },
842                                 principal1,
843                                 "shar.example.edu",
844                                 url1);
845
846                 assertEquals(
847                         "ARP application test 4: ARP not applied as expected.",
848                         new HashSet(Arrays.asList(releaseAttributes)),
849                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
850         }
851
852         /**
853          * ARPs: A site ARP only
854          * Target: Any
855          * Attribute: Any value except one release, expanded representation
856          */
857         void arpApplicationTest5(ArpRepository repository, Properties props, DOMParser parser)
858                 throws Exception {
859
860                 //Gather the Input
861                 String rawArp =
862                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
863                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
864                                 + "                     <Rule>"
865                                 + "                             <Target>"
866                                 + "                                     <AnyTarget/>"
867                                 + "                             </Target>"
868                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
869                                 + "                                     <AnyValue release=\"permit\"/>"
870                                 + "                             </Attribute>"
871                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
872                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
873                                 + "                             </Attribute>"
874                                 + "                     </Rule>"
875                                 + "     </AttributeReleasePolicy>";
876
877                 Principal principal1 = new AAPrincipal("TestPrincipal");
878                 URL url1 = new URL("http://www.example.edu/");
879                 TestAttribute testAttribute =
880                         new TestAttribute(
881                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
882                                 new Object[] {
883                                         "member@example.edu",
884                                         "faculty@example.edu",
885                                         "employee@example.edu" });
886                 TestAttribute filteredAttribute =
887                         new TestAttribute(
888                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
889                                 new Object[] { "faculty@example.edu", "employee@example.edu" });
890
891                 //Setup the engine
892                 parser.parse(new InputSource(new StringReader(rawArp)));
893                 Arp siteArp = new Arp();
894                 siteArp.marshall(parser.getDocument().getDocumentElement());
895                 repository.update(siteArp);
896                 ArpEngine engine = new ArpEngine(repository, props);
897
898                 //Apply the ARP
899                 ArpAttribute[] releaseAttributes =
900                         engine.filterAttributes(
901                                 new ArpAttribute[] { testAttribute },
902                                 principal1,
903                                 "shar.example.edu",
904                                 url1);
905
906                 assertEquals(
907                         "ARP application test 5: ARP not applied as expected.",
908                         new HashSet(Arrays.asList(releaseAttributes)),
909                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
910         }
911
912         /**
913          * ARPs: A site ARP only
914          * Target: Any
915          * Attribute: Any value except two release, expanded representation
916          */
917         void arpApplicationTest6(ArpRepository repository, Properties props, DOMParser parser)
918                 throws Exception {
919
920                 //Gather the Input
921                 String rawArp =
922                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
923                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
924                                 + "                     <Rule>"
925                                 + "                             <Target>"
926                                 + "                                     <AnyTarget/>"
927                                 + "                             </Target>"
928                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
929                                 + "                                     <AnyValue release=\"permit\"/>"
930                                 + "                             </Attribute>"
931                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
932                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
933                                 + "                             </Attribute>"
934                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
935                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
936                                 + "                             </Attribute>"
937                                 + "                     </Rule>"
938                                 + "     </AttributeReleasePolicy>";
939
940                 Principal principal1 = new AAPrincipal("TestPrincipal");
941                 URL url1 = new URL("http://www.example.edu/");
942                 TestAttribute testAttribute =
943                         new TestAttribute(
944                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
945                                 new Object[] {
946                                         "member@example.edu",
947                                         "faculty@example.edu",
948                                         "employee@example.edu" });
949                 TestAttribute filteredAttribute =
950                         new TestAttribute(
951                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
952                                 new Object[] { "employee@example.edu" });
953
954                 //Setup the engine
955                 parser.parse(new InputSource(new StringReader(rawArp)));
956                 Arp siteArp = new Arp();
957                 siteArp.marshall(parser.getDocument().getDocumentElement());
958                 repository.update(siteArp);
959                 ArpEngine engine = new ArpEngine(repository, props);
960
961                 //Apply the ARP
962                 ArpAttribute[] releaseAttributes =
963                         engine.filterAttributes(
964                                 new ArpAttribute[] { testAttribute },
965                                 principal1,
966                                 "shar.example.edu",
967                                 url1);
968
969                 assertEquals(
970                         "ARP application test 6: ARP not applied as expected.",
971                         new HashSet(Arrays.asList(releaseAttributes)),
972                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
973         }
974
975         /**
976          * ARPs: A site ARP only
977          * Target: Any
978          * Attribute: Two value release, canonical representation
979          */
980         void arpApplicationTest7(ArpRepository repository, Properties props, DOMParser parser)
981                 throws Exception {
982
983                 //Gather the Input
984                 String rawArp =
985                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
986                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
987                                 + "                     <Rule>"
988                                 + "                             <Target>"
989                                 + "                                     <AnyTarget/>"
990                                 + "                             </Target>"
991                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
992                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
993                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
994                                 + "                             </Attribute>"
995                                 + "                     </Rule>"
996                                 + "     </AttributeReleasePolicy>";
997
998                 Principal principal1 = new AAPrincipal("TestPrincipal");
999                 URL url1 = new URL("http://www.example.edu/");
1000                 TestAttribute testAttribute =
1001                         new TestAttribute(
1002                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1003                                 new Object[] {
1004                                         "member@example.edu",
1005                                         "faculty@example.edu",
1006                                         "employee@example.edu" });
1007                 TestAttribute filteredAttribute =
1008                         new TestAttribute(
1009                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1010                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1011
1012                 //Setup the engine
1013                 parser.parse(new InputSource(new StringReader(rawArp)));
1014                 Arp siteArp = new Arp();
1015                 siteArp.marshall(parser.getDocument().getDocumentElement());
1016                 repository.update(siteArp);
1017                 ArpEngine engine = new ArpEngine(repository, props);
1018
1019                 //Apply the ARP
1020                 ArpAttribute[] releaseAttributes =
1021                         engine.filterAttributes(
1022                                 new ArpAttribute[] { testAttribute },
1023                                 principal1,
1024                                 "shar.example.edu",
1025                                 url1);
1026
1027                 assertEquals(
1028                         "ARP application test 3: ARP not applied as expected.",
1029                         new HashSet(Arrays.asList(releaseAttributes)),
1030                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
1031         }
1032
1033         /**
1034          * ARPs: A site ARP only
1035          * Target: Any
1036          * Attribute: Two value release, expanded representation
1037          */
1038         void arpApplicationTest8(ArpRepository repository, Properties props, DOMParser parser)
1039                 throws Exception {
1040
1041                 //Gather the Input
1042                 String rawArp =
1043                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1044                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1045                                 + "                     <Rule>"
1046                                 + "                             <Target>"
1047                                 + "                                     <AnyTarget/>"
1048                                 + "                             </Target>"
1049                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1050                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1051                                 + "                             </Attribute>"
1052                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1053                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1054                                 + "                             </Attribute>"
1055                                 + "                     </Rule>"
1056                                 + "     </AttributeReleasePolicy>";
1057
1058                 Principal principal1 = new AAPrincipal("TestPrincipal");
1059                 URL url1 = new URL("http://www.example.edu/");
1060                 TestAttribute testAttribute =
1061                         new TestAttribute(
1062                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1063                                 new Object[] {
1064                                         "member@example.edu",
1065                                         "faculty@example.edu",
1066                                         "employee@example.edu" });
1067                 TestAttribute filteredAttribute =
1068                         new TestAttribute(
1069                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1070                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1071
1072                 //Setup the engine
1073                 parser.parse(new InputSource(new StringReader(rawArp)));
1074                 Arp siteArp = new Arp();
1075                 siteArp.marshall(parser.getDocument().getDocumentElement());
1076                 repository.update(siteArp);
1077                 ArpEngine engine = new ArpEngine(repository, props);
1078
1079                 //Apply the ARP
1080                 ArpAttribute[] releaseAttributes =
1081                         engine.filterAttributes(
1082                                 new ArpAttribute[] { testAttribute },
1083                                 principal1,
1084                                 "shar.example.edu",
1085                                 url1);
1086
1087                 assertEquals(
1088                         "ARP application test 8: ARP not applied as expected.",
1089                         new HashSet(Arrays.asList(releaseAttributes)),
1090                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
1091         }
1092
1093         /**
1094          * ARPs: A site ARP only
1095          * Target: Any
1096          * Attribute: Any value deny
1097          */
1098         void arpApplicationTest9(ArpRepository repository, Properties props, DOMParser parser)
1099                 throws Exception {
1100
1101                 //Gather the Input
1102                 String rawArp =
1103                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1104                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1105                                 + "                     <Rule>"
1106                                 + "                             <Target>"
1107                                 + "                                     <AnyTarget/>"
1108                                 + "                             </Target>"
1109                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1110                                 + "                                     <AnyValue release=\"deny\"/>"
1111                                 + "                             </Attribute>"
1112                                 + "                     </Rule>"
1113                                 + "     </AttributeReleasePolicy>";
1114
1115                 Principal principal1 = new AAPrincipal("TestPrincipal");
1116                 URL url1 = new URL("http://www.example.edu/");
1117                 TestAttribute testAttribute =
1118                         new TestAttribute(
1119                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1120                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1121
1122                 //Setup the engine
1123                 parser.parse(new InputSource(new StringReader(rawArp)));
1124                 Arp siteArp = new Arp();
1125                 siteArp.marshall(parser.getDocument().getDocumentElement());
1126                 repository.update(siteArp);
1127                 ArpEngine engine = new ArpEngine(repository, props);
1128
1129                 //Apply the ARP
1130                 ArpAttribute[] releaseAttributes =
1131                         engine.filterAttributes(
1132                                 new ArpAttribute[] { testAttribute },
1133                                 principal1,
1134                                 "shar.example.edu",
1135                                 url1);
1136
1137                 assertEquals(
1138                         "ARP application test 9: ARP not applied as expected.",
1139                         new HashSet(Arrays.asList(releaseAttributes)),
1140                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1141         }
1142
1143         /**
1144          * ARPs: A site ARP only
1145          * Target: Any
1146          * Attribute: Any value deny trumps explicit permit expanded representation
1147          */
1148         void arpApplicationTest10(ArpRepository repository, Properties props, DOMParser parser)
1149                 throws Exception {
1150
1151                 //Gather the Input
1152                 String rawArp =
1153                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1154                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1155                                 + "                     <Rule>"
1156                                 + "                             <Target>"
1157                                 + "                                     <AnyTarget/>"
1158                                 + "                             </Target>"
1159                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1160                                 + "                                     <AnyValue release=\"deny\"/>"
1161                                 + "                             </Attribute>"
1162                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1163                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1164                                 + "                             </Attribute>"
1165                                 + "                     </Rule>"
1166                                 + "     </AttributeReleasePolicy>";
1167
1168                 Principal principal1 = new AAPrincipal("TestPrincipal");
1169                 URL url1 = new URL("http://www.example.edu/");
1170                 TestAttribute testAttribute =
1171                         new TestAttribute(
1172                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1173                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1174
1175                 //Setup the engine
1176                 parser.parse(new InputSource(new StringReader(rawArp)));
1177                 Arp siteArp = new Arp();
1178                 siteArp.marshall(parser.getDocument().getDocumentElement());
1179                 repository.update(siteArp);
1180                 ArpEngine engine = new ArpEngine(repository, props);
1181
1182                 //Apply the ARP
1183                 ArpAttribute[] releaseAttributes =
1184                         engine.filterAttributes(
1185                                 new ArpAttribute[] { testAttribute },
1186                                 principal1,
1187                                 "shar.example.edu",
1188                                 url1);
1189
1190                 assertEquals(
1191                         "ARP application test 10: ARP not applied as expected.",
1192                         new HashSet(Arrays.asList(releaseAttributes)),
1193                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1194         }
1195
1196         /**
1197          * ARPs: A site ARP only
1198          * Target: Any
1199          * Attribute: Any value deny trumps explicit permit canonical representation
1200          */
1201         void arpApplicationTest11(ArpRepository repository, Properties props, DOMParser parser)
1202                 throws Exception {
1203
1204                 //Gather the Input
1205                 String rawArp =
1206                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1207                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1208                                 + "                     <Rule>"
1209                                 + "                             <Target>"
1210                                 + "                                     <AnyTarget/>"
1211                                 + "                             </Target>"
1212                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1213                                 + "                                     <AnyValue release=\"deny\"/>"
1214                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1215                                 + "                             </Attribute>"
1216                                 + "                     </Rule>"
1217                                 + "     </AttributeReleasePolicy>";
1218
1219                 Principal principal1 = new AAPrincipal("TestPrincipal");
1220                 URL url1 = new URL("http://www.example.edu/");
1221                 TestAttribute testAttribute =
1222                         new TestAttribute(
1223                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1224                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1225
1226                 //Setup the engine
1227                 parser.parse(new InputSource(new StringReader(rawArp)));
1228                 Arp siteArp = new Arp();
1229                 siteArp.marshall(parser.getDocument().getDocumentElement());
1230                 repository.update(siteArp);
1231                 ArpEngine engine = new ArpEngine(repository, props);
1232
1233                 //Apply the ARP
1234                 ArpAttribute[] releaseAttributes =
1235                         engine.filterAttributes(
1236                                 new ArpAttribute[] { testAttribute },
1237                                 principal1,
1238                                 "shar.example.edu",
1239                                 url1);
1240
1241                 assertEquals(
1242                         "ARP application test 11: ARP not applied as expected.",
1243                         new HashSet(Arrays.asList(releaseAttributes)),
1244                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1245         }
1246
1247         /**
1248          * ARPs: A site ARP only
1249          * Target: Specific shar, Any Resource
1250          * Attribute: Any value release
1251          */
1252         void arpApplicationTest12(ArpRepository repository, Properties props, DOMParser parser)
1253                 throws Exception {
1254
1255                 //Gather the Input
1256                 String rawArp =
1257                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1258                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1259                                 + "                     <Rule>"
1260                                 + "                             <Target>"
1261                                 + "                                     <Requester>shar.example.edu</Requester>"
1262                                 + "                                     <AnyResource />"
1263                                 + "                             </Target>"
1264                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1265                                 + "                                     <AnyValue release=\"permit\"/>"
1266                                 + "                             </Attribute>"
1267                                 + "                     </Rule>"
1268                                 + "     </AttributeReleasePolicy>";
1269
1270                 Principal principal1 = new AAPrincipal("TestPrincipal");
1271                 URL url1 = new URL("http://www.example.edu/");
1272                 TestAttribute testAttribute =
1273                         new TestAttribute(
1274                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1275                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1276
1277                 //Setup the engine
1278                 parser.parse(new InputSource(new StringReader(rawArp)));
1279                 Arp siteArp = new Arp();
1280                 siteArp.marshall(parser.getDocument().getDocumentElement());
1281                 repository.update(siteArp);
1282                 ArpEngine engine = new ArpEngine(repository, props);
1283
1284                 //Apply the ARP
1285                 ArpAttribute[] releaseAttributes =
1286                         engine.filterAttributes(
1287                                 new ArpAttribute[] { testAttribute },
1288                                 principal1,
1289                                 "shar.example.edu",
1290                                 url1);
1291
1292                 assertEquals(
1293                         "ARP application test 12: ARP not applied as expected.",
1294                         new HashSet(Arrays.asList(releaseAttributes)),
1295                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1296         }
1297
1298         /**
1299          * ARPs: A site ARP only
1300          * Target: Specific shar, Any Resource (another example)
1301          * Attribute: Any value release
1302          */
1303         void arpApplicationTest13(ArpRepository repository, Properties props, DOMParser parser)
1304                 throws Exception {
1305
1306                 //Gather the Input
1307                 String rawArp =
1308                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1309                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1310                                 + "                     <Rule>"
1311                                 + "                             <Target>"
1312                                 + "                                     <Requester>shar.example.edu</Requester>"
1313                                 + "                                     <AnyResource />"
1314                                 + "                             </Target>"
1315                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1316                                 + "                                     <AnyValue release=\"permit\"/>"
1317                                 + "                             </Attribute>"
1318                                 + "                     </Rule>"
1319                                 + "     </AttributeReleasePolicy>";
1320
1321                 Principal principal1 = new AAPrincipal("TestPrincipal");
1322                 URL url1 = new URL("https://foo.com/");
1323                 TestAttribute testAttribute =
1324                         new TestAttribute(
1325                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1326                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1327
1328                 //Setup the engine
1329                 parser.parse(new InputSource(new StringReader(rawArp)));
1330                 Arp siteArp = new Arp();
1331                 siteArp.marshall(parser.getDocument().getDocumentElement());
1332                 repository.update(siteArp);
1333                 ArpEngine engine = new ArpEngine(repository, props);
1334
1335                 //Apply the ARP
1336                 ArpAttribute[] releaseAttributes =
1337                         engine.filterAttributes(
1338                                 new ArpAttribute[] { testAttribute },
1339                                 principal1,
1340                                 "shar.example.edu",
1341                                 url1);
1342
1343                 assertEquals(
1344                         "ARP application test 13: ARP not applied as expected.",
1345                         new HashSet(Arrays.asList(releaseAttributes)),
1346                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1347         }
1348
1349         /**
1350          * ARPs: A site ARP only
1351          * Target: Specific shar (no match), Any Resource
1352          * Attribute: Any value release
1353          */
1354         void arpApplicationTest14(ArpRepository repository, Properties props, DOMParser parser)
1355                 throws Exception {
1356
1357                 //Gather the Input
1358                 String rawArp =
1359                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1360                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1361                                 + "                     <Rule>"
1362                                 + "                             <Target>"
1363                                 + "                                     <Requester>shar.example.edu</Requester>"
1364                                 + "                                     <AnyResource />"
1365                                 + "                             </Target>"
1366                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1367                                 + "                                     <AnyValue release=\"permit\"/>"
1368                                 + "                             </Attribute>"
1369                                 + "                     </Rule>"
1370                                 + "     </AttributeReleasePolicy>";
1371
1372                 Principal principal1 = new AAPrincipal("TestPrincipal");
1373                 URL url1 = new URL("http://www.example.edu/");
1374                 TestAttribute testAttribute =
1375                         new TestAttribute(
1376                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1377                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1378
1379                 //Setup the engine
1380                 parser.parse(new InputSource(new StringReader(rawArp)));
1381                 Arp siteArp = new Arp();
1382                 siteArp.marshall(parser.getDocument().getDocumentElement());
1383                 repository.update(siteArp);
1384                 ArpEngine engine = new ArpEngine(repository, props);
1385
1386                 //Apply the ARP
1387                 ArpAttribute[] releaseAttributes =
1388                         engine.filterAttributes(
1389                                 new ArpAttribute[] { testAttribute },
1390                                 principal1,
1391                                 "www.example.edu",
1392                                 url1);
1393
1394                 assertEquals(
1395                         "ARP application test 14: ARP not applied as expected.",
1396                         new HashSet(Arrays.asList(releaseAttributes)),
1397                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1398         }
1399
1400         /**
1401          * ARPs: A site ARP only
1402          * Target: Specific shar, Specific resource
1403          * Attribute: Any value release
1404          */
1405         void arpApplicationTest15(ArpRepository repository, Properties props, DOMParser parser)
1406                 throws Exception {
1407
1408                 //Gather the Input
1409                 String rawArp =
1410                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1411                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1412                                 + "                     <Rule>"
1413                                 + "                             <Target>"
1414                                 + "                                     <Requester>shar.example.edu</Requester>"
1415                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1416                                 + "                             </Target>"
1417                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1418                                 + "                                     <AnyValue release=\"permit\"/>"
1419                                 + "                             </Attribute>"
1420                                 + "                     </Rule>"
1421                                 + "     </AttributeReleasePolicy>";
1422
1423                 Principal principal1 = new AAPrincipal("TestPrincipal");
1424                 URL url1 = new URL("http://www.example.edu/index.html");
1425                 TestAttribute testAttribute =
1426                         new TestAttribute(
1427                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1428                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1429
1430                 //Setup the engine
1431                 parser.parse(new InputSource(new StringReader(rawArp)));
1432                 Arp siteArp = new Arp();
1433                 siteArp.marshall(parser.getDocument().getDocumentElement());
1434                 repository.update(siteArp);
1435                 ArpEngine engine = new ArpEngine(repository, props);
1436
1437                 //Apply the ARP
1438                 ArpAttribute[] releaseAttributes =
1439                         engine.filterAttributes(
1440                                 new ArpAttribute[] { testAttribute },
1441                                 principal1,
1442                                 "shar.example.edu",
1443                                 url1);
1444
1445                 assertEquals(
1446                         "ARP application test 15: ARP not applied as expected.",
1447                         new HashSet(Arrays.asList(releaseAttributes)),
1448                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1449         }
1450
1451         /**
1452          * ARPs: A site ARP only
1453          * Target: Specific shar, Specific resource (no match)
1454          * Attribute: Any value release
1455          */
1456         void arpApplicationTest16(ArpRepository repository, Properties props, DOMParser parser)
1457                 throws Exception {
1458
1459                 //Gather the Input
1460                 String rawArp =
1461                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1462                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1463                                 + "                     <Rule>"
1464                                 + "                             <Target>"
1465                                 + "                                     <Requester>shar.example.edu</Requester>"
1466                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1467                                 + "                             </Target>"
1468                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1469                                 + "                                     <AnyValue release=\"permit\"/>"
1470                                 + "                             </Attribute>"
1471                                 + "                     </Rule>"
1472                                 + "     </AttributeReleasePolicy>";
1473
1474                 Principal principal1 = new AAPrincipal("TestPrincipal");
1475                 URL url1 = new URL("https://www.example.edu/index.html");
1476                 TestAttribute testAttribute =
1477                         new TestAttribute(
1478                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1479                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1480
1481                 //Setup the engine
1482                 parser.parse(new InputSource(new StringReader(rawArp)));
1483                 Arp siteArp = new Arp();
1484                 siteArp.marshall(parser.getDocument().getDocumentElement());
1485                 repository.update(siteArp);
1486                 ArpEngine engine = new ArpEngine(repository, props);
1487
1488                 //Apply the ARP
1489                 ArpAttribute[] releaseAttributes =
1490                         engine.filterAttributes(
1491                                 new ArpAttribute[] { testAttribute },
1492                                 principal1,
1493                                 "shar.example.edu",
1494                                 url1);
1495
1496                 assertEquals(
1497                         "ARP application test 16: ARP not applied as expected.",
1498                         new HashSet(Arrays.asList(releaseAttributes)),
1499                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1500         }
1501
1502         /**
1503          * ARPs: A site ARP only
1504          * Target: Multiple matching rules
1505          * Attribute: various
1506          */
1507         void arpApplicationTest17(ArpRepository repository, Properties props, DOMParser parser)
1508                 throws Exception {
1509
1510                 //Gather the Input
1511                 String rawArp =
1512                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1513                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1514                                 + "                     <Rule>"
1515                                 + "                             <Target>"
1516                                 + "                                     <AnyTarget />"
1517                                 + "                             </Target>"
1518                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1519                                 + "                                     <AnyValue release=\"permit\"/>"
1520                                 + "                             </Attribute>"
1521                                 + "                     </Rule>"
1522                                 + "                     <Rule>"
1523                                 + "                             <Target>"
1524                                 + "                                     <Requester>shar1.example.edu</Requester>"
1525                                 + "                                     <AnyResource />"
1526                                 + "                             </Target>"
1527                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1528                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1529                                 + "                             </Attribute>"
1530                                 + "                     </Rule>"
1531                                 + "                     <Rule>"
1532                                 + "                             <Target>"
1533                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1534                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1535                                 + "                             </Target>"
1536                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1537                                 + "                                     <AnyValue release=\"permit\"/>"
1538                                 + "                             </Attribute>"
1539                                 + "                     </Rule>"
1540                                 + "     </AttributeReleasePolicy>";
1541
1542                 Principal principal1 = new AAPrincipal("TestPrincipal");
1543                 URL url1 = new URL("https://www.example.edu/index.html");
1544                 TestAttribute testAttribute1 =
1545                         new TestAttribute(
1546                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1547                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1548                 TestAttribute testAttribute2 =
1549                         new TestAttribute(
1550                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1551                                 new Object[] { "wassa@columbia.edu" });
1552                 TestAttribute filteredAttribute1 =
1553                         new TestAttribute(
1554                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1555                                 new Object[] { "member@example.edu" });
1556
1557                 //Setup the engine
1558                 parser.parse(new InputSource(new StringReader(rawArp)));
1559                 Arp siteArp = new Arp();
1560                 siteArp.marshall(parser.getDocument().getDocumentElement());
1561                 repository.update(siteArp);
1562                 ArpEngine engine = new ArpEngine(repository, props);
1563
1564                 //Apply the ARP
1565                 ArpAttribute[] releaseAttributes =
1566                         engine.filterAttributes(
1567                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
1568                                 principal1,
1569                                 "shar1.example.edu",
1570                                 url1);
1571
1572                 assertEquals(
1573                         "ARP application test 17: ARP not applied as expected.",
1574                         new HashSet(Arrays.asList(releaseAttributes)),
1575                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute2, filteredAttribute1 })));
1576         }
1577
1578         /**
1579          * ARPs: A site ARP only
1580          * Target: Any
1581          * Attribute: Any value release of two attributes in one rule
1582          */
1583         void arpApplicationTest18(ArpRepository repository, Properties props, DOMParser parser)
1584                 throws Exception {
1585
1586                 //Gather the Input
1587                 String rawArp =
1588                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1589                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1590                                 + "                     <Rule>"
1591                                 + "                             <Target>"
1592                                 + "                                     <AnyTarget/>"
1593                                 + "                             </Target>"
1594                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1595                                 + "                                     <AnyValue release=\"permit\"/>"
1596                                 + "                             </Attribute>"
1597                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1598                                 + "                                     <AnyValue release=\"permit\"/>"
1599                                 + "                             </Attribute>"
1600                                 + "                     </Rule>"
1601                                 + "     </AttributeReleasePolicy>";
1602
1603                 Principal principal1 = new AAPrincipal("TestPrincipal");
1604                 URL url1 = new URL("http://www.example.edu/");
1605                 TestAttribute testAttribute1 =
1606                         new TestAttribute(
1607                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1608                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1609                 TestAttribute testAttribute2 =
1610                         new TestAttribute(
1611                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1612                                 new Object[] { "mehoehn@example.edu" });
1613
1614                 //Setup the engine
1615                 parser.parse(new InputSource(new StringReader(rawArp)));
1616                 Arp siteArp = new Arp();
1617                 siteArp.marshall(parser.getDocument().getDocumentElement());
1618                 repository.update(siteArp);
1619                 ArpEngine engine = new ArpEngine(repository, props);
1620
1621                 //Apply the ARP
1622                 ArpAttribute[] releaseAttributes =
1623                         engine.filterAttributes(
1624                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
1625                                 principal1,
1626                                 "shar.example.edu",
1627                                 url1);
1628
1629                 assertEquals(
1630                         "ARP application test 18: ARP not applied as expected.",
1631                         new HashSet(Arrays.asList(releaseAttributes)),
1632                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute1, testAttribute2 })));
1633         }
1634
1635         /**
1636          * ARPs: A user ARP only
1637          * Target: Any
1638          * Attribute: Any value release,
1639          */
1640         void arpApplicationTest19(ArpRepository repository, Properties props, DOMParser parser)
1641                 throws Exception {
1642
1643                 //Gather the Input
1644                 String rawArp =
1645                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1646                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1647                                 + "                     <Rule>"
1648                                 + "                             <Target>"
1649                                 + "                                     <AnyTarget/>"
1650                                 + "                             </Target>"
1651                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1652                                 + "                                     <AnyValue release=\"permit\"/>"
1653                                 + "                             </Attribute>"
1654                                 + "                     </Rule>"
1655                                 + "     </AttributeReleasePolicy>";
1656
1657                 Principal principal1 = new AAPrincipal("TestPrincipal");
1658                 URL url1 = new URL("http://www.example.edu/");
1659                 TestAttribute testAttribute =
1660                         new TestAttribute(
1661                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1662                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1663
1664                 //Setup the engine
1665                 parser.parse(new InputSource(new StringReader(rawArp)));
1666                 Arp userArp = new Arp();
1667                 userArp.setPrincipal(principal1);
1668                 userArp.marshall(parser.getDocument().getDocumentElement());
1669                 repository.update(userArp);
1670                 ArpEngine engine = new ArpEngine(repository, props);
1671
1672                 //Apply the ARP
1673                 ArpAttribute[] releaseAttributes =
1674                         engine.filterAttributes(
1675                                 new ArpAttribute[] { testAttribute },
1676                                 principal1,
1677                                 "shar.example.edu",
1678                                 url1);
1679
1680                 assertEquals(
1681                         "ARP application test 19: ARP not applied as expected.",
1682                         new HashSet(Arrays.asList(releaseAttributes)),
1683                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1684         }
1685
1686         /**
1687          * ARPs: A site ARP and user ARP
1688          * Target: various
1689          * Attribute: various combinations
1690          */
1691         void arpApplicationTest20(ArpRepository repository, Properties props, DOMParser parser)
1692                 throws Exception {
1693
1694                 //Gather the Input
1695                 String rawSiteArp =
1696                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1697                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1698                                 + "                     <Rule>"
1699                                 + "                             <Target>"
1700                                 + "                                     <AnyTarget/>"
1701                                 + "                             </Target>"
1702                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1703                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1704                                 + "                             </Attribute>"
1705                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1706                                 + "                                     <AnyValue release=\"permit\" />"
1707                                 + "                             </Attribute>"
1708                                 + "                     </Rule>"
1709                                 + "                     <Rule>"
1710                                 + "                             <Target>"
1711                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1712                                 + "                                     <AnyResource />"
1713                                 + "                             </Target>"
1714                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1715                                 + "                                     <AnyValue release=\"permit\"/>"
1716                                 + "                             </Attribute>"
1717                                 + "                     </Rule>"
1718                                 + "                     <Rule>"
1719                                 + "                             <Target>"
1720                                 + "                                     <Requester>www.example.edu</Requester>"
1721                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1722                                 + "                             </Target>"
1723                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1724                                 + "                                     <AnyValue release=\"permit\"/>"
1725                                 + "                             </Attribute>"
1726                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1727                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1728                                 + "                             </Attribute>"
1729                                 + "                     </Rule>"
1730                                 + "                     <Rule>"
1731                                 + "                             <Target>"
1732                                 + "                                     <Requester>www.external.com</Requester>"
1733                                 + "                                     <Resource>http://www.external.com/</Resource>"
1734                                 + "                             </Target>"
1735                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1736                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1737                                 + "                             </Attribute>"
1738                                 + "                     </Rule>"
1739                                 + "     </AttributeReleasePolicy>";
1740
1741                 String rawUserArp =
1742                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1743                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1744                                 + "                     <Rule>"
1745                                 + "                             <Target>"
1746                                 + "                                     <AnyTarget/>"
1747                                 + "                             </Target>"
1748                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1749                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1750                                 + "                             </Attribute>"
1751                                 + "                     </Rule>"
1752                                 + "                     <Rule>"
1753                                 + "                             <Target>"
1754                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1755                                 + "                                     <AnyResource />"
1756                                 + "                             </Target>"
1757                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1758                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1759                                 + "                             </Attribute>"
1760                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1761                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1762                                 + "                             </Attribute>"
1763                                 + "                     </Rule>"
1764                                 + "     </AttributeReleasePolicy>";
1765
1766                 Principal principal1 = new AAPrincipal("TestPrincipal");
1767                 URL url1 = new URL("http://www.example.edu/test/index.html");
1768
1769                 TestAttribute entitlementInput =
1770                         new TestAttribute(
1771                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1772                                 new Object[] {
1773                                         "urn:example:lovesIceCream",
1774                                         "urn:example:poorlyDressed",
1775                                         "urn:example:contract:113455",
1776                                         "urn:example:contract:4657483" });
1777
1778                 TestAttribute affiliationInput =
1779                         new TestAttribute(
1780                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1781                                 new Object[] {
1782                                         "member@example.edu",
1783                                         "faculty@example.edu",
1784                                         "employee@example.edu" });
1785
1786                 TestAttribute principalNameInput =
1787                         new TestAttribute(
1788                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1789                                 new Object[] { "wassa@example.edu" });
1790
1791                 TestAttribute preferredLanguageInput =
1792                         new TestAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" });
1793
1794                 TestAttribute entitlementOutput =
1795                         new TestAttribute(
1796                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1797                                 new Object[] { "urn:example:lovesIceCream", "urn:example:contract:4657483" });
1798
1799                 TestAttribute affiliationOutput =
1800                         new TestAttribute(
1801                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1802                                 new Object[] { "member@example.edu", "employee@example.edu" });
1803
1804                 //Add the site ARP
1805                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1806                 Arp siteArp = new Arp();
1807                 siteArp.marshall(parser.getDocument().getDocumentElement());
1808                 repository.update(siteArp);
1809
1810                 //Add the user ARP
1811                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1812                 Arp userArp = new Arp();
1813                 userArp.setPrincipal(principal1);
1814                 userArp.marshall(parser.getDocument().getDocumentElement());
1815                 repository.update(userArp);
1816
1817                 ArpEngine engine = new ArpEngine(repository, props);
1818
1819                 //Apply the ARP
1820                 ArpAttribute[] releaseAttributes =
1821                         engine.filterAttributes(
1822                                 new ArpAttribute[] {
1823                                         entitlementInput,
1824                                         affiliationInput,
1825                                         principalNameInput,
1826                                         preferredLanguageInput },
1827                                 principal1,
1828                                 "www.example.edu",
1829                                 url1);
1830
1831                 assertEquals(
1832                         "ARP application test 20: ARP not applied as expected.",
1833                         new HashSet(Arrays.asList(releaseAttributes)),
1834                         new HashSet(
1835                                 Arrays.asList(
1836                                         new ArpAttribute[] {
1837                                                 entitlementOutput,
1838                                                 affiliationOutput,
1839                                                 principalNameInput,
1840                                                 preferredLanguageInput })));
1841         }
1842
1843         /**
1844          * ARPs: A site ARP and user ARP
1845          * Target: various
1846          * Attribute: various combinations (same ARPs as 20, different requester)
1847          */
1848         void arpApplicationTest21(ArpRepository repository, Properties props, DOMParser parser)
1849                 throws Exception {
1850
1851                 //Gather the Input
1852                 String rawSiteArp =
1853                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1854                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1855                                 + "                     <Rule>"
1856                                 + "                             <Target>"
1857                                 + "                                     <AnyTarget/>"
1858                                 + "                             </Target>"
1859                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1860                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1861                                 + "                             </Attribute>"
1862                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1863                                 + "                                     <AnyValue release=\"permit\" />"
1864                                 + "                             </Attribute>"
1865                                 + "                     </Rule>"
1866                                 + "                     <Rule>"
1867                                 + "                             <Target>"
1868                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1869                                 + "                                     <AnyResource />"
1870                                 + "                             </Target>"
1871                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1872                                 + "                                     <AnyValue release=\"permit\"/>"
1873                                 + "                             </Attribute>"
1874                                 + "                     </Rule>"
1875                                 + "                     <Rule>"
1876                                 + "                             <Target>"
1877                                 + "                                     <Requester>www.example.edu</Requester>"
1878                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1879                                 + "                             </Target>"
1880                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1881                                 + "                                     <AnyValue release=\"permit\"/>"
1882                                 + "                             </Attribute>"
1883                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1884                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1885                                 + "                             </Attribute>"
1886                                 + "                     </Rule>"
1887                                 + "                     <Rule>"
1888                                 + "                             <Target>"
1889                                 + "                                     <Requester>www.external.com</Requester>"
1890                                 + "                                     <Resource>http://www.external.com/</Resource>"
1891                                 + "                             </Target>"
1892                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1893                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1894                                 + "                             </Attribute>"
1895                                 + "                     </Rule>"
1896                                 + "     </AttributeReleasePolicy>";
1897
1898                 String rawUserArp =
1899                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1900                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1901                                 + "                     <Rule>"
1902                                 + "                             <Target>"
1903                                 + "                                     <AnyTarget/>"
1904                                 + "                             </Target>"
1905                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1906                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1907                                 + "                             </Attribute>"
1908                                 + "                     </Rule>"
1909                                 + "                     <Rule>"
1910                                 + "                             <Target>"
1911                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1912                                 + "                                     <AnyResource />"
1913                                 + "                             </Target>"
1914                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1915                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1916                                 + "                             </Attribute>"
1917                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1918                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1919                                 + "                             </Attribute>"
1920                                 + "                     </Rule>"
1921                                 + "     </AttributeReleasePolicy>";
1922
1923                 Principal principal1 = new AAPrincipal("TestPrincipal");
1924                 URL url1 = new URL("http://www.external.com/");
1925
1926                 TestAttribute entitlementInput =
1927                         new TestAttribute(
1928                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1929                                 new Object[] {
1930                                         "urn:example:lovesIceCream",
1931                                         "urn:example:poorlyDressed",
1932                                         "urn:example:contract:113455",
1933                                         "urn:example:contract:4657483" });
1934
1935                 TestAttribute affiliationInput =
1936                         new TestAttribute(
1937                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1938                                 new Object[] {
1939                                         "member@example.edu",
1940                                         "faculty@example.edu",
1941                                         "employee@example.edu" });
1942
1943                 TestAttribute principalNameInput =
1944                         new TestAttribute(
1945                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1946                                 new Object[] { "wassa@example.edu" });
1947
1948                 TestAttribute preferredLanguageInput =
1949                         new TestAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" });
1950
1951                 TestAttribute entitlementOutput =
1952                         new TestAttribute(
1953                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1954                                 new Object[] { "urn:example:contract:113455" });
1955
1956                 TestAttribute affiliationOutput =
1957                         new TestAttribute(
1958                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1959                                 new Object[] { "member@example.edu" });
1960
1961                 //Add the site ARP
1962                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1963                 Arp siteArp = new Arp();
1964                 siteArp.marshall(parser.getDocument().getDocumentElement());
1965                 repository.update(siteArp);
1966
1967                 //Add the user ARP
1968                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1969                 Arp userArp = new Arp();
1970                 userArp.setPrincipal(principal1);
1971                 userArp.marshall(parser.getDocument().getDocumentElement());
1972                 repository.update(userArp);
1973
1974                 ArpEngine engine = new ArpEngine(repository, props);
1975
1976                 //Apply the ARP
1977                 ArpAttribute[] releaseAttributes =
1978                         engine.filterAttributes(
1979                                 new ArpAttribute[] {
1980                                         entitlementInput,
1981                                         affiliationInput,
1982                                         principalNameInput,
1983                                         preferredLanguageInput },
1984                                 principal1,
1985                                 "www.external.com",
1986                                 url1);
1987
1988                 assertEquals(
1989                         "ARP application test 21: ARP not applied as expected.",
1990                         new HashSet(Arrays.asList(releaseAttributes)),
1991                         new HashSet(
1992                                 Arrays.asList(
1993                                         new ArpAttribute[] {
1994                                                 entitlementOutput,
1995                                                 affiliationOutput,
1996                                                 preferredLanguageInput })));
1997         }
1998
1999         public class TestAttribute implements ArpAttribute {
2000                 private String name;
2001                 private Object[] values;
2002
2003                 public TestAttribute(String name, Object[] values) {
2004                         this.name = name;
2005                         this.values = values;
2006                 }
2007
2008                 /**
2009                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getName()
2010                  */
2011                 public String getName() {
2012                         return name;
2013                 }
2014
2015                 /**
2016                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getValues()
2017                  */
2018                 public Object[] getValues() {
2019                         return values;
2020                 }
2021
2022                 /**
2023                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#setValues(Object[])
2024                  */
2025                 public void setValues(Object[] values) {
2026                         this.values = values;
2027                 }
2028
2029                 /**
2030                  * @see java.lang.Object#equals(Object)
2031                  */
2032                 public boolean equals(Object object) {
2033                         if (!(object instanceof TestAttribute)) {
2034                                 return false;
2035                         }
2036                         return (new HashSet(Arrays.asList(values))).equals(
2037                                 new HashSet(Arrays.asList(((TestAttribute) object).getValues())));
2038                 }
2039
2040                 /**
2041                 * @see java.lang.Object#hashCode()
2042                 */
2043                 public int hashCode() {
2044                         int code = 0;
2045                         for (int i = 0; i < values.length; i++) {
2046                                 code += values[i].hashCode();
2047                         }
2048                         return name.hashCode() + code;
2049                 }
2050
2051         }
2052
2053 }