Added validating parser as a test fixture.
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.FileInputStream;
53 import java.io.FileNotFoundException;
54 import java.io.InputStream;
55 import java.io.StringReader;
56 import java.net.MalformedURLException;
57 import java.net.URI;
58 import java.net.URISyntaxException;
59 import java.net.URL;
60 import java.security.Principal;
61 import java.util.Arrays;
62 import java.util.HashSet;
63 import java.util.Properties;
64
65 import junit.framework.TestCase;
66
67 import org.apache.log4j.BasicConfigurator;
68 import org.apache.xerces.parsers.DOMParser;
69 import org.xml.sax.EntityResolver;
70 import org.xml.sax.ErrorHandler;
71 import org.xml.sax.InputSource;
72 import org.xml.sax.SAXException;
73 import org.xml.sax.SAXNotRecognizedException;
74 import org.xml.sax.SAXNotSupportedException;
75 import org.xml.sax.SAXParseException;
76
77 /**
78  * Validation suite for <code>Arp</code> processing.
79  * 
80  * @ author Walter Hoehn(wassa@columbia.edu)
81  */
82
83 public class ArpTests extends TestCase {
84
85         DOMParser parser = new DOMParser();
86
87         public ArpTests(String name) {
88                 super(name);
89                 BasicConfigurator.resetConfiguration();
90                 BasicConfigurator.configure();
91         }
92
93         public static void main(String[] args) {
94                 junit.textui.TestRunner.run(ArpTests.class);
95                 BasicConfigurator.configure();
96         }
97
98         /**
99          * @see junit.framework.TestCase#setUp()
100          */
101         protected void setUp() throws Exception {
102                 super.setUp();
103                 try {
104                         parser.setFeature("http://xml.org/sax/features/validation", true);
105                         parser.setFeature("http://apache.org/xml/features/validation/schema", true);
106                         parser.setEntityResolver(new EntityResolver() {
107                                 public InputSource resolveEntity(String publicId, String systemId)
108                                         throws SAXException {
109                                         InputStream stream;
110                                         try {
111                                                 stream = new FileInputStream("src/schemas/ARP.xsd");
112                                                 if (stream != null) {
113                                                         return new InputSource(stream);
114                                                 }
115                                                 throw new SAXException("Could not load entity: Null input stream");
116                                         } catch (FileNotFoundException e) {
117                                                 throw new SAXException("Could not load entity: " + e);
118                                         }
119                                 }
120                         });
121
122                         parser.setErrorHandler(new ErrorHandler() {
123                                 public void error(SAXParseException arg0) throws SAXException {
124                                         throw new SAXException("Error parsing xml file: " + arg0);
125                                 }
126                                 public void fatalError(SAXParseException arg0) throws SAXException {
127                                         throw new SAXException("Error parsing xml file: " + arg0);
128                                 }
129                                 public void warning(SAXParseException arg0) throws SAXException {
130                                         throw new SAXException("Error parsing xml file: " + arg0);
131                                 }
132                         });
133                 } catch (Exception e) {
134                         fail("Failed to setup xml parser: " + e);
135                 }
136
137         }
138
139         public void testArpMarshalling() {
140
141                 //Test ARP description
142                 try {
143                         InputStream inStream = new FileInputStream("test/arp1.xml");
144                         parser.parse(new InputSource(inStream));
145                         Arp arp1 = new Arp();
146                         arp1.marshall(parser.getDocument().getDocumentElement());
147                         assertEquals(
148                                 "ARP Description not marshalled properly",
149                                 arp1.getDescription(),
150                                 "Simplest possible ARP.");
151
152                         //Test Rule description
153                         assertEquals(
154                                 "ARP Rule Description not marshalled properly",
155                                 arp1.getAllRules()[0].getDescription(),
156                                 "Example Rule Description.");
157                 } catch (Exception e) {
158                         fail("Failed to marshall ARP: " + e);
159                 }
160
161                 //Test case where ARP description does not exist
162                 try {
163                         InputStream inStream = new FileInputStream("test/arp2.xml");
164                         parser.parse(new InputSource(inStream));
165                         Arp arp2 = new Arp();
166                         arp2.marshall(parser.getDocument().getDocumentElement());
167                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
168
169                         //Test case where ARP Rule description does not exist   
170                         assertNull(
171                                 "ARP Rule Description not marshalled properly",
172                                 arp2.getAllRules()[0].getDescription());
173                 } catch (Exception e) {
174                         fail("Failed to marshall ARP.");
175                 }
176
177         }
178
179         public void testMatchingFunctions() {
180
181                 try {
182
183                         /*
184                          * Test Arp Engine function retrieval
185                          */
186
187                         //Lookup a function that doesn't exist
188                         MatchFunction noFunction =
189                                 ArpEngine.lookupMatchFunction(
190                                         new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
191                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
192
193                         //Lookup some real functions
194                         MatchFunction exactSharFunction =
195                                 ArpEngine.lookupMatchFunction(
196                                         new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
197                         assertNotNull(
198                                 "ArpEngine did not properly load the Exact SHAR function.",
199                                 exactSharFunction);
200                         MatchFunction resourceTreeFunction =
201                                 ArpEngine.lookupMatchFunction(
202                                         new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
203                         assertNotNull(
204                                 "ArpEngine did not properly load the Resource Tree SHAR function.",
205                                 resourceTreeFunction);
206                         MatchFunction regexFunction =
207                                 ArpEngine.lookupMatchFunction(
208                                         new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
209                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
210
211                         /* 
212                          * Test the Exact SHAR function (requester)
213                          */
214
215                         assertTrue(
216                                 "Exact SHAR function: false negative",
217                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
218                         assertTrue(
219                                 "Exact SHAR function: false negative",
220                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
221                         assertTrue(
222                                 "Exact SHAR function: false negative",
223                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
224
225                         //Make sure we properly handle bad input
226                         try {
227                                 exactSharFunction.match(null, null);
228                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
229                         } catch (ArpException ie) {
230                                 //This is supposed to fail
231                         }
232
233                         /*
234                          * Test the Resource Tree function (resource)
235                          */
236
237                         URL requestURL1 = new URL("http://www.example.edu/test/");
238                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
239                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
240                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
241
242                         assertTrue(
243                                 "Resource Tree function: false negative",
244                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
245                         assertTrue(
246                                 "Resource Tree function: false positive",
247                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
248                         assertTrue(
249                                 "Resource Tree function: false negative",
250                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
251                         assertTrue(
252                                 "Resource Tree function: false positive",
253                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
254                         assertTrue(
255                                 "Resource Tree function: false negative",
256                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
257                         assertTrue(
258                                 "Resource Tree function: false negative",
259                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
260                         assertTrue(
261                                 "Resource Tree function: false negative",
262                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
263                         assertTrue(
264                                 "Resource Tree function: false positive",
265                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
266                         assertTrue(
267                                 "Resource Tree function: false negative",
268                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
269                         assertTrue(
270                                 "Resource Tree function: false negative",
271                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
272                         assertTrue(
273                                 "Resource Tree function: false negative",
274                                 resourceTreeFunction.match(
275                                         "http://www.example.edu/test2/index.html?test1=test1",
276                                         requestURL4));
277                         assertTrue(
278                                 "Resource Tree function: false positive",
279                                 !resourceTreeFunction.match(
280                                         "http://www.example.edu/test2/index.html?test1=test1",
281                                         requestURL3));
282
283                         //Make sure we properly handle bad input
284                         try {
285                                 resourceTreeFunction.match(null, null);
286                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
287                         } catch (ArpException ie) {
288                                 //This is supposed to fail
289                         }
290                         try {
291                                 resourceTreeFunction.match("Test", "Test");
292                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
293                         } catch (ArpException ie) {
294                                 //This is supposed to fail
295                         }
296
297                         /*
298                          * Test the Regex function (requester & resource)
299                          */
300
301                         //Try requester regexes
302                         assertTrue(
303                                 "Regex function: false negative",
304                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
305                         assertTrue(
306                                 "Regex function: false negative",
307                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
308                         assertTrue(
309                                 "Regex function: false negative",
310                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
311                         assertTrue(
312                                 "Regex function: false negative",
313                                 regexFunction.match(".*\\.edu", "shar.example.edu"));
314                         assertTrue(
315                                 "Regex function: false positive",
316                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
317                         assertTrue(
318                                 "Regex function: false positive",
319                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
320                         assertTrue(
321                                 "Regex function: false positive",
322                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
323
324                         //Try resource regexes
325                         assertTrue(
326                                 "Regex function: false negative",
327                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
328                         assertTrue(
329                                 "Regex function: false negative",
330                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
331                         assertTrue(
332                                 "Regex function: false negative",
333                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
334                         assertTrue(
335                                 "Regex function: false negative",
336                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
337                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
338                         assertTrue(
339                                 "Regex function: false positive",
340                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
341                         assertTrue(
342                                 "Regex function: false positive",
343                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
344
345                         //Make sure we properly handle bad input
346                         try {
347                                 regexFunction.match(null, null);
348                                 fail("Regex function seems to take improper input without throwing an exception.");
349                         } catch (ArpException ie) {
350                                 //This is supposed to fail
351                         }
352
353                 } catch (ArpException e) {
354                         fail("Encountered a problem loading match function: " + e);
355                 } catch (URISyntaxException e) {
356                         fail("Unable to create URI from test string.");
357                 } catch (MalformedURLException e) {
358                         fail("Couldn't create test URLs: " + e);
359                 }
360
361         }
362
363         public void testRepositories() {
364
365                 /*
366                  * Test the Factory
367                  */
368
369                 //Make sure we fail if no Repository is specified
370                 Properties props = new Properties();
371                 try {
372                         ArpRepositoryFactory.getInstance(props);
373                 } catch (ArpRepositoryException e) {
374                         //This is supposed to fail
375                 }
376
377                 // Make sure we can create an Arp Repository
378                 props.setProperty(
379                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
380                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
381                 ArpRepository repository = null;
382                 try {
383                         repository = ArpRepositoryFactory.getInstance(props);
384                 } catch (ArpRepositoryException e) {
385                         fail("Failed to create memory-based Arp Repository" + e);
386                 }
387                 assertNotNull(
388                         "Failed to create memory-based Arp Repository: Factory returned null.",
389                         repository);
390
391                 /*
392                  * Exercise the Memory Arp Repository
393                  */
394
395                 //Set/retrieve/remove a Site ARP
396                 Arp siteArp1 = new Arp();
397                 siteArp1.setDescription("Test Site Arp 1.");
398                 try {
399                         repository.update(siteArp1);
400                         assertEquals(
401                                 "Memory Repository does not store and retrieve Site ARPs properly.",
402                                 siteArp1,
403                                 repository.getSitePolicy());
404                         repository.remove(repository.getSitePolicy());
405                         assertNull(
406                                 "Memorty Repository does not properly delete Site ARPs.",
407                                 repository.getSitePolicy());
408                 } catch (ArpRepositoryException e) {
409                         fail("Error adding Site ARP to Memory Repository.");
410                 }
411
412                 //Set/retrieve/delete some user ARPs
413                 Arp userArp1 = new Arp();
414                 userArp1.setDescription("Broken User Arp 1.");
415                 try {
416                         repository.update(userArp1);
417                         assertTrue(
418                                 "Memory Repository does not store and retrieve User ARPs properly.",
419                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
420                 } catch (ArpRepositoryException e) {
421                         fail("Error adding User ARP to Memory Repository.");
422                 }
423
424                 Arp userArp2 = new Arp(new AAPrincipal("TestPrincipal"));
425                 userArp2.setDescription("Test User Arp 2.");
426                 try {
427                         repository.update(userArp2);
428                         assertEquals(
429                                 "Memory Repository does not store and retrieve User ARPs properly.",
430                                 userArp2,
431                                 repository.getUserPolicy(userArp2.getPrincipal()));
432                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
433                         assertNull(
434                                 "Memorty Repository does not properly delete User ARPs.",
435                                 repository.getUserPolicy(userArp2.getPrincipal()));
436                 } catch (ArpRepositoryException e) {
437                         fail("Error adding User ARP to Memory Repository.");
438                 }
439
440         }
441
442         public void testPossibleReleaseSetComputation() {
443                 Properties props = new Properties();
444                 props.setProperty(
445                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
446                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
447                 ArpRepository repository = null;
448                 try {
449                         repository = ArpRepositoryFactory.getInstance(props);
450                 } catch (ArpRepositoryException e) {
451                         fail("Failed to create memory-based Arp Repository" + e);
452                 }
453
454                 try {
455                         Principal principal1 = new AAPrincipal("TestPrincipal");
456                         URL url1 = new URL("http://www.example.edu/");
457                         URI[] list1 = { new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation")};
458                         URI[] list2 =
459                                 {
460                                         new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation"),
461                                         new URI("urn:mace:eduPerson:1.0:eduPersonPrincipalName")};
462                         URI[] list3 = new URI[0];
463
464                         //Test with just a site ARP
465                         InputStream inStream = new FileInputStream("test/arp1.xml");
466                         parser.parse(new InputSource(inStream));
467                         Arp arp1 = new Arp();
468                         arp1.marshall(parser.getDocument().getDocumentElement());
469                         repository.update(arp1);
470                         ArpEngine engine = new ArpEngine(repository, props);
471                         URI[] possibleAttributes =
472                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
473                         assertEquals(
474                                 "Incorrectly computed possible release set (1).",
475                                 new HashSet(Arrays.asList(possibleAttributes)),
476                                 new HashSet(Arrays.asList(list1)));
477
478                         //Test with site and user ARPs
479                         inStream = new FileInputStream("test/arp7.xml");
480                         parser.parse(new InputSource(inStream));
481                         Arp arp7 = new Arp();
482                         arp7.setPrincipal(principal1);
483                         arp7.marshall(parser.getDocument().getDocumentElement());
484                         repository.update(arp7);
485                         possibleAttributes =
486                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
487                         assertEquals(
488                                 "Incorrectly computed possible release set (2).",
489                                 new HashSet(Arrays.asList(possibleAttributes)),
490                                 new HashSet(Arrays.asList(list2)));
491
492                         //Ensure that explicit denies on any value are not in the release set
493                         inStream = new FileInputStream("test/arp6.xml");
494                         parser.parse(new InputSource(inStream));
495                         Arp arp6 = new Arp();
496                         arp6.setPrincipal(principal1);
497                         arp6.marshall(parser.getDocument().getDocumentElement());
498                         repository.update(arp6);
499                         possibleAttributes =
500                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
501                         assertEquals(
502                                 "Incorrectly computed possible release set (3).",
503                                 new HashSet(Arrays.asList(possibleAttributes)),
504                                 new HashSet(Arrays.asList(list3)));
505
506                 } catch (Exception e) {
507                         e.printStackTrace();
508                         fail("Failed to marshall ARP: " + e);
509                 }
510
511         }
512
513         public void testArpApplication() {
514
515                 //Setup a test ARP repository
516                 Properties props = new Properties();
517                 props.setProperty(
518                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
519                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
520                 ArpRepository repository = null;
521                 try {
522                         repository = ArpRepositoryFactory.getInstance(props);
523                 } catch (ArpRepositoryException e) {
524                         fail("Failed to create memory-based Arp Repository" + e);
525                 }
526
527                 try {
528
529                         arpApplicationTest1(repository, props, parser);
530                         arpApplicationTest2(repository, props, parser);
531                         arpApplicationTest3(repository, props, parser);
532                         arpApplicationTest4(repository, props, parser);
533                         arpApplicationTest5(repository, props, parser);
534                         arpApplicationTest6(repository, props, parser);
535                         arpApplicationTest7(repository, props, parser);
536                         arpApplicationTest8(repository, props, parser);
537                         arpApplicationTest9(repository, props, parser);
538                         arpApplicationTest10(repository, props, parser);
539                         arpApplicationTest11(repository, props, parser);
540                         arpApplicationTest12(repository, props, parser);
541                         arpApplicationTest13(repository, props, parser);
542                         arpApplicationTest14(repository, props, parser);
543                         arpApplicationTest15(repository, props, parser);
544                         arpApplicationTest16(repository, props, parser);
545                         arpApplicationTest17(repository, props, parser);
546                         arpApplicationTest18(repository, props, parser);
547                         arpApplicationTest19(repository, props, parser);
548                         arpApplicationTest20(repository, props, parser);
549                         arpApplicationTest21(repository, props, parser);
550
551                 } catch (Exception e) {
552                         e.printStackTrace();
553                         fail("Failed to apply filter to ARPs: " + e);
554                 }
555         }
556         /**
557          * ARPs: A site ARP only
558          * Target: Any
559          * Attribute: Any value release,
560          */
561         void arpApplicationTest1(ArpRepository repository, Properties props, DOMParser parser)
562                 throws Exception {
563
564                 //Gather the Input
565                 String rawArp =
566                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
567                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
568                                 + "                     <Rule>"
569                                 + "                             <Target>"
570                                 + "                                     <AnyTarget/>"
571                                 + "                             </Target>"
572                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
573                                 + "                                     <AnyValue release=\"permit\"/>"
574                                 + "                             </Attribute>"
575                                 + "                     </Rule>"
576                                 + "     </AttributeReleasePolicy>";
577
578                 Principal principal1 = new AAPrincipal("TestPrincipal");
579                 URL url1 = new URL("http://www.example.edu/");
580                 TestAttribute testAttribute =
581                         new TestAttribute(
582                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
583                                 new Object[] { "member@example.edu", "faculty@example.edu" });
584
585                 //Setup the engine
586                 parser.parse(new InputSource(new StringReader(rawArp)));
587                 Arp siteArp = new Arp();
588                 siteArp.marshall(parser.getDocument().getDocumentElement());
589                 repository.update(siteArp);
590                 ArpEngine engine = new ArpEngine(repository, props);
591
592                 //Apply the ARP
593                 ArpAttribute[] releaseAttributes =
594                         engine.filterAttributes(
595                                 new ArpAttribute[] { testAttribute },
596                                 principal1,
597                                 "shar.example.edu",
598                                 url1);
599
600                 assertEquals(
601                         "ARP application test 1: ARP not applied as expected.",
602                         new HashSet(Arrays.asList(releaseAttributes)),
603                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
604         }
605
606         /**
607          * ARPs: A site ARP only
608          * Target: Any
609          * Attribute: Any value release, implicit deny
610          */
611         void arpApplicationTest2(ArpRepository repository, Properties props, DOMParser parser)
612                 throws Exception {
613
614                 //Gather the Input
615                 String rawArp =
616                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
617                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
618                                 + "                     <Rule>"
619                                 + "                             <Target>"
620                                 + "                                     <AnyTarget/>"
621                                 + "                             </Target>"
622                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
623                                 + "                                     <AnyValue release=\"permit\"/>"
624                                 + "                             </Attribute>"
625                                 + "                     </Rule>"
626                                 + "     </AttributeReleasePolicy>";
627
628                 Principal principal1 = new AAPrincipal("TestPrincipal");
629                 URL url1 = new URL("http://www.example.edu/");
630                 TestAttribute testAttribute1 =
631                         new TestAttribute(
632                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
633                                 new Object[] { "member@example.edu", "faculty@example.edu" });
634                 TestAttribute testAttribute2 =
635                         new TestAttribute(
636                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
637                                 new Object[] { "mehoehn@example.edu" });
638
639                 //Setup the engine
640                 parser.parse(new InputSource(new StringReader(rawArp)));
641                 Arp siteArp = new Arp();
642                 siteArp.marshall(parser.getDocument().getDocumentElement());
643                 repository.update(siteArp);
644                 ArpEngine engine = new ArpEngine(repository, props);
645
646                 //Apply the ARP
647                 ArpAttribute[] releaseAttributes =
648                         engine.filterAttributes(
649                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
650                                 principal1,
651                                 "shar.example.edu",
652                                 url1);
653
654                 assertEquals(
655                         "ARP application test 2: ARP not applied as expected.",
656                         new HashSet(Arrays.asList(releaseAttributes)),
657                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute1 })));
658         }
659
660         /**
661          * ARPs: A site ARP only
662          * Target: Any
663          * Attribute: One value release
664          */
665         void arpApplicationTest3(ArpRepository repository, Properties props, DOMParser parser)
666                 throws Exception {
667
668                 //Gather the Input
669                 String rawArp =
670                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
671                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
672                                 + "                     <Rule>"
673                                 + "                             <Target>"
674                                 + "                                     <AnyTarget/>"
675                                 + "                             </Target>"
676                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
677                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
678                                 + "                             </Attribute>"
679                                 + "                     </Rule>"
680                                 + "     </AttributeReleasePolicy>";
681
682                 Principal principal1 = new AAPrincipal("TestPrincipal");
683                 URL url1 = new URL("http://www.example.edu/");
684                 TestAttribute testAttribute =
685                         new TestAttribute(
686                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
687                                 new Object[] { "member@example.edu", "faculty@example.edu" });
688                 TestAttribute filteredAttribute =
689                         new TestAttribute(
690                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
691                                 new Object[] { "member@example.edu" });
692
693                 //Setup the engine
694                 parser.parse(new InputSource(new StringReader(rawArp)));
695                 Arp siteArp = new Arp();
696                 siteArp.marshall(parser.getDocument().getDocumentElement());
697                 repository.update(siteArp);
698                 ArpEngine engine = new ArpEngine(repository, props);
699
700                 //Apply the ARP
701                 ArpAttribute[] releaseAttributes =
702                         engine.filterAttributes(
703                                 new ArpAttribute[] { testAttribute },
704                                 principal1,
705                                 "shar.example.edu",
706                                 url1);
707
708                 assertEquals(
709                         "ARP application test 3: ARP not applied as expected.",
710                         new HashSet(Arrays.asList(releaseAttributes)),
711                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
712         }
713
714         /**
715          * ARPs: A site ARP only
716          * Target: Any
717          * Attribute: Any value except one release, canonical representation
718          */
719         void arpApplicationTest4(ArpRepository repository, Properties props, DOMParser parser)
720                 throws Exception {
721
722                 //Gather the Input
723                 String rawArp =
724                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
725                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
726                                 + "                     <Rule>"
727                                 + "                             <Target>"
728                                 + "                                     <AnyTarget/>"
729                                 + "                             </Target>"
730                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
731                                 + "                                     <AnyValue release=\"permit\"/>"
732                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
733                                 + "                             </Attribute>"
734                                 + "                     </Rule>"
735                                 + "     </AttributeReleasePolicy>";
736
737                 Principal principal1 = new AAPrincipal("TestPrincipal");
738                 URL url1 = new URL("http://www.example.edu/");
739                 TestAttribute testAttribute =
740                         new TestAttribute(
741                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
742                                 new Object[] {
743                                         "member@example.edu",
744                                         "faculty@example.edu",
745                                         "employee@example.edu" });
746                 TestAttribute filteredAttribute =
747                         new TestAttribute(
748                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
749                                 new Object[] { "faculty@example.edu", "employee@example.edu" });
750
751                 //Setup the engine
752                 parser.parse(new InputSource(new StringReader(rawArp)));
753                 Arp siteArp = new Arp();
754                 siteArp.marshall(parser.getDocument().getDocumentElement());
755                 repository.update(siteArp);
756                 ArpEngine engine = new ArpEngine(repository, props);
757
758                 //Apply the ARP
759                 ArpAttribute[] releaseAttributes =
760                         engine.filterAttributes(
761                                 new ArpAttribute[] { testAttribute },
762                                 principal1,
763                                 "shar.example.edu",
764                                 url1);
765
766                 assertEquals(
767                         "ARP application test 4: ARP not applied as expected.",
768                         new HashSet(Arrays.asList(releaseAttributes)),
769                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
770         }
771
772         /**
773          * ARPs: A site ARP only
774          * Target: Any
775          * Attribute: Any value except one release, expanded representation
776          */
777         void arpApplicationTest5(ArpRepository repository, Properties props, DOMParser parser)
778                 throws Exception {
779
780                 //Gather the Input
781                 String rawArp =
782                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
783                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
784                                 + "                     <Rule>"
785                                 + "                             <Target>"
786                                 + "                                     <AnyTarget/>"
787                                 + "                             </Target>"
788                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
789                                 + "                                     <AnyValue release=\"permit\"/>"
790                                 + "                             </Attribute>"
791                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
792                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
793                                 + "                             </Attribute>"
794                                 + "                     </Rule>"
795                                 + "     </AttributeReleasePolicy>";
796
797                 Principal principal1 = new AAPrincipal("TestPrincipal");
798                 URL url1 = new URL("http://www.example.edu/");
799                 TestAttribute testAttribute =
800                         new TestAttribute(
801                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
802                                 new Object[] {
803                                         "member@example.edu",
804                                         "faculty@example.edu",
805                                         "employee@example.edu" });
806                 TestAttribute filteredAttribute =
807                         new TestAttribute(
808                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
809                                 new Object[] { "faculty@example.edu", "employee@example.edu" });
810
811                 //Setup the engine
812                 parser.parse(new InputSource(new StringReader(rawArp)));
813                 Arp siteArp = new Arp();
814                 siteArp.marshall(parser.getDocument().getDocumentElement());
815                 repository.update(siteArp);
816                 ArpEngine engine = new ArpEngine(repository, props);
817
818                 //Apply the ARP
819                 ArpAttribute[] releaseAttributes =
820                         engine.filterAttributes(
821                                 new ArpAttribute[] { testAttribute },
822                                 principal1,
823                                 "shar.example.edu",
824                                 url1);
825
826                 assertEquals(
827                         "ARP application test 5: ARP not applied as expected.",
828                         new HashSet(Arrays.asList(releaseAttributes)),
829                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
830         }
831
832         /**
833          * ARPs: A site ARP only
834          * Target: Any
835          * Attribute: Any value except two release, expanded representation
836          */
837         void arpApplicationTest6(ArpRepository repository, Properties props, DOMParser parser)
838                 throws Exception {
839
840                 //Gather the Input
841                 String rawArp =
842                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
843                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
844                                 + "                     <Rule>"
845                                 + "                             <Target>"
846                                 + "                                     <AnyTarget/>"
847                                 + "                             </Target>"
848                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
849                                 + "                                     <AnyValue release=\"permit\"/>"
850                                 + "                             </Attribute>"
851                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
852                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
853                                 + "                             </Attribute>"
854                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
855                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
856                                 + "                             </Attribute>"
857                                 + "                     </Rule>"
858                                 + "     </AttributeReleasePolicy>";
859
860                 Principal principal1 = new AAPrincipal("TestPrincipal");
861                 URL url1 = new URL("http://www.example.edu/");
862                 TestAttribute testAttribute =
863                         new TestAttribute(
864                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
865                                 new Object[] {
866                                         "member@example.edu",
867                                         "faculty@example.edu",
868                                         "employee@example.edu" });
869                 TestAttribute filteredAttribute =
870                         new TestAttribute(
871                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
872                                 new Object[] { "employee@example.edu" });
873
874                 //Setup the engine
875                 parser.parse(new InputSource(new StringReader(rawArp)));
876                 Arp siteArp = new Arp();
877                 siteArp.marshall(parser.getDocument().getDocumentElement());
878                 repository.update(siteArp);
879                 ArpEngine engine = new ArpEngine(repository, props);
880
881                 //Apply the ARP
882                 ArpAttribute[] releaseAttributes =
883                         engine.filterAttributes(
884                                 new ArpAttribute[] { testAttribute },
885                                 principal1,
886                                 "shar.example.edu",
887                                 url1);
888
889                 assertEquals(
890                         "ARP application test 6: ARP not applied as expected.",
891                         new HashSet(Arrays.asList(releaseAttributes)),
892                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
893         }
894
895         /**
896          * ARPs: A site ARP only
897          * Target: Any
898          * Attribute: Two value release, canonical representation
899          */
900         void arpApplicationTest7(ArpRepository repository, Properties props, DOMParser parser)
901                 throws Exception {
902
903                 //Gather the Input
904                 String rawArp =
905                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
906                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
907                                 + "                     <Rule>"
908                                 + "                             <Target>"
909                                 + "                                     <AnyTarget/>"
910                                 + "                             </Target>"
911                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
912                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
913                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
914                                 + "                             </Attribute>"
915                                 + "                     </Rule>"
916                                 + "     </AttributeReleasePolicy>";
917
918                 Principal principal1 = new AAPrincipal("TestPrincipal");
919                 URL url1 = new URL("http://www.example.edu/");
920                 TestAttribute testAttribute =
921                         new TestAttribute(
922                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
923                                 new Object[] {
924                                         "member@example.edu",
925                                         "faculty@example.edu",
926                                         "employee@example.edu" });
927                 TestAttribute filteredAttribute =
928                         new TestAttribute(
929                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
930                                 new Object[] { "member@example.edu", "faculty@example.edu" });
931
932                 //Setup the engine
933                 parser.parse(new InputSource(new StringReader(rawArp)));
934                 Arp siteArp = new Arp();
935                 siteArp.marshall(parser.getDocument().getDocumentElement());
936                 repository.update(siteArp);
937                 ArpEngine engine = new ArpEngine(repository, props);
938
939                 //Apply the ARP
940                 ArpAttribute[] releaseAttributes =
941                         engine.filterAttributes(
942                                 new ArpAttribute[] { testAttribute },
943                                 principal1,
944                                 "shar.example.edu",
945                                 url1);
946
947                 assertEquals(
948                         "ARP application test 3: ARP not applied as expected.",
949                         new HashSet(Arrays.asList(releaseAttributes)),
950                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
951         }
952
953         /**
954          * ARPs: A site ARP only
955          * Target: Any
956          * Attribute: Two value release, expanded representation
957          */
958         void arpApplicationTest8(ArpRepository repository, Properties props, DOMParser parser)
959                 throws Exception {
960
961                 //Gather the Input
962                 String rawArp =
963                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
964                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
965                                 + "                     <Rule>"
966                                 + "                             <Target>"
967                                 + "                                     <AnyTarget/>"
968                                 + "                             </Target>"
969                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
970                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
971                                 + "                             </Attribute>"
972                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
973                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
974                                 + "                             </Attribute>"
975                                 + "                     </Rule>"
976                                 + "     </AttributeReleasePolicy>";
977
978                 Principal principal1 = new AAPrincipal("TestPrincipal");
979                 URL url1 = new URL("http://www.example.edu/");
980                 TestAttribute testAttribute =
981                         new TestAttribute(
982                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
983                                 new Object[] {
984                                         "member@example.edu",
985                                         "faculty@example.edu",
986                                         "employee@example.edu" });
987                 TestAttribute filteredAttribute =
988                         new TestAttribute(
989                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
990                                 new Object[] { "member@example.edu", "faculty@example.edu" });
991
992                 //Setup the engine
993                 parser.parse(new InputSource(new StringReader(rawArp)));
994                 Arp siteArp = new Arp();
995                 siteArp.marshall(parser.getDocument().getDocumentElement());
996                 repository.update(siteArp);
997                 ArpEngine engine = new ArpEngine(repository, props);
998
999                 //Apply the ARP
1000                 ArpAttribute[] releaseAttributes =
1001                         engine.filterAttributes(
1002                                 new ArpAttribute[] { testAttribute },
1003                                 principal1,
1004                                 "shar.example.edu",
1005                                 url1);
1006
1007                 assertEquals(
1008                         "ARP application test 8: ARP not applied as expected.",
1009                         new HashSet(Arrays.asList(releaseAttributes)),
1010                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
1011         }
1012
1013         /**
1014          * ARPs: A site ARP only
1015          * Target: Any
1016          * Attribute: Any value deny
1017          */
1018         void arpApplicationTest9(ArpRepository repository, Properties props, DOMParser parser)
1019                 throws Exception {
1020
1021                 //Gather the Input
1022                 String rawArp =
1023                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1024                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1025                                 + "                     <Rule>"
1026                                 + "                             <Target>"
1027                                 + "                                     <AnyTarget/>"
1028                                 + "                             </Target>"
1029                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1030                                 + "                                     <AnyValue release=\"deny\"/>"
1031                                 + "                             </Attribute>"
1032                                 + "                     </Rule>"
1033                                 + "     </AttributeReleasePolicy>";
1034
1035                 Principal principal1 = new AAPrincipal("TestPrincipal");
1036                 URL url1 = new URL("http://www.example.edu/");
1037                 TestAttribute testAttribute =
1038                         new TestAttribute(
1039                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1040                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1041
1042                 //Setup the engine
1043                 parser.parse(new InputSource(new StringReader(rawArp)));
1044                 Arp siteArp = new Arp();
1045                 siteArp.marshall(parser.getDocument().getDocumentElement());
1046                 repository.update(siteArp);
1047                 ArpEngine engine = new ArpEngine(repository, props);
1048
1049                 //Apply the ARP
1050                 ArpAttribute[] releaseAttributes =
1051                         engine.filterAttributes(
1052                                 new ArpAttribute[] { testAttribute },
1053                                 principal1,
1054                                 "shar.example.edu",
1055                                 url1);
1056
1057                 assertEquals(
1058                         "ARP application test 9: ARP not applied as expected.",
1059                         new HashSet(Arrays.asList(releaseAttributes)),
1060                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1061         }
1062
1063         /**
1064          * ARPs: A site ARP only
1065          * Target: Any
1066          * Attribute: Any value deny trumps explicit permit expanded representation
1067          */
1068         void arpApplicationTest10(ArpRepository repository, Properties props, DOMParser parser)
1069                 throws Exception {
1070
1071                 //Gather the Input
1072                 String rawArp =
1073                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1074                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1075                                 + "                     <Rule>"
1076                                 + "                             <Target>"
1077                                 + "                                     <AnyTarget/>"
1078                                 + "                             </Target>"
1079                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1080                                 + "                                     <AnyValue release=\"deny\"/>"
1081                                 + "                             </Attribute>"
1082                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1083                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1084                                 + "                             </Attribute>"
1085                                 + "                     </Rule>"
1086                                 + "     </AttributeReleasePolicy>";
1087
1088                 Principal principal1 = new AAPrincipal("TestPrincipal");
1089                 URL url1 = new URL("http://www.example.edu/");
1090                 TestAttribute testAttribute =
1091                         new TestAttribute(
1092                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1093                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1094
1095                 //Setup the engine
1096                 parser.parse(new InputSource(new StringReader(rawArp)));
1097                 Arp siteArp = new Arp();
1098                 siteArp.marshall(parser.getDocument().getDocumentElement());
1099                 repository.update(siteArp);
1100                 ArpEngine engine = new ArpEngine(repository, props);
1101
1102                 //Apply the ARP
1103                 ArpAttribute[] releaseAttributes =
1104                         engine.filterAttributes(
1105                                 new ArpAttribute[] { testAttribute },
1106                                 principal1,
1107                                 "shar.example.edu",
1108                                 url1);
1109
1110                 assertEquals(
1111                         "ARP application test 10: ARP not applied as expected.",
1112                         new HashSet(Arrays.asList(releaseAttributes)),
1113                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1114         }
1115
1116         /**
1117          * ARPs: A site ARP only
1118          * Target: Any
1119          * Attribute: Any value deny trumps explicit permit canonical representation
1120          */
1121         void arpApplicationTest11(ArpRepository repository, Properties props, DOMParser parser)
1122                 throws Exception {
1123
1124                 //Gather the Input
1125                 String rawArp =
1126                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1127                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1128                                 + "                     <Rule>"
1129                                 + "                             <Target>"
1130                                 + "                                     <AnyTarget/>"
1131                                 + "                             </Target>"
1132                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1133                                 + "                                     <AnyValue release=\"deny\"/>"
1134                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1135                                 + "                             </Attribute>"
1136                                 + "                     </Rule>"
1137                                 + "     </AttributeReleasePolicy>";
1138
1139                 Principal principal1 = new AAPrincipal("TestPrincipal");
1140                 URL url1 = new URL("http://www.example.edu/");
1141                 TestAttribute testAttribute =
1142                         new TestAttribute(
1143                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1144                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1145
1146                 //Setup the engine
1147                 parser.parse(new InputSource(new StringReader(rawArp)));
1148                 Arp siteArp = new Arp();
1149                 siteArp.marshall(parser.getDocument().getDocumentElement());
1150                 repository.update(siteArp);
1151                 ArpEngine engine = new ArpEngine(repository, props);
1152
1153                 //Apply the ARP
1154                 ArpAttribute[] releaseAttributes =
1155                         engine.filterAttributes(
1156                                 new ArpAttribute[] { testAttribute },
1157                                 principal1,
1158                                 "shar.example.edu",
1159                                 url1);
1160
1161                 assertEquals(
1162                         "ARP application test 11: ARP not applied as expected.",
1163                         new HashSet(Arrays.asList(releaseAttributes)),
1164                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1165         }
1166
1167         /**
1168          * ARPs: A site ARP only
1169          * Target: Specific shar, Any Resource
1170          * Attribute: Any value release
1171          */
1172         void arpApplicationTest12(ArpRepository repository, Properties props, DOMParser parser)
1173                 throws Exception {
1174
1175                 //Gather the Input
1176                 String rawArp =
1177                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1178                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1179                                 + "                     <Rule>"
1180                                 + "                             <Target>"
1181                                 + "                                     <Requester>shar.example.edu</Requester>"
1182                                 + "                                     <AnyResource />"
1183                                 + "                             </Target>"
1184                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1185                                 + "                                     <AnyValue release=\"permit\"/>"
1186                                 + "                             </Attribute>"
1187                                 + "                     </Rule>"
1188                                 + "     </AttributeReleasePolicy>";
1189
1190                 Principal principal1 = new AAPrincipal("TestPrincipal");
1191                 URL url1 = new URL("http://www.example.edu/");
1192                 TestAttribute testAttribute =
1193                         new TestAttribute(
1194                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1195                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1196
1197                 //Setup the engine
1198                 parser.parse(new InputSource(new StringReader(rawArp)));
1199                 Arp siteArp = new Arp();
1200                 siteArp.marshall(parser.getDocument().getDocumentElement());
1201                 repository.update(siteArp);
1202                 ArpEngine engine = new ArpEngine(repository, props);
1203
1204                 //Apply the ARP
1205                 ArpAttribute[] releaseAttributes =
1206                         engine.filterAttributes(
1207                                 new ArpAttribute[] { testAttribute },
1208                                 principal1,
1209                                 "shar.example.edu",
1210                                 url1);
1211
1212                 assertEquals(
1213                         "ARP application test 12: ARP not applied as expected.",
1214                         new HashSet(Arrays.asList(releaseAttributes)),
1215                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1216         }
1217
1218         /**
1219          * ARPs: A site ARP only
1220          * Target: Specific shar, Any Resource (another example)
1221          * Attribute: Any value release
1222          */
1223         void arpApplicationTest13(ArpRepository repository, Properties props, DOMParser parser)
1224                 throws Exception {
1225
1226                 //Gather the Input
1227                 String rawArp =
1228                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1229                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1230                                 + "                     <Rule>"
1231                                 + "                             <Target>"
1232                                 + "                                     <Requester>shar.example.edu</Requester>"
1233                                 + "                                     <AnyResource />"
1234                                 + "                             </Target>"
1235                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1236                                 + "                                     <AnyValue release=\"permit\"/>"
1237                                 + "                             </Attribute>"
1238                                 + "                     </Rule>"
1239                                 + "     </AttributeReleasePolicy>";
1240
1241                 Principal principal1 = new AAPrincipal("TestPrincipal");
1242                 URL url1 = new URL("https://foo.com/");
1243                 TestAttribute testAttribute =
1244                         new TestAttribute(
1245                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1246                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1247
1248                 //Setup the engine
1249                 parser.parse(new InputSource(new StringReader(rawArp)));
1250                 Arp siteArp = new Arp();
1251                 siteArp.marshall(parser.getDocument().getDocumentElement());
1252                 repository.update(siteArp);
1253                 ArpEngine engine = new ArpEngine(repository, props);
1254
1255                 //Apply the ARP
1256                 ArpAttribute[] releaseAttributes =
1257                         engine.filterAttributes(
1258                                 new ArpAttribute[] { testAttribute },
1259                                 principal1,
1260                                 "shar.example.edu",
1261                                 url1);
1262
1263                 assertEquals(
1264                         "ARP application test 13: ARP not applied as expected.",
1265                         new HashSet(Arrays.asList(releaseAttributes)),
1266                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1267         }
1268
1269         /**
1270          * ARPs: A site ARP only
1271          * Target: Specific shar (no match), Any Resource
1272          * Attribute: Any value release
1273          */
1274         void arpApplicationTest14(ArpRepository repository, Properties props, DOMParser parser)
1275                 throws Exception {
1276
1277                 //Gather the Input
1278                 String rawArp =
1279                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1280                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1281                                 + "                     <Rule>"
1282                                 + "                             <Target>"
1283                                 + "                                     <Requester>shar.example.edu</Requester>"
1284                                 + "                                     <AnyResource />"
1285                                 + "                             </Target>"
1286                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1287                                 + "                                     <AnyValue release=\"permit\"/>"
1288                                 + "                             </Attribute>"
1289                                 + "                     </Rule>"
1290                                 + "     </AttributeReleasePolicy>";
1291
1292                 Principal principal1 = new AAPrincipal("TestPrincipal");
1293                 URL url1 = new URL("http://www.example.edu/");
1294                 TestAttribute testAttribute =
1295                         new TestAttribute(
1296                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1297                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1298
1299                 //Setup the engine
1300                 parser.parse(new InputSource(new StringReader(rawArp)));
1301                 Arp siteArp = new Arp();
1302                 siteArp.marshall(parser.getDocument().getDocumentElement());
1303                 repository.update(siteArp);
1304                 ArpEngine engine = new ArpEngine(repository, props);
1305
1306                 //Apply the ARP
1307                 ArpAttribute[] releaseAttributes =
1308                         engine.filterAttributes(
1309                                 new ArpAttribute[] { testAttribute },
1310                                 principal1,
1311                                 "www.example.edu",
1312                                 url1);
1313
1314                 assertEquals(
1315                         "ARP application test 14: ARP not applied as expected.",
1316                         new HashSet(Arrays.asList(releaseAttributes)),
1317                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1318         }
1319
1320         /**
1321          * ARPs: A site ARP only
1322          * Target: Specific shar, Specific resource
1323          * Attribute: Any value release
1324          */
1325         void arpApplicationTest15(ArpRepository repository, Properties props, DOMParser parser)
1326                 throws Exception {
1327
1328                 //Gather the Input
1329                 String rawArp =
1330                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1331                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1332                                 + "                     <Rule>"
1333                                 + "                             <Target>"
1334                                 + "                                     <Requester>shar.example.edu</Requester>"
1335                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1336                                 + "                             </Target>"
1337                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1338                                 + "                                     <AnyValue release=\"permit\"/>"
1339                                 + "                             </Attribute>"
1340                                 + "                     </Rule>"
1341                                 + "     </AttributeReleasePolicy>";
1342
1343                 Principal principal1 = new AAPrincipal("TestPrincipal");
1344                 URL url1 = new URL("http://www.example.edu/index.html");
1345                 TestAttribute testAttribute =
1346                         new TestAttribute(
1347                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1348                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1349
1350                 //Setup the engine
1351                 parser.parse(new InputSource(new StringReader(rawArp)));
1352                 Arp siteArp = new Arp();
1353                 siteArp.marshall(parser.getDocument().getDocumentElement());
1354                 repository.update(siteArp);
1355                 ArpEngine engine = new ArpEngine(repository, props);
1356
1357                 //Apply the ARP
1358                 ArpAttribute[] releaseAttributes =
1359                         engine.filterAttributes(
1360                                 new ArpAttribute[] { testAttribute },
1361                                 principal1,
1362                                 "shar.example.edu",
1363                                 url1);
1364
1365                 assertEquals(
1366                         "ARP application test 15: ARP not applied as expected.",
1367                         new HashSet(Arrays.asList(releaseAttributes)),
1368                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1369         }
1370
1371         /**
1372          * ARPs: A site ARP only
1373          * Target: Specific shar, Specific resource (no match)
1374          * Attribute: Any value release
1375          */
1376         void arpApplicationTest16(ArpRepository repository, Properties props, DOMParser parser)
1377                 throws Exception {
1378
1379                 //Gather the Input
1380                 String rawArp =
1381                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1382                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1383                                 + "                     <Rule>"
1384                                 + "                             <Target>"
1385                                 + "                                     <Requester>shar.example.edu</Requester>"
1386                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1387                                 + "                             </Target>"
1388                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1389                                 + "                                     <AnyValue release=\"permit\"/>"
1390                                 + "                             </Attribute>"
1391                                 + "                     </Rule>"
1392                                 + "     </AttributeReleasePolicy>";
1393
1394                 Principal principal1 = new AAPrincipal("TestPrincipal");
1395                 URL url1 = new URL("https://www.example.edu/index.html");
1396                 TestAttribute testAttribute =
1397                         new TestAttribute(
1398                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1399                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1400
1401                 //Setup the engine
1402                 parser.parse(new InputSource(new StringReader(rawArp)));
1403                 Arp siteArp = new Arp();
1404                 siteArp.marshall(parser.getDocument().getDocumentElement());
1405                 repository.update(siteArp);
1406                 ArpEngine engine = new ArpEngine(repository, props);
1407
1408                 //Apply the ARP
1409                 ArpAttribute[] releaseAttributes =
1410                         engine.filterAttributes(
1411                                 new ArpAttribute[] { testAttribute },
1412                                 principal1,
1413                                 "shar.example.edu",
1414                                 url1);
1415
1416                 assertEquals(
1417                         "ARP application test 16: ARP not applied as expected.",
1418                         new HashSet(Arrays.asList(releaseAttributes)),
1419                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1420         }
1421
1422         /**
1423          * ARPs: A site ARP only
1424          * Target: Multiple matching rules
1425          * Attribute: various
1426          */
1427         void arpApplicationTest17(ArpRepository repository, Properties props, DOMParser parser)
1428                 throws Exception {
1429
1430                 //Gather the Input
1431                 String rawArp =
1432                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1433                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1434                                 + "                     <Rule>"
1435                                 + "                             <Target>"
1436                                 + "                                     <AnyTarget />"
1437                                 + "                             </Target>"
1438                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1439                                 + "                                     <AnyValue release=\"permit\"/>"
1440                                 + "                             </Attribute>"
1441                                 + "                     </Rule>"
1442                                 + "                     <Rule>"
1443                                 + "                             <Target>"
1444                                 + "                                     <Requester>shar1.example.edu</Requester>"
1445                                 + "                                     <AnyResource />"
1446                                 + "                             </Target>"
1447                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1448                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1449                                 + "                             </Attribute>"
1450                                 + "                     </Rule>"
1451                                 + "                     <Rule>"
1452                                 + "                             <Target>"
1453                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1454                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1455                                 + "                             </Target>"
1456                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1457                                 + "                                     <AnyValue release=\"permit\"/>"
1458                                 + "                             </Attribute>"
1459                                 + "                     </Rule>"
1460                                 + "     </AttributeReleasePolicy>";
1461
1462                 Principal principal1 = new AAPrincipal("TestPrincipal");
1463                 URL url1 = new URL("https://www.example.edu/index.html");
1464                 TestAttribute testAttribute1 =
1465                         new TestAttribute(
1466                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1467                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1468                 TestAttribute testAttribute2 =
1469                         new TestAttribute(
1470                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1471                                 new Object[] { "wassa@columbia.edu" });
1472                 TestAttribute filteredAttribute1 =
1473                         new TestAttribute(
1474                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1475                                 new Object[] { "member@example.edu" });
1476
1477                 //Setup the engine
1478                 parser.parse(new InputSource(new StringReader(rawArp)));
1479                 Arp siteArp = new Arp();
1480                 siteArp.marshall(parser.getDocument().getDocumentElement());
1481                 repository.update(siteArp);
1482                 ArpEngine engine = new ArpEngine(repository, props);
1483
1484                 //Apply the ARP
1485                 ArpAttribute[] releaseAttributes =
1486                         engine.filterAttributes(
1487                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
1488                                 principal1,
1489                                 "shar1.example.edu",
1490                                 url1);
1491
1492                 assertEquals(
1493                         "ARP application test 17: ARP not applied as expected.",
1494                         new HashSet(Arrays.asList(releaseAttributes)),
1495                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute2, filteredAttribute1 })));
1496         }
1497
1498         /**
1499          * ARPs: A site ARP only
1500          * Target: Any
1501          * Attribute: Any value release of two attributes in one rule
1502          */
1503         void arpApplicationTest18(ArpRepository repository, Properties props, DOMParser parser)
1504                 throws Exception {
1505
1506                 //Gather the Input
1507                 String rawArp =
1508                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1509                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1510                                 + "                     <Rule>"
1511                                 + "                             <Target>"
1512                                 + "                                     <AnyTarget/>"
1513                                 + "                             </Target>"
1514                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1515                                 + "                                     <AnyValue release=\"permit\"/>"
1516                                 + "                             </Attribute>"
1517                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1518                                 + "                                     <AnyValue release=\"permit\"/>"
1519                                 + "                             </Attribute>"
1520                                 + "                     </Rule>"
1521                                 + "     </AttributeReleasePolicy>";
1522
1523                 Principal principal1 = new AAPrincipal("TestPrincipal");
1524                 URL url1 = new URL("http://www.example.edu/");
1525                 TestAttribute testAttribute1 =
1526                         new TestAttribute(
1527                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1528                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1529                 TestAttribute testAttribute2 =
1530                         new TestAttribute(
1531                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1532                                 new Object[] { "mehoehn@example.edu" });
1533
1534                 //Setup the engine
1535                 parser.parse(new InputSource(new StringReader(rawArp)));
1536                 Arp siteArp = new Arp();
1537                 siteArp.marshall(parser.getDocument().getDocumentElement());
1538                 repository.update(siteArp);
1539                 ArpEngine engine = new ArpEngine(repository, props);
1540
1541                 //Apply the ARP
1542                 ArpAttribute[] releaseAttributes =
1543                         engine.filterAttributes(
1544                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
1545                                 principal1,
1546                                 "shar.example.edu",
1547                                 url1);
1548
1549                 assertEquals(
1550                         "ARP application test 18: ARP not applied as expected.",
1551                         new HashSet(Arrays.asList(releaseAttributes)),
1552                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute1, testAttribute2 })));
1553         }
1554
1555         /**
1556          * ARPs: A user ARP only
1557          * Target: Any
1558          * Attribute: Any value release,
1559          */
1560         void arpApplicationTest19(ArpRepository repository, Properties props, DOMParser parser)
1561                 throws Exception {
1562
1563                 //Gather the Input
1564                 String rawArp =
1565                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1566                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1567                                 + "                     <Rule>"
1568                                 + "                             <Target>"
1569                                 + "                                     <AnyTarget/>"
1570                                 + "                             </Target>"
1571                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1572                                 + "                                     <AnyValue release=\"permit\"/>"
1573                                 + "                             </Attribute>"
1574                                 + "                     </Rule>"
1575                                 + "     </AttributeReleasePolicy>";
1576
1577                 Principal principal1 = new AAPrincipal("TestPrincipal");
1578                 URL url1 = new URL("http://www.example.edu/");
1579                 TestAttribute testAttribute =
1580                         new TestAttribute(
1581                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1582                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1583
1584                 //Setup the engine
1585                 parser.parse(new InputSource(new StringReader(rawArp)));
1586                 Arp userArp = new Arp();
1587                 userArp.setPrincipal(principal1);
1588                 userArp.marshall(parser.getDocument().getDocumentElement());
1589                 repository.update(userArp);
1590                 ArpEngine engine = new ArpEngine(repository, props);
1591
1592                 //Apply the ARP
1593                 ArpAttribute[] releaseAttributes =
1594                         engine.filterAttributes(
1595                                 new ArpAttribute[] { testAttribute },
1596                                 principal1,
1597                                 "shar.example.edu",
1598                                 url1);
1599
1600                 assertEquals(
1601                         "ARP application test 19: ARP not applied as expected.",
1602                         new HashSet(Arrays.asList(releaseAttributes)),
1603                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1604         }
1605
1606         /**
1607          * ARPs: A site ARP and user ARP
1608          * Target: various
1609          * Attribute: various combinations
1610          */
1611         void arpApplicationTest20(ArpRepository repository, Properties props, DOMParser parser)
1612                 throws Exception {
1613
1614                 //Gather the Input
1615                 String rawSiteArp =
1616                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1617                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1618                                 + "                     <Rule>"
1619                                 + "                             <Target>"
1620                                 + "                                     <AnyTarget/>"
1621                                 + "                             </Target>"
1622                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1623                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1624                                 + "                             </Attribute>"
1625                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1626                                 + "                                     <AnyValue release=\"permit\" />"
1627                                 + "                             </Attribute>"
1628                                 + "                     </Rule>"
1629                                 + "                     <Rule>"
1630                                 + "                             <Target>"
1631                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1632                                 + "                                     <AnyResource />"
1633                                 + "                             </Target>"
1634                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1635                                 + "                                     <AnyValue release=\"permit\"/>"
1636                                 + "                             </Attribute>"
1637                                 + "                     </Rule>"
1638                                 + "                     <Rule>"
1639                                 + "                             <Target>"
1640                                 + "                                     <Requester>www.example.edu</Requester>"
1641                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1642                                 + "                             </Target>"
1643                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1644                                 + "                                     <AnyValue release=\"permit\"/>"
1645                                 + "                             </Attribute>"
1646                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1647                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1648                                 + "                             </Attribute>"
1649                                 + "                     </Rule>"
1650                                 + "                     <Rule>"
1651                                 + "                             <Target>"
1652                                 + "                                     <Requester>www.external.com</Requester>"
1653                                 + "                                     <Resource>http://www.external.com/</Resource>"
1654                                 + "                             </Target>"
1655                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1656                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1657                                 + "                             </Attribute>"
1658                                 + "                     </Rule>"
1659                                 + "     </AttributeReleasePolicy>";
1660
1661                 String rawUserArp =
1662                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1663                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1664                                 + "                     <Rule>"
1665                                 + "                             <Target>"
1666                                 + "                                     <AnyTarget/>"
1667                                 + "                             </Target>"
1668                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1669                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1670                                 + "                             </Attribute>"
1671                                 + "                     </Rule>"
1672                                 + "                     <Rule>"
1673                                 + "                             <Target>"
1674                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1675                                 + "                                     <AnyResource />"
1676                                 + "                             </Target>"
1677                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1678                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1679                                 + "                             </Attribute>"
1680                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1681                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1682                                 + "                             </Attribute>"
1683                                 + "                     </Rule>"
1684                                 + "     </AttributeReleasePolicy>";
1685
1686                 Principal principal1 = new AAPrincipal("TestPrincipal");
1687                 URL url1 = new URL("http://www.example.edu/test/index.html");
1688
1689                 TestAttribute entitlementInput =
1690                         new TestAttribute(
1691                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1692                                 new Object[] {
1693                                         "urn:example:lovesIceCream",
1694                                         "urn:example:poorlyDressed",
1695                                         "urn:example:contract:113455",
1696                                         "urn:example:contract:4657483" });
1697
1698                 TestAttribute affiliationInput =
1699                         new TestAttribute(
1700                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1701                                 new Object[] {
1702                                         "member@example.edu",
1703                                         "faculty@example.edu",
1704                                         "employee@example.edu" });
1705
1706                 TestAttribute principalNameInput =
1707                         new TestAttribute(
1708                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1709                                 new Object[] { "wassa@example.edu" });
1710
1711                 TestAttribute preferredLanguageInput =
1712                         new TestAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" });
1713
1714                 TestAttribute entitlementOutput =
1715                         new TestAttribute(
1716                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1717                                 new Object[] { "urn:example:lovesIceCream", "urn:example:contract:4657483" });
1718
1719                 TestAttribute affiliationOutput =
1720                         new TestAttribute(
1721                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1722                                 new Object[] { "member@example.edu", "employee@example.edu" });
1723
1724                 //Add the site ARP
1725                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1726                 Arp siteArp = new Arp();
1727                 siteArp.marshall(parser.getDocument().getDocumentElement());
1728                 repository.update(siteArp);
1729
1730                 //Add the user ARP
1731                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1732                 Arp userArp = new Arp();
1733                 userArp.setPrincipal(principal1);
1734                 userArp.marshall(parser.getDocument().getDocumentElement());
1735                 repository.update(userArp);
1736
1737                 ArpEngine engine = new ArpEngine(repository, props);
1738
1739                 //Apply the ARP
1740                 ArpAttribute[] releaseAttributes =
1741                         engine.filterAttributes(
1742                                 new ArpAttribute[] {
1743                                         entitlementInput,
1744                                         affiliationInput,
1745                                         principalNameInput,
1746                                         preferredLanguageInput },
1747                                 principal1,
1748                                 "www.example.edu",
1749                                 url1);
1750
1751                 assertEquals(
1752                         "ARP application test 20: ARP not applied as expected.",
1753                         new HashSet(Arrays.asList(releaseAttributes)),
1754                         new HashSet(
1755                                 Arrays.asList(
1756                                         new ArpAttribute[] {
1757                                                 entitlementOutput,
1758                                                 affiliationOutput,
1759                                                 principalNameInput,
1760                                                 preferredLanguageInput })));
1761         }
1762
1763         /**
1764          * ARPs: A site ARP and user ARP
1765          * Target: various
1766          * Attribute: various combinations (same ARPs as 20, different requester)
1767          */
1768         void arpApplicationTest21(ArpRepository repository, Properties props, DOMParser parser)
1769                 throws Exception {
1770
1771                 //Gather the Input
1772                 String rawSiteArp =
1773                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1774                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1775                                 + "                     <Rule>"
1776                                 + "                             <Target>"
1777                                 + "                                     <AnyTarget/>"
1778                                 + "                             </Target>"
1779                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1780                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1781                                 + "                             </Attribute>"
1782                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1783                                 + "                                     <AnyValue release=\"permit\" />"
1784                                 + "                             </Attribute>"
1785                                 + "                     </Rule>"
1786                                 + "                     <Rule>"
1787                                 + "                             <Target>"
1788                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1789                                 + "                                     <AnyResource />"
1790                                 + "                             </Target>"
1791                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1792                                 + "                                     <AnyValue release=\"permit\"/>"
1793                                 + "                             </Attribute>"
1794                                 + "                     </Rule>"
1795                                 + "                     <Rule>"
1796                                 + "                             <Target>"
1797                                 + "                                     <Requester>www.example.edu</Requester>"
1798                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1799                                 + "                             </Target>"
1800                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1801                                 + "                                     <AnyValue release=\"permit\"/>"
1802                                 + "                             </Attribute>"
1803                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1804                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1805                                 + "                             </Attribute>"
1806                                 + "                     </Rule>"
1807                                 + "                     <Rule>"
1808                                 + "                             <Target>"
1809                                 + "                                     <Requester>www.external.com</Requester>"
1810                                 + "                                     <Resource>http://www.external.com/</Resource>"
1811                                 + "                             </Target>"
1812                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1813                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1814                                 + "                             </Attribute>"
1815                                 + "                     </Rule>"
1816                                 + "     </AttributeReleasePolicy>";
1817
1818                 String rawUserArp =
1819                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1820                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1821                                 + "                     <Rule>"
1822                                 + "                             <Target>"
1823                                 + "                                     <AnyTarget/>"
1824                                 + "                             </Target>"
1825                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1826                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1827                                 + "                             </Attribute>"
1828                                 + "                     </Rule>"
1829                                 + "                     <Rule>"
1830                                 + "                             <Target>"
1831                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1832                                 + "                                     <AnyResource />"
1833                                 + "                             </Target>"
1834                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1835                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1836                                 + "                             </Attribute>"
1837                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1838                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1839                                 + "                             </Attribute>"
1840                                 + "                     </Rule>"
1841                                 + "     </AttributeReleasePolicy>";
1842
1843                 Principal principal1 = new AAPrincipal("TestPrincipal");
1844                 URL url1 = new URL("http://www.external.com/");
1845
1846                 TestAttribute entitlementInput =
1847                         new TestAttribute(
1848                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1849                                 new Object[] {
1850                                         "urn:example:lovesIceCream",
1851                                         "urn:example:poorlyDressed",
1852                                         "urn:example:contract:113455",
1853                                         "urn:example:contract:4657483" });
1854
1855                 TestAttribute affiliationInput =
1856                         new TestAttribute(
1857                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1858                                 new Object[] {
1859                                         "member@example.edu",
1860                                         "faculty@example.edu",
1861                                         "employee@example.edu" });
1862
1863                 TestAttribute principalNameInput =
1864                         new TestAttribute(
1865                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1866                                 new Object[] { "wassa@example.edu" });
1867
1868                 TestAttribute preferredLanguageInput =
1869                         new TestAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" });
1870
1871                 TestAttribute entitlementOutput =
1872                         new TestAttribute(
1873                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1874                                 new Object[] { "urn:example:contract:113455" });
1875
1876                 TestAttribute affiliationOutput =
1877                         new TestAttribute(
1878                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1879                                 new Object[] { "member@example.edu" });
1880
1881                 //Add the site ARP
1882                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1883                 Arp siteArp = new Arp();
1884                 siteArp.marshall(parser.getDocument().getDocumentElement());
1885                 repository.update(siteArp);
1886
1887                 //Add the user ARP
1888                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1889                 Arp userArp = new Arp();
1890                 userArp.setPrincipal(principal1);
1891                 userArp.marshall(parser.getDocument().getDocumentElement());
1892                 repository.update(userArp);
1893
1894                 ArpEngine engine = new ArpEngine(repository, props);
1895
1896                 //Apply the ARP
1897                 ArpAttribute[] releaseAttributes =
1898                         engine.filterAttributes(
1899                                 new ArpAttribute[] {
1900                                         entitlementInput,
1901                                         affiliationInput,
1902                                         principalNameInput,
1903                                         preferredLanguageInput },
1904                                 principal1,
1905                                 "www.external.com",
1906                                 url1);
1907
1908                 assertEquals(
1909                         "ARP application test 21: ARP not applied as expected.",
1910                         new HashSet(Arrays.asList(releaseAttributes)),
1911                         new HashSet(
1912                                 Arrays.asList(
1913                                         new ArpAttribute[] {
1914                                                 entitlementOutput,
1915                                                 affiliationOutput,
1916                                                 preferredLanguageInput })));
1917         }
1918
1919         public class TestAttribute implements ArpAttribute {
1920                 private String name;
1921                 private Object[] values;
1922
1923                 public TestAttribute(String name, Object[] values) {
1924                         this.name = name;
1925                         this.values = values;
1926                 }
1927
1928                 /**
1929                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getName()
1930                  */
1931                 public String getName() {
1932                         return name;
1933                 }
1934
1935                 /**
1936                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getValues()
1937                  */
1938                 public Object[] getValues() {
1939                         return values;
1940                 }
1941
1942                 /**
1943                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#setValues(Object[])
1944                  */
1945                 public void setValues(Object[] values) {
1946                         this.values = values;
1947                 }
1948
1949                 /**
1950                  * @see java.lang.Object#equals(Object)
1951                  */
1952                 public boolean equals(Object object) {
1953                         if (!(object instanceof TestAttribute)) {
1954                                 return false;
1955                         }
1956                         return (new HashSet(Arrays.asList(values))).equals(
1957                                 new HashSet(Arrays.asList(((TestAttribute) object).getValues())));
1958                 }
1959
1960                 /**
1961                 * @see java.lang.Object#hashCode()
1962                 */
1963                 public int hashCode() {
1964                         int code = 0;
1965                         for (int i = 0; i < values.length; i++) {
1966                                 code += values[i].hashCode();
1967                         }
1968                         return name.hashCode() + code;
1969                 }
1970
1971         }
1972
1973 }